>Synopsis: acme-client won't work with buypass.com ECDSA domain keys
>Category: system sparc64
>Environment:
System : OpenBSD 6.8
Details : OpenBSD 6.8 (GENERIC) #477: Sun Oct 4 20:36:17 MDT
2020
[email protected]:
/usr/src/sys/arch/sparc64/compile/GENERIC
Architecture: OpenBSD.sparc64
Machine : sparc64
>Description:
When using an ecdsa domain key with buypass.com, acme-client
receives this error:
"Curve is not of type secp256r1 or prime256v1"
>How-To-Repeat:
With the following conf, the error below is shown:
------------------------------------------------------------------------
domain example.org {
alternative names { www.example.org }
domain key "/etc/ssl/private/example.org.key" ecdsa
domain full chain certificate "/etc/ssl/example.org.fullchain.pem"
sign with buypass
}
------------------------------------------------------------------------
server# acme-client -v example.org
acme-client: https://api.buypass.com/acme/directory: directories
acme-client: api.buypass.com: DNS: 185.62.162.162
acme-client:
https://api.buypass.com/acme/order/-VX9VLMpbD5HUKIR39u0bE4Dvk-U15VWUi9lO406Lxo/finalize:
certificate
acme-client:
https://api.buypass.com/acme/order/-VX9VLMpbD5HUKIR39u0bE4Dvk-U15VWUi9lO406Lxo/finalize:
bad HTTP: 400
acme-client: transfer buffer:
[{"type":"urn:ietf:params:acme:error:malformed","detail":"Curve is not of
type secp256r1 or
prime256v1","code":400,"message":"MALFORMED_BAD_REQUEST","details":"HTTP
400 Bad Request"}] (181 bytes)
acme-client: bad exit: netproc(9045): 1
------------------------------------------------------------------------
>Fix:
Unknown.
-EOF
