Cannot handle HTTP/2 responses

[C-Otto]

Curl seems to do HTTP/2 requests lately, which breaks the script. Adding --http1.1 to the curl calls helps, but this feels like a hack.

[bruncsak]

Thanks for reporting the problem!
I fixed the code, please let me know if you are still having problem to use a recent version of curl.

[C-Otto]

I didn't try your code, but I tried a similar fix. I think the response headers are all lowercase with HTTP/2, which the code does not expect. I'll check when I find the time.

[alexzorin]

Yes, on a relatively modern system where curl is linked against nghttp2, the script can't find location/replay-nonce when they are lower-cased, which is a MUST in HTTP/2 .

For example:

$ ./letsencrypt.sh register -a account.key -e [email protected]
register account
could not fetch new nonce
unhandled response while registering account

HTTP/2 400
server: nginx
date: Fri, 10 Jan 2020 21:42:50 GMT
content-type: application/problem+json
content-length: 114
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: 0002EOKsggTfccAWuMjEni91orI0qctSzED0Ncvy1TJ-iiQ

{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "No embedded JWK in JWS header",
  "status": 400
}

Other shell-based ACME clients made similar fixes a few months ago:

• dehydrated-io/dehydrated@e4e712c
• Peb acmesh-official/acme.sh#2126

[bruncsak]

Yes, on a relatively modern system where curl is linked against nghttp2, the script can't find location/replay-nonce when they are lower-cased, which is a MUST in HTTP/2 .

Thank you very much for testing the code. I believe that it is fixed now with the commit 8232b73.

[alexzorin]

Works for me.