LetsEncrypt error 400 bad request

[justinms66]

Hi,

I am following these instructions to get SSL on my domain. I am on Centos6.3 x64, DA 1.61.5. After I do that, when i go to my directadmin -> "SSL Certificates" - > "Generate from Letsencrypt", i get an error (see attached image).

Trying to run the command in ssh for debugging also gives the same error (link). Is this the right command to debug?
./letsencrypt.sh request_single DOMAIN.com 4096

Not sure what else to try for Error 400 and "Malformed account ID in KeyID header" running this script.

 

[Richard G]

Is this the right command to debug?

I don't think so. That is to request an ssl certificate for your hostname.

You might want to update DA to the newest version first.

I presume you got letsencrypt=1 in your directadmin.conf file along with enable_ssl_sni=1 if all is well.
Try this first:

cd /usr/local/directadmin/custombuild
./build update
./build letsencrypt

Check the /usr/local/directadmin/scripts/letsencrypt.sh file that it's version #VERSION=2.0.27 or higher.
Then try again.

 

[Active8]

You might want to update DA to the newest version first.

And your Centos , as far I can see you are using 6.3 but the latest is Centos 6.10 + your DA version is old

 

[patrickkasie]

Maybe related, maybe not, but I have a similar (minor) issue. I get a 400 bad request error when trying to visit vps20.jk.nl:2222. https://vps20.jk.nl is where I'm expected to be redirected to, but that's not happening. I've already tried the commands in the screenshot below last week, hoping it'd be a timed thing.

Specs:
AlmaLinux 8.5
DirectAdmin 1.63.9
LetsEncrypt 2.0.30

 

[Richard G]

is where I'm expected to be redirected to

Seems you fixed it. If I visit I will be redirected to https://vps20.jk.nl:2222/ so that is good.
How did you fix it?

 

[patrickkasie]

Seems you fixed it. If I visit I will be redirected to https://vps20.jk.nl:2222/ so that is good.
How did you fix it?

I didn't. When explicitely removing the s from https, you'll get the 400 error. This is a minor inconvenience, but still something I'd like to see improved on my server. The tester I've used is https://httpstatus.io/

 

[Richard G]

Test with your own browser then. If I remove the S from https I won't get a 400 errror, tested with Firefox, Chrome and Edge.

The tester you used might not be able to work correctly with redirects. By the way, when I click that button on the testlink you gave. AVG immediately blocks for some malware issue. Probably false positive, but I just mention it.
And now I don't know how to remove that AVG block.

 

[patrickkasie]

Very interesting. Well, I guess it's a caching issue then. Apologies! Carry on with your day.

Also, interesting to know AVG gives out a warning. I've checked immediately with some other tools online; nothing

 

[Richard G]

Yeah AVG does do some fales positives lately on multiple sites. Just puzzling how I get it removed now because it's the free version and not the one with the firewall.

Glad to here your issue is indeed fixed.

 

[Richard G]

Got it removed. Now tested with the link you gave and that gives on my sites also the error 400. So this confirms the testing site can not handle the redirect.

 

[patrickkasie]

Got it removed. Now tested with the link you gave and that gives on my sites also the error 400. So this confirms the testing site can not handle the redirect.

Have you tried with your own websites too? jk.nl yields the following result for example

 

[Richard G]

Have you tried with your own websites too?

The test I did was with my own website yes.