"Key too large: 4104 > 4096" when registering account key with ACME server #149

New Issue

adam · 2025-12-29T00:25:54+01:00

adam commented

2025-12-29 00:25:54 +01:00

Originally created by @ixdy on GitHub (Sep 19, 2016).

While calling nfsn-setup.sh from https://github.com/nikjft/lets-nfsn.sh (which uses dehydrated):

Submodule path 'dehydrated': checked out '319852dc8cf167d8baeb0848b4998e86a02aa2d0'
 + Generating configuration...
 + Generating fallback configuration...
 + Installing hook script...
 + Generating domains.txt...
 + Performing initial run...
# INFO: Using main config file /home/private/lets-nfsn.sh/dehydrated/config
+ Generating account key...
+ Registering account key with ACME server...
  + ERROR: An error occurred while sending post-request to https://acme-v01.api.letsencrypt.org/acme/new-reg (Status 400)

Details:
{
  "type": "urn:acme:error:malformed",
  "detail": "Key too large: 4104 \u003e 4096",
  "status": 400
}



Error registering account key. See message above for more information.

Retrying doesn't help - the key is always 8 bytes too long.

Originally created by @ixdy on GitHub (Sep 19, 2016). While calling `nfsn-setup.sh` from https://github.com/nikjft/lets-nfsn.sh (which uses dehydrated): ``` Submodule path 'dehydrated': checked out '319852dc8cf167d8baeb0848b4998e86a02aa2d0' + Generating configuration... + Generating fallback configuration... + Installing hook script... + Generating domains.txt... + Performing initial run... # INFO: Using main config file /home/private/lets-nfsn.sh/dehydrated/config + Generating account key... + Registering account key with ACME server... + ERROR: An error occurred while sending post-request to https://acme-v01.api.letsencrypt.org/acme/new-reg (Status 400) Details: { "type": "urn:acme:error:malformed", "detail": "Key too large: 4104 \u003e 4096", "status": 400 } Error registering account key. See message above for more information. ``` Retrying doesn't help - the key is always 8 bytes too long.

adam added the bug label 2025-12-29 00:25:54 +01:00

adam closed this issue

2025-12-29 00:25:55 +01:00

adam commented

2025-12-29 00:25:55 +01:00

@ixdy commented on GitHub (Sep 19, 2016):

Reverting 319852dc8c fixed this.

@ixdy commented on GitHub (Sep 19, 2016): Reverting 319852dc8cf167d8baeb0848b4998e86a02aa2d0 fixed this.

adam commented

2025-12-29 00:25:55 +01:00

@lukas2511 commented on GitHub (Sep 20, 2016):

@ixdy Mh... weird... that change shouldn't really make it longer... if any it should be shorter... What OS are you running this on?

@lukas2511 commented on GitHub (Sep 20, 2016): @ixdy Mh... weird... that change shouldn't really make it longer... if any it should be shorter... What OS are you running this on?

adam commented

2025-12-29 00:26:00 +01:00

@ixdy commented on GitHub (Sep 20, 2016):

This is FreeBSD 10.3-RELEASE-p6.

@ixdy commented on GitHub (Sep 20, 2016): This is FreeBSD 10.3-RELEASE-p6.

adam commented

2025-12-29 00:26:01 +01:00

@vsatmydynipnet commented on GitHub (Sep 20, 2016):

Same error here: FreeBSD 10.3-RELEASE-p7.

@vsatmydynipnet commented on GitHub (Sep 20, 2016): Same error here: FreeBSD 10.3-RELEASE-p7.

adam commented

2025-12-29 00:26:02 +01:00

@bhagerty commented on GitHub (Sep 21, 2016):

Same error here, FreeBSD 10-3-RELEASE-p6. Any plan for solving this? What about reverting the change @ixdy pointed out?

@bhagerty commented on GitHub (Sep 21, 2016): Same error here, FreeBSD 10-3-RELEASE-p6. Any plan for solving this? What about reverting the change @ixdy pointed out?

adam commented

2025-12-29 00:26:02 +01:00

@rowanthorpe commented on GitHub (Sep 22, 2016):

I used the below code locally to keep the "trim leading nulls" logic in a more portable way (including FreeBSD's sed - which doesn't like \x00, or semicolons between commands, or branch-commands to not-yet-declared labels, for that matter). If you think this is not too ugly to use, let me know and I'll send it as a pull request. It requires od which seems to be effectively universally available, and with -t x1 to avoid any endianness issues.

urlbase64() {
    printf -- "$(od -t x1 -An -v | tr -d '\t\r\n ' | _sed -e 's/(^|0a)(00)+/\1/g' -e 's/(.{2})/\\x\1/g')" | \
        openssl base64 -e | tr -d '\r\n' | _sed -e 's:=*$::g' -e 'y:+/:-_:'
}

@rowanthorpe commented on GitHub (Sep 22, 2016): I used the below code locally to keep the "trim leading nulls" logic in a more portable way (including FreeBSD's sed - which doesn't like `\x00`, or semicolons between commands, or branch-commands to not-yet-declared labels, for that matter). If you think this is not too ugly to use, let me know and I'll send it as a pull request. It requires `od` which seems to be effectively universally available, and with `-t x1` to avoid any endianness issues. ``` urlbase64() { printf -- "$(od -t x1 -An -v | tr -d '\t\r\n ' | _sed -e 's/(^|0a)(00)+/\1/g' -e 's/(.{2})/\\x\1/g')" | \ openssl base64 -e | tr -d '\r\n' | _sed -e 's:=*$::g' -e 'y:+/:-_:' } ```

adam commented

2025-12-29 00:26:03 +01:00

@lukas2511 commented on GitHub (Jan 29, 2017):

Closing this ticket as this was solved by reverting the changes for #275.

@lukas2511 commented on GitHub (Jan 29, 2017): Closing this ticket as this was solved by reverting the changes for #275.

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/dehydrated#149