Account registration error: {"type":"urn:ietf:params:acme:error:badSignatureAlgorithm","detail":"Signature of type ES256 not supported Try again with RS256."}

[bd-bord1]

Does anyone know how to fix this bug? Thank you.

[root@check-mk acme.sh]# ./acme.sh --issue --dns dns_nsupdate -d check-mk.acic-navan.com -d *.acic-navan.com --server https://ipa-ca.acic-navan.com/acme/directory --keylength 2048 -ak 2048
[Tue Sep 3 11:40:29 EDT 2024] Using CA: https://ipa-ca.acic-navan.com/acme/directory
[Tue Sep 3 11:40:30 EDT 2024] Registering account: https://ipa-ca.acic-navan.com/acme/directory
[Tue Sep 3 11:40:30 EDT 2024] Account registration error: {"type":"urn:ietf:params:acme:error:badSignatureAlgorithm","detail":"Signature of type ES256 not supported
Try again with RS256."}
[Tue Sep 3 11:40:30 EDT 2024] Please add '--debug' or '--log' to see more information.
[Tue Sep 3 11:40:30 EDT 2024] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh

Steps to reproduce

Debug log

acme.sh  --issue .....   --debug 2

[github-actions]

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.

[WhiteAls]

Which ACME server are you using? In my opinion, the issue you've described seems to be on the side of your ACME provider, as indicated in RFC8555.

An ACME server MUST implement the "ES256" signature algorithm [RFC7518] and SHOULD implement the "EdDSA" signature algorithm using the "Ed25519" variant (indicated by "crv") [RFC8037].

Based on the error message you're receiving, it could be related to this specific issue dogtagpki/pki#4638.

[bd-bord1]

Thanks everyone
I ran these 2 commands and it worked!!
Thanks a lot for your help!!

acme.sh --upgrade
./acme.sh --issue --dns dns_nsupdate -d check-mk.acic-navan.com --server https://ipa-ca.acic-navan.com/acme/directory -k 2048 --dnssleep 0 --accountkey account.key --debug 2