JWS verification error on client.revokeCertificate

[touzoku]

I am trying to revoke a certificate that was issued using client.auto() using client.revokeCertificate(), but it throws the following error:

Error: JWS verification error
    at AcmeApi.apiRequest (node_modules/.pnpm/[email protected]/node_modules/acme-client/src/api.js:56:19)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at async AcmeClient.revokeCertificate (node_modules/.pnpm/[email protected]/node_modules/acme-client/src/client.js:681:22)

The reproduction code is below (it is a staging certificate, no security issue posting it here):

import * as acme from 'acme-client'

const accountUrl =
  'https://acme-staging-v02.api.letsencrypt.org/acme/acct/59183794'
const certificate = `-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgITAPog0TD3lAcsQWrmy6prUar91TANBgkqhkiG9w0BAQsF
ADBZMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXKFNUQUdJTkcpIExldCdzIEVuY3J5
cHQxKDAmBgNVBAMTHyhTVEFHSU5HKSBBcnRpZmljaWFsIEFwcmljb3QgUjMwHhcN
MjIwNjMwMTE0NzA0WhcNMjIwOTI4MTE0NzAzWjAmMSQwIgYDVQQDExtjZXJ0LXRl
c3QuaW50ZXJuYWwuc3Z0di5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDPXwdEoHKGPhQmlK3yB3DeVjCn6r2XDyv/0bJpf83Qez3I4PYu5WUCz+tZ
hf/tz3FVW7IntcyIGxEZDKHFS2cO5D36zV8PixFBy7i02ioxaic2Kl/fVZ7GTPmX
jXO5pD3sRmyX6PN70r8TwBZAQ+rzM4BjR4PBEWTmBQe/oCln5fhr1Yj/vL3E/bVO
7CGBTP+0BoGQfDeY6nT0YIpYByDRu7VVYL1RVyLq7/wqDphzsw/uYDIxCbCAFOSG
zbo/7A1V6fw3y0G3s22YA+zxkNyBiznJTSo2e8hesdYUVNqgs0MMBvzefWmYogS9
N9RImGN+IUCYUygfeH//wMqzHZ6HAgMBAAGjggJeMIICWjAOBgNVHQ8BAf8EBAMC
BaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAw
HQYDVR0OBBYEFGOSCPl36dS1aexxbcguNJQeqz6eMB8GA1UdIwQYMBaAFN5yekjf
McOmUN+fhSPfVzdLXS5lMF0GCCsGAQUFBwEBBFEwTzAlBggrBgEFBQcwAYYZaHR0
cDovL3N0Zy1yMy5vLmxlbmNyLm9yZzAmBggrBgEFBQcwAoYaaHR0cDovL3N0Zy1y
My5pLmxlbmNyLm9yZy8wJgYDVR0RBB8wHYIbY2VydC10ZXN0LmludGVybmFsLnN2
dHYub3JnMEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYI
KwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBAYKKwYBBAHW
eQIEAgSB9QSB8gDwAHYAKHYaGJAn++880NYaAY12sFBXKcenQRvMvfYE9F1CYVMA
AAGBtKaUsgAABAMARzBFAiABNygKB8S9DXEMn8ZX29GbRm2/FtlZttjUK52a3j1J
QAIhAOvD9OzQLtT8VcgKExFXZ41xEku7jZqVKQIgIhoq+xy6AHYAsMyD5aX5fWuv
fAnMKEkEhyrH6IsTLGNQt8b9JuFsbHcAAAGBtKaUrQAABAMARzBFAiEAmGGv5Kyb
cyftxolYuQpg7/QLbKrx0dxlm8rWhGQXr5QCIFDNHxS3FnYr8ntgtHu5hxbcgfYA
utZXFPLJqsgRFzX9MA0GCSqGSIb3DQEBCwUAA4IBAQBS5ns4Ma4/u5+nfCQjKZmB
wWQ396Y0vWO4DaKuICVf7Vm+mNexxo4IT1aJ/XebyjiJDtQvoEQa/h0w83p/PoQS
ms7JwRNMCMAjSECbt9mtYjZ7rFQt5zFfbz406PaZOWkRsyTTWdboImpKpb6wsqMC
MnijSywozFidfEbwlGc4zKSVEM63/kOMPpXQFwovvpO0IKwTLzIpznUqLKTzAwLj
T8gcakqLhwypN33GwpGTkFdgte+kwnQHNGFRdIkyoxJMc3g+MZmSR9VxzJqNFPc0
WWwodfKziK7Nr6vtFcH1KoghVI6mc40p2Hz6eFNehZVMdlHzQ3dmE1FphVTBJZA/
-----END CERTIFICATE-----`

const keyPem = `-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAz18HRKByhj4UJpSt8gdw3lYwp+q9lw8r/9GyaX/N0Hs9yOD2
LuVlAs/rWYX/7c9xVVuyJ7XMiBsRGQyhxUtnDuQ9+s1fD4sRQcu4tNoqMWonNipf
31Wexkz5l41zuaQ97EZsl+jze9K/E8AWQEPq8zOAY0eDwRFk5gUHv6ApZ+X4a9WI
/7y9xP21TuwhgUz/tAaBkHw3mOp09GCKWAcg0bu1VWC9UVci6u/8Kg6Yc7MP7mAy
MQmwgBTkhs26P+wNVen8N8tBt7NtmAPs8ZDcgYs5yU0qNnvIXrHWFFTaoLNDDAb8
3n1pmKIEvTfUSJhjfiFAmFMoH3h//8DKsx2ehwIDAQABAoIBAQCbADLUjwFLajdx
pwxlrj4lUlNID+Pqd4Kx0rICvW6/eH70GYKqBvj7oyINZmWoAbh6zvFZUUAyM9kR
2ilI6VV9Agl53+xAF/isL3Q+ahvDl877Y60JqFvnaT3ek/J+Pk+yvekJmyvzz9DX
GGsJWjrR0hsTGi9XLoM2k2f5SePpLdmF8W9BTDpX8jqLmFM2qbEHLgpxjEgE5RN5
219xgWpmaIlRTCFkpENgLPc9mKki0+1JO4OXM91yTps+iIfm2xio1P81qfDMrTjG
eTw2zESqGJNNBcBSKy6WCQTse0rGRlpIru6DMIQmYvh2UOxGq0srW+DuKE8Y9izf
A5s+Fi1hAoGBAOpeNhUVMEXzHlmQYLmgoz9OXI0ic9OT4PBNBxUksQYleWFJh13i
VBQa50pg5fHQZrggl/PDui9+E4D0vZbXV/YM4871mvXYxy8zt1hVBXcKRTsO8suF
ozvhIKhbzVCKSgBVBsRMccYBPX96qxecKHc8k2FakWBRn9bSFM4zFgKJAoGBAOKC
65bPvfsbJfLJXkUb884rEzVD+GQY3omqcFSTSpYsmrYo5eQAmWNt8MM0zdnS5r/Q
1HqTBitnw/cQEAq+vUDaZFFDGjgqZXfudAMetfWmHNadirlfWsFkWTwS8BV3flw2
VLABJP0ONGqJuxlNELTQwEfFasA4Qvf64hryw5SPAoGAeAANCPZ0ZRx6abl3DRSn
AX8J/GmrjKWnAuMtwTGsQk1lvN59JSEBk9nCm17J3eqq7ZQiuXl6F18idWDawiU4
sI8hBZLT6RU5x31fXycJSU5E7FxXDMY8MiivJAT9N0PXaBwg/tl1V8DC0Ebq24fl
YEfv3mUVEpA4mzGt3XZiyqECgYAH1rgIdBADDKF3kXhts9XwIJV9lmiWLjYlVXyl
sKM4JzsDas7p4Qtt4XQfjUhCbYYGxVdVFpl0Dxc9CZVEie1KvUQTe9sAbpcsW1gw
c3OgmKsO0kzmtWISp0JfTdh5JbV9w3OS07dP+pndxf5vlbcqSr8cvLxBArFum4QP
oq8aCQKBgH94w+qtgtGtV+JtSD54rsamOTd3IqgYL96syADu9jPLg5L+NSyTKKve
zEJtHXqNtQ6unOlXzIXa2m7X8NaxuReQIMDsrcX2u2oKq1picwGhqjYMsYpGyvtl
yivAFRa3rlpDQuumVTtfW832R563cT0CwtGW39Xp3jdSumq+tmkF
-----END RSA PRIVATE KEY-----`

async function main() {
  const client = new acme.Client({
    accountUrl,
    directoryUrl: acme.directory.letsencrypt.staging,
    accountKey: keyPem,
  })
  await client.revokeCertificate(certificate, {
    reason: 5, // cessationOfOperation; https://datatracker.ietf.org/doc/html/rfc5280#section-5.3.1
  })
}

main().catch((e) => {
  console.error('Fatal:', e)
  process.exit(1)
})

What am I doing wrong?

[FLYBYME]

After an upgrade it stopped working.

>> ERROR:
TypeError [ERR_INVALID_OPT_VALUE]: The value "jwk" is invalid for option "format"
    at parseKeyFormat (internal/crypto/keys.js:145:9)
    at parseKeyFormatAndType (internal/crypto/keys.js:180:18)
    at parseKeyEncoding (internal/crypto/keys.js:206:7)
    at parsePublicKeyEncoding (internal/crypto/keys.js:242:10)
    at PublicKeyObject.export (internal/crypto/keys.js:114:11)
    at getJwk (/home/ubuntu/code/certificates/node_modules/acme-client/src/crypto/index.js:157:54)
    at Object.exports.createCsr (/home/ubuntu/code/certificates/node_modules/acme-client/src/crypto/index.js:479:17)

[nmorsman]

@FLYBYME Your issue looks like #63, either upgrade to Node >= v16 or stick to acme-client v4.