How to create a LetsEncrypt compatible JWT with Node.js?

Question

I am trying to POST a JSON Web Token to the Lets Encrypt new registration endpoint using Node.js. How do I create this token? This is some code I've been experimenting with to try to generate a token that Let's Encrypt's webserver will accept:

var jwt = require('jsonwebtoken');    
var jws = require('jws');
var crypto = require('crypto');
var pem = require('pem');
var jose = require('node-jose');
var keystore = jose.JWK.createKeyStore();

var key;

var props = {
  //kid: 'gBdaS-adsfasdfasdfsa',
  alg: 'HS256',
  //use: 'enc',
    n: "pK7LuT2hxkWnYRl1Tcw9iAy9-_TqvHp2wh6EcHq_wglsNmtpxAe9gNGZevWu6T2O1aEmPYkgy7Q1meKNifenFuWicDcSSenkMM0JApfdveiVqjBA81EL0Y76T8i2JolggGXbiSa_ZRGwG-0FPDSIX3Jy5mQgOn-t-zrhD9yLDn2N7zzFqCBOtxzrwz1HEtN8QWZAFAzOceyyL6C791lGOk9SYYekxyuZkwkzhDEsoqR7fN6hmu6IfIU8hF5kt8M_Gef30wt5dUESvcTNdmQmq_L1QYA8qYO6-T0mC0zIpHpwQnANYOSZBCz1uE-vwS17MlfnUwGkPHJXWThlMZqZmQ",
    e: "AQAB"
};
keystore.generate("oct", 256, props).
        then(function(result) {   

          console.log(result);

         var obj = {
              header: {
                alg: "HS256",
                jwk: result,
                nonce: "kajdfksajdf39393"
              },
              payload: {
                  "resource": "new-reg",
                  "contact": [
                    "mailto:cert-admin@example.com",
                    "tel:+12025551212"
                  ]
                },
              secret: 'has a van',
            };

          const signature = jws.sign(obj);     
            console.log(signature);    
        });
}

This actually does generate a valid JWT:

.eyJyZXNvdXJjZSI6Im5ldy1yZWciLCJjb250YWN0IjpbIm1haWx0bzpjZXJ0LWFkbWluQGV4YW1wbGUuY29tIiwidGVsOisxMjAyNTU1MTIxMiJdfQ.RiHTdM_k1eLUJaGx4b59w8-hEQ-J0SpZjPIeGWhh1yg

However, when I try to POST it to the new registration endpoint, I get the following error:

{  "type": "urn:acme:error:malformed",   "detail": "Parse error reading JWS",   "status": 400 }

The testing code is a collection of code snippets I've put together after Googling this for a few hours. I understand there are LetsEncrypt servers I can run, but don't want to do that . I want to actually generate the requests and callbacks directly in Node.js because I want to run all this from AWS Lambda functions (no servers involved here).

I did find one example of a JWT token that actually seems to work , sort of. I say "sort of" because the response from this example is:

{  "type": "urn:acme:error:badNonce",  "detail": "JWS has invalid anti-replay nonce 5H63XwyOHKpAETFpHR8stXSkhkqhlAY1xV7VsCnOrs",  "status": 400}

This at least tells me the JWT token is being parsed and the Nonce is being looked at. When I decode this JWT, I see this:

It looks like this guy used RSA 256 to create this JWT. I'm not sure where the values "e" and "n" came from?

How do I recreate the above working sample with Node.JS / Jose?

Answer 1

I think the answer here is to just use the letsencrypt node.js NPM package. No need to develop ACME protocol from scratch, as this library seems to do it.