Comments (15)
Hello @wilsmex,
Does it work if you replace:
$ac->loadAccountKey('file://account_key.pem');
with:
$ac->loadAccountKey(preg_replace('/[\x00-\x09\x0b-\x1f\x7f-\xff]/','',file_get_contents('account_key.pem')));
?
(My guess is that there is maybe a UTF-8 BOM header at the beginning of your .pem file)
from acmecert.
Oh wow, I just figured what I was doing wrong. Facepalm. I wasn't adding the 'file://', as I had my key file path setup in a variable, I was just adding that variable assuming that the file:// was just an 'arbitrary path' placeholder to the key file.
I was just doing:
$ac->loadAccountKey($keyfile_path);
which is why when I changed to:
$ac->loadAccountKey(file_get_contents($keyfile_path));
or
$ac->loadAccountKey("file://".$keyfile_path);
Things worked. Sorry for the trouble and thanks for helping me troubleshoot that!
from acmecert.
Hello !
It looks like there is a problem with the OpenSSL configuration file openssl.cnf
.
Check the output of phpinfo()
for 'Openssl default config' to find the location of openssl.cnf
.
You could temporarily replace it by https://github.com/openssl/openssl/blob/master/apps/openssl.cnf to test if this solves the problem.
from acmecert.
Hello,
Thank you for your message, i just try it, but still same issues,
I'm using a Wamp server in Windows, maybe there some changes to do .
I'm still looking for it .
Thank you .
from acmecert.
From the error message "Could not load account key" it seems the function openssl_pkey_get_private
fails, so let's test that isolated:
What do you get when running the following code?
error_reporting(E_ALL);
$ret=openssl_pkey_get_private('-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDL6/5QF6PE/qVC2jdhs3HNSid+AwFLMBICPKIwO0M3xz/3iGNG
6kAHSTSnG7vvbDHCDJEmGiwB/NP0/x9tT2qYPXwshVlVh/VxvBfyuloTc0Zqzm5j
dRVnht0Be1OSJV1SNvz10p/ut96hL6XWpjzXa5Q7vUJBXYNOh7+fbcApeQIDAQAB
AoGBALGTilxYmaZ8UZFL0Zpk1x78CjPzjfbZn3UPM/VoRfqWqh92R22Do8o0d4Nl
5VxzDUl8BBH4DIaWkkTwvX9E/v6RzL+/Daxp3PQtrKOjfBxGZbvmqXt0PIQfGBwX
pOyHopuHuNdeAtyNNwbBvnWOSiHHaXevo6cs0BNjWvMIpRj5AkEA6lid8Pubg+tH
erbzaKOtG+AQYxSVSlRgdEv2qxKhj+ETu4igHvKqt2lG+zCFATjXp5RzwkZQCK9o
O1DJsfX2CwJBAN7DsvyN1XhwIBHqk9KmsR22oyPZ6HITu9SwhIe0wFVA8lTJLodb
XONiRS5u2D1et8x9UEdMVQUXy2edabE9JQsCQHIBuJzDGy47aSPXG2W9svrLr80z
90kY8W/CgPdK8hR4EEx8tEE6FzlxWxnayeoFSEz7mLFb2ZXQF+o7bFRKb28CQHvd
g3PNBer/JcXwkpuqFof4GwR/UTHFaUbdlAPFbMC66URdzWJ0WdURungUKGcPeNHa
yD2s4wV+8po9vBxSbHsCQFOvZS304GQQeUBvMRj9mQgMYiDtYD+lKqaQHuYK+CbV
2fgI3QaubjJ6orhjjhLAaJlXqpaPvcDyI5piNXIhK0w=
-----END RSA PRIVATE KEY-----');
while(false!==($msg=openssl_error_string())){
var_dump($msg);
}
var_dump($ret);
from acmecert.
Hello,
Thank for your message, I try what you just said, and it's give me the following :
string 'error:140E0197:SSL routines:SSL_shutdown:shutdown while in init' (length=63)
resource(3, OpenSSL key)
Do you know what that's mean exactly ?
Thank you .
Edit : I try it once again, now i only have resource(3, OpenSSL key), it's seems to work propely .
from acmecert.
If you got resource(3, OpenSSL key)
it indeed worked properly!
So there must be a problem with the key you used with loadAccountKey
.
What do you get when running the following code? (Make sure you use the same account_key.pem
you used with loadAccountKey
when you got the error 0E06D06C)
error_reporting(E_ALL);
$ret=openssl_pkey_get_private('file://account_key.pem');
while(false!==($msg=openssl_error_string())){
var_dump($msg);
}
var_dump($ret);
If you get the same error 0E06D06C again:
- How did you generate the key?
- Is it a RSA-Key?
- How many bits has it?
from acmecert.
I too am getting an error when running loadAccountKey
. I tried the above code with my .pem file and get 'error:0906D06C:PEM routines:PEM_read_bio:no start line'
When I load the PEM file RSA private key directly as a string into the code as in your first suggestion, I get the resource(2, OpenSSL key)
I generated my key via the $key=$ac->generateRSAKey(2048);
Thoughts?
from acmecert.
@skoerfgen Bingo! That did the trick. Sorry for the delay here, was off on holiday for past week.
from acmecert.
@wilsmex Nice to hear it worked out!
(Hint: If you use file_put_contents to save the generated key directly the problem does not occur.)
@Viveff Maybe above solution also solves your issue...
Just to rule out another thing:
Are you using
$ac->loadAccountKey('account_key.pem'); // WRONG !!
or
$ac->loadAccountKey('file://account_key.pem'); // Correct
from acmecert.
Oddly enough, that's the method Im using.
$key=$ac->generateRSAKey(2048);
file_put_contents('key_dir',$key);
Unrelated, (as I'm brand new to this whole certificate stuff). Is this script using the '1 domain per certificate' or does it bundle all of the domains I specify into 1 cert (up to 100)? If the latter, and say I generate a cert for 10 domains but then need to add an 11th a day or two later, do I just request a new certificate, or is there an 'add domain' to the existing cert?
from acmecert.
This is indeed strange!
What does it output if you run:
$key=$ac->generateRSAKey(2048);
file_put_contents('key_dir',$key);
try {
$ac->loadAccountKey('file://key_dir');
echo 'it worked!';
}catch(Exception $e){
echo bin2hex(file_get_contents('key_dir'));
}
getCertificateChain outputs only one certificate, so all domains listed in $domain_config
get bundled into one. If you want to add another domain to an existing certificate just request a new one (same for renewal). (There is no 'add domain' functionality in the ACME protocol.)
from acmecert.
Big giant hex of key, doesn't look unusual. (stripped out big section with ......)
2d2d2d2d2d424547494e2050524956415445204b45592d2d2d2d2d0a4d494945774149424144414e42676b71686b6947397730424151454641415343424b6f776767536d41674541416f494241514431564e647177436941483842440a59583175695336445343352b596574366666464a54786b3343584b4f702f716835466f62425a3333512b694532666e567444504336712b6976505756373879530a68513638334766525330534130444d3249744d326157466e6c4d58563277356865694f586d6154565661484250564431424e446f325a4b795570674d533250430a7467436149464d4f476a6c61414c786f4b7342394731335833575a503953703333765448727a6c
.........
6a73610a312f3838664c483838726b43675945412b484f52663959434c71663041706241514a566c5963526a4c6972624e72524138574a6d3530644b37443942577967520a78764147454d2f414d427a75347a7944516c4d45786f49643957743958616f4378507857736d6c6f35496a506546784d4d42327a7078712b6e414142494538770a6c44543167336e4a633949744175372f4e334951636e6278573242482f4975315a7675664c6f6a52454c756f7a4e53564b7574626e55587a67425543675945410a697738677a703232365479584f5676487a32673275576a7549435264384832326b415145546c72446e326d66495a79495252556f5a676275634a65733943686b0a3749457450343970617244455373717352704557306b5347744a594a445a3676345a487463474153512f6a5758554358424655704e6159574c7755364e6d6e460a50332b73386276415839515a45456369593452734869484848796a6f4b5a6f68782b444b30477779487745436759454172306a6c492b346273494b71515654690a2b386764777667667333615a4b32307468427478337469615878704f333544394f78304e593478346c624e324c4e426f2b56375a2f314163463737336a4b6a2b0a5847656246754c44733371356155694a306355733678783378476251666d685038304a50544a345151423370544b4e7730657435696c517274666a63346f7a470a4449694956642b613342566a4b7066413678373344513567384f303d0a2d2d2d2d2d454e442050524956415445204b45592d2d2d2d2d0a
from acmecert.
Ok, this looks like a valid key, very strange..
And it works if you run the following?
$key=$ac->generateRSAKey(2048);
file_put_contents('key_dir',$key);
try {
$ac->loadAccountKey(preg_replace('/[\x00-\x09\x0b-\x1f\x7f-\xff]/','',file_get_contents('key_dir')));
echo 'it worked!';
}catch(Exception $e){
echo 'failed: '.$e->getMessage();
}
from acmecert.
@wilsmex I see! Sometimes it's the simple things :)
I'll update the README next weekend to make this more clear, it isn't indeed obvious.
Thanks!
from acmecert.
Related Issues (20)
- asn1: syntax error: sequence truncated (urn:ietf:params:acme:error:malformed) HOT 5
- Pending authorizations rate limit HOT 5
- Error in GnuTLS initialization: Failed to acquire random data. HOT 1
- error:02001002:system library:fopen:No such file or directory HOT 2
- Two DNS-names in one wildcard certificate HOT 2
- Error when generating CSR HOT 2
- Basic Authentification / htaccess secured domains + http-01 challenges? HOT 1
- token for manual http-01 challenge HOT 6
- At which point is file cert_private_key.pem created? HOT 4
- Virtual subdomain issues HOT 1
- .pem to .crt and .key HOT 2
- EAB authorization support HOT 12
- No Function Comments in classes and Methods HOT 6
- A quick question HOT 8
- Deprecated function on PHP8 HOT 2
- Alternate chain X1 HOT 3
- PHP 8.1 support HOT 2
- Google Trust Services dns-01 issue HOT 4
- Couldn't you provide a complete and simple example document? From the first step to the final certificate issuance and renewal, it feels like the order is confusing and there is no complete step by step, I don't know how the order is HOT 7
- memory leak HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from acmecert.