Error:0E06D06C when Loading account key about acmecert HOT 15 CLOSED

Hello @wilsmex,

Does it work if you replace:

$ac->loadAccountKey('file://account_key.pem');

with:

$ac->loadAccountKey(preg_replace('/[\x00-\x09\x0b-\x1f\x7f-\xff]/','',file_get_contents('account_key.pem')));

?

(My guess is that there is maybe a UTF-8 BOM header at the beginning of your .pem file)

from acmecert.

Oh wow, I just figured what I was doing wrong. Facepalm. I wasn't adding the 'file://', as I had my key file path setup in a variable, I was just adding that variable assuming that the file:// was just an 'arbitrary path' placeholder to the key file.

I was just doing:
$ac->loadAccountKey($keyfile_path);
which is why when I changed to:
$ac->loadAccountKey(file_get_contents($keyfile_path));
or
$ac->loadAccountKey("file://".$keyfile_path);

Things worked. Sorry for the trouble and thanks for helping me troubleshoot that!

from acmecert.

Hello !

It looks like there is a problem with the OpenSSL configuration file openssl.cnf.

Check the output of phpinfo() for 'Openssl default config' to find the location of openssl.cnf.

You could temporarily replace it by https://github.com/openssl/openssl/blob/master/apps/openssl.cnf to test if this solves the problem.

from acmecert.

Hello,

Thank you for your message, i just try it, but still same issues,
I'm using a Wamp server in Windows, maybe there some changes to do .

I'm still looking for it .

Thank you .

from acmecert.

From the error message "Could not load account key" it seems the function openssl_pkey_get_private fails, so let's test that isolated:

What do you get when running the following code?

error_reporting(E_ALL);

$ret=openssl_pkey_get_private('-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDL6/5QF6PE/qVC2jdhs3HNSid+AwFLMBICPKIwO0M3xz/3iGNG
6kAHSTSnG7vvbDHCDJEmGiwB/NP0/x9tT2qYPXwshVlVh/VxvBfyuloTc0Zqzm5j
dRVnht0Be1OSJV1SNvz10p/ut96hL6XWpjzXa5Q7vUJBXYNOh7+fbcApeQIDAQAB
AoGBALGTilxYmaZ8UZFL0Zpk1x78CjPzjfbZn3UPM/VoRfqWqh92R22Do8o0d4Nl
5VxzDUl8BBH4DIaWkkTwvX9E/v6RzL+/Daxp3PQtrKOjfBxGZbvmqXt0PIQfGBwX
pOyHopuHuNdeAtyNNwbBvnWOSiHHaXevo6cs0BNjWvMIpRj5AkEA6lid8Pubg+tH
erbzaKOtG+AQYxSVSlRgdEv2qxKhj+ETu4igHvKqt2lG+zCFATjXp5RzwkZQCK9o
O1DJsfX2CwJBAN7DsvyN1XhwIBHqk9KmsR22oyPZ6HITu9SwhIe0wFVA8lTJLodb
XONiRS5u2D1et8x9UEdMVQUXy2edabE9JQsCQHIBuJzDGy47aSPXG2W9svrLr80z
90kY8W/CgPdK8hR4EEx8tEE6FzlxWxnayeoFSEz7mLFb2ZXQF+o7bFRKb28CQHvd
g3PNBer/JcXwkpuqFof4GwR/UTHFaUbdlAPFbMC66URdzWJ0WdURungUKGcPeNHa
yD2s4wV+8po9vBxSbHsCQFOvZS304GQQeUBvMRj9mQgMYiDtYD+lKqaQHuYK+CbV
2fgI3QaubjJ6orhjjhLAaJlXqpaPvcDyI5piNXIhK0w=
-----END RSA PRIVATE KEY-----');

while(false!==($msg=openssl_error_string())){
	var_dump($msg);
}

var_dump($ret);

from acmecert.

Hello,

Thank for your message, I try what you just said, and it's give me the following :

string 'error:140E0197:SSL routines:SSL_shutdown:shutdown while in init' (length=63)
resource(3, OpenSSL key)

Do you know what that's mean exactly ?

Thank you .

Edit : I try it once again, now i only have resource(3, OpenSSL key), it's seems to work propely .

from acmecert.

If you got resource(3, OpenSSL key) it indeed worked properly!

So there must be a problem with the key you used with loadAccountKey.

What do you get when running the following code? (Make sure you use the same account_key.pem you used with loadAccountKey when you got the error 0E06D06C)

error_reporting(E_ALL);

$ret=openssl_pkey_get_private('file://account_key.pem');

while(false!==($msg=openssl_error_string())){
	var_dump($msg);
}

var_dump($ret);

If you get the same error 0E06D06C again:

• How did you generate the key?
• Is it a RSA-Key?
• How many bits has it?

from acmecert.

I too am getting an error when running loadAccountKey. I tried the above code with my .pem file and get 'error:0906D06C:PEM routines:PEM_read_bio:no start line'

When I load the PEM file RSA private key directly as a string into the code as in your first suggestion, I get the resource(2, OpenSSL key)

I generated my key via the $key=$ac->generateRSAKey(2048);

Thoughts?

from acmecert.

@skoerfgen Bingo! That did the trick. Sorry for the delay here, was off on holiday for past week.

from acmecert.

@wilsmex Nice to hear it worked out!

(Hint: If you use file_put_contents to save the generated key directly the problem does not occur.)

Just to rule out another thing:
Are you using

$ac->loadAccountKey('account_key.pem'); // WRONG !!

or

$ac->loadAccountKey('file://account_key.pem'); // Correct

from acmecert.

Oddly enough, that's the method Im using.

$key=$ac->generateRSAKey(2048);
file_put_contents('key_dir',$key);

Unrelated, (as I'm brand new to this whole certificate stuff). Is this script using the '1 domain per certificate' or does it bundle all of the domains I specify into 1 cert (up to 100)? If the latter, and say I generate a cert for 10 domains but then need to add an 11th a day or two later, do I just request a new certificate, or is there an 'add domain' to the existing cert?

from acmecert.

This is indeed strange!

What does it output if you run:

$key=$ac->generateRSAKey(2048);
file_put_contents('key_dir',$key);
try {
	$ac->loadAccountKey('file://key_dir');
	echo 'it worked!';
}catch(Exception $e){
	echo bin2hex(file_get_contents('key_dir'));
}

getCertificateChain outputs only one certificate, so all domains listed in $domain_config get bundled into one. If you want to add another domain to an existing certificate just request a new one (same for renewal). (There is no 'add domain' functionality in the ACME protocol.)

from acmecert.

Big giant hex of key, doesn't look unusual. (stripped out big section with ......)
2d2d2d2d2d424547494e2050524956415445204b45592d2d2d2d2d0a4d494945774149424144414e42676b71686b6947397730424151454641415343424b6f776767536d41674541416f494241514431564e647177436941483842440a59583175695336445343352b596574366666464a54786b3343584b4f702f716835466f62425a3333512b694532666e567444504336712b6976505756373879530a68513638334766525330534130444d3249744d326157466e6c4d58563277356865694f586d6154565661484250564431424e446f325a4b795570674d533250430a7467436149464d4f476a6c61414c786f4b7342394731335833575a503953703333765448727a6c
.........
6a73610a312f3838664c483838726b43675945412b484f52663959434c71663041706241514a566c5963526a4c6972624e72524138574a6d3530644b37443942577967520a78764147454d2f414d427a75347a7944516c4d45786f49643957743958616f4378507857736d6c6f35496a506546784d4d42327a7078712b6e414142494538770a6c44543167336e4a633949744175372f4e334951636e6278573242482f4975315a7675664c6f6a52454c756f7a4e53564b7574626e55587a67425543675945410a697738677a703232365479584f5676487a32673275576a7549435264384832326b415145546c72446e326d66495a79495252556f5a676275634a65733943686b0a3749457450343970617244455373717352704557306b5347744a594a445a3676345a487463474153512f6a5758554358424655704e6159574c7755364e6d6e460a50332b73386276415839515a45456369593452734869484848796a6f4b5a6f68782b444b30477779487745436759454172306a6c492b346273494b71515654690a2b386764777667667333615a4b32307468427478337469615878704f333544394f78304e593478346c624e324c4e426f2b56375a2f314163463737336a4b6a2b0a5847656246754c44733371356155694a306355733678783378476251666d685038304a50544a345151423370544b4e7730657435696c517274666a63346f7a470a4449694956642b613342566a4b7066413678373344513567384f303d0a2d2d2d2d2d454e442050524956415445204b45592d2d2d2d2d0a

from acmecert.

Ok, this looks like a valid key, very strange..

And it works if you run the following?

$key=$ac->generateRSAKey(2048);
file_put_contents('key_dir',$key);
try {
	$ac->loadAccountKey(preg_replace('/[\x00-\x09\x0b-\x1f\x7f-\xff]/','',file_get_contents('key_dir')));
	echo 'it worked!';
}catch(Exception $e){
	echo 'failed: '.$e->getMessage();
}

from acmecert.

@wilsmex I see! Sometimes it's the simple things :)

I'll update the README next weekend to make this more clear, it isn't indeed obvious.

Thanks!

from acmecert.