Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nginx cannot load certificate #4761

Closed
daBee opened this issue Aug 27, 2023 · 3 comments
Closed

nginx cannot load certificate #4761

daBee opened this issue Aug 27, 2023 · 3 comments

Comments

@daBee
Copy link

daBee commented Aug 27, 2023

I can't get two issuances to work. The file suffix has changed, but the cert itself seems invalid from the reports.

acme.sh upgraded to latest.
Issue replicated on two domains hosted using nginx.

Steps to reproduce

sudo nginx -t -c /etc/nginx/nginx.conf

nginx: [emerg] cannot load certificate "/root/.acme.sh/example.com_ecc/example.com.csr": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: configuration file /etc/nginx/nginx.conf test failed

Debug log

Installation went ok, but couldn't load the cert:

[Sun Aug 27 16:36:47 EDT 2023] code='200'
[Sun Aug 27 16:36:47 EDT 2023] original='{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/TxRXs89pmdo1ekSK45fVHA","status":"invalid","error":{},"token":"KIL7otzSEiZ0knOGRppWO9d8hzu0tehGRj2MBbtI5LY"}'
[Sun Aug 27 16:36:47 EDT 2023] response='{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/TxRXs89pmdo1ekSK45fVHA","status":"invalid","error":{},"token":"KIL7otzSEiZ0knOGRppWO9d8hzu0tehGRj2MBbtI5LY"}'
[Sun Aug 27 16:36:47 EDT 2023] original='{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/TxRXs89pmdo1ekSK45fVHA","status":"invalid","error":{},"token":"KIL7otzSEiZ0knOGRppWO9d8hzu0tehGRj2MBbtI5LY"}'
[Sun Aug 27 16:36:47 EDT 2023] response='{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/TxRXs89pmdo1ekSK45fVHA","status":"invalid","error":{},"token":"KIL7otzSEiZ0knOGRppWO9d8hzu0tehGRj2MBbtI5LY"}'
[Sun Aug 27 16:36:47 EDT 2023] status='invalid'
[Sun Aug 27 16:36:47 EDT 2023] error='"error":{'
[Sun Aug 27 16:36:47 EDT 2023] errordetail
[Sun Aug 27 16:36:47 EDT 2023] example.com:Verify error:"error":{

cert files and nginx directives match, but there's an issue with the cert file itself, as above.

[Sun Aug 27 16:33:03 root@server_f ~/.acme.sh/example.com_ecc] pwd
/root/.acme.sh/example.com_ecc
[Sun Aug 27 16:33:01 root@server_f ~/.acme.sh/example.com_ecc] ll
total 16
-rw-r--r-- 1 root root 279 May 24 21:34 example.com.conf
-rw-r--r-- 1 root root 473 May 24 21:33 example.com.csr
-rw-r--r-- 1 root root 200 May 24 21:33 example.com.csr.conf
-rw------- 1 root root 227 May 24 21:16 example.com.key

  ssl_certificate        /root/.acme.sh/example.com_ecc/example.com.csr;
  ssl_certificate_key    /root/.acme.sh/example.com_ecc/example.com.key;
@github-actions
Copy link

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.

@daBee
Copy link
Author

daBee commented Aug 28, 2023

That's what I did, and posted.

@daBee
Copy link
Author

daBee commented Aug 28, 2023

Just tested the cert, and it returns an error:

[Mon Aug 28 09:38:12 root@server_f /home/user3] openssl x509 -in /root/.acme.sh/example.com_ecc/example.com.csr -text -noout
Could not read certificate from /root/.acme.sh/example.com_ecc/example.com.csr
Unable to load certificate

@daBee daBee closed this as completed Aug 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@daBee