Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    unable to load EC Private Key

    Scheduled Pinned Locked Moved
    ACME
    2
    3
    689
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • yon 0Y
      yon 0
      last edited by

      i want to use my EC Private Key, but i cant input and submit ec key in PF.

      like this:

      -----BEGIN EC PRIVATE KEY-----
      MHQCAQEEIJj8Mw1AJdlXjbhfrfds1hfItEaAnMGaOzNvsJ1DWWY78oAcGBSuBBAAK
      oUQDQgAEOnoYXIgfdsgertgtrsdwUy6XMdBvhM2QHhEcC8JfmvhCEPtmWNQuvzVz
      1uoP+GUImM1ak15KWsdpAqZUonnZkg==
      -----END EC PRIVATE KEY-----

      if i change that to -----BEGIN PRIVATE KEY----- can input , but it is not normal work.

      server: letsencrypt-production-2

      getCertificatePSK using custom key
      LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tDQpNSFFDQVFFRUlKajhNdzFBSmRsWGpiaElCMmcxaGZJdEVhQW5NR2FPek52c0oxRFdXWTc4b0FjDQpvVVFEUWdBRU9ub1lYSWd0dEJKQzkxRzZpSHVyVXk2WE1kQnZoTTJRSGhFY0M4SmZtdmhDRVB0bVdOUXV2elZ6DQoxdW9QK0dVSW1NMWFrMTVLV3NkcEFxWlVvbm5aa2c9PQ0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQ==

      /usr/local/pkg/acme/acme.sh --issue -d 'yon.net' -d '*.yon.net' --home '/tmp/acme/yon.net-v2/' --accountconf '/tmp/acme/yon.net-v2/accountconf.conf' --force --reloadCmd '/tmp/acme/yon.net-v2/reloadcmd.sh' --dns 'dns_nsupdate' --ocsp-must-staple --log-level 3 --log '/tmp/acme/yon.net-v2/acme_issuecert.log'

      Array
      (
      [path] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
      [PATH] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
      [NSUPDATE_SERVER] => /tmp/acme/yon.net-v2/yon.net/nsupdate
      [NSUPDATE_KEYNAME] => yon
      [NSUPDATE_KEYALGO] => 157
      [NSUPDATE_KEY] => /tmp/acme/yon.net-v2/yon.net/nsupdate
      )
      [Wed Aug 8 22:13:45 CST 2018] Registering account
      [Wed Aug 8 22:13:53 CST 2018] Already registered
      [Wed Aug 8 22:13:53 CST 2018] ACCOUNT_THUMBPRINT='pTJ3SKO_lfmOPpgJyw_nfdsfsfercddwLfp9eZOwunduc'
      [Wed Aug 8 22:13:53 CST 2018] Multi domain='DNS:yon.net,DNS:*.yon.net'
      unable to load Private Key
      34380776392:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:/builder/ce-243/tmp/FreeBSD-src/crypto/openssl/crypto/asn1/tasn_dec.c:1200:
      34380776392:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:/builder/ce-243/tmp/FreeBSD-src/crypto/openssl/crypto/asn1/tasn_dec.c:374:Type=X509_ALGOR
      34380776392:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:/builder/ce-243/tmp/FreeBSD-src/crypto/openssl/crypto/asn1/tasn_dec.c:700:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO
      34380776392:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:/builder/ce-243/tmp/FreeBSD-src/crypto/openssl/crypto/pem/pem_pkey.c:142:
      [Wed Aug 8 22:13:53 CST 2018] Create CSR error.
      [Wed Aug 8 22:13:53 CST 2018] Please check log file for more details: /tmp/acme/yon.net-v2/acme_issuecert.log

      1 Reply Last reply Reply Quote 0
      • yon 0Y
        yon 0
        last edited by

        version is 0.3.1_1

        now i try use pf ec key still not work.

        [Wed Aug 8 22:41:38 CST 2018] readlink exists=0
        [Wed Aug 8 22:41:38 CST 2018] dirname exists=0
        [Wed Aug 8 22:41:38 CST 2018] Lets find script dir.
        [Wed Aug 8 22:41:38 CST 2018] SCRIPT='/usr/local/pkg/acme/acme.sh'
        [Wed Aug 8 22:41:38 CST 2018] _script='/usr/local/pkg/acme/acme.sh'
        [Wed Aug 8 22:41:38 CST 2018] _script_home='/usr/local/pkg/acme'
        [Wed Aug 8 22:41:38 CST 2018] Using config home:/tmp/acme/yon.net-2/
        [Wed Aug 8 22:41:38 CST 2018] APP
        [Wed Aug 8 22:41:38 CST 2018] 2:LOG_FILE='/tmp/acme/yon.net-2/acme_issuecert.log'
        [Wed Aug 8 22:41:38 CST 2018] APP
        [Wed Aug 8 22:41:38 CST 2018] 3:LOG_LEVEL='3'
        [Wed Aug 8 22:41:38 CST 2018] LE_WORKING_DIR='/tmp/acme/yon.net-2/'
        [Wed Aug 8 22:41:38 CST 2018] _main_domain='yon.net'
        [Wed Aug 8 22:41:38 CST 2018] _alt_domains='.yon.net'
        [Wed Aug 8 22:41:38 CST 2018] Using config home:/tmp/acme/yon.net-2/
        [Wed Aug 8 22:41:38 CST 2018] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
        [Wed Aug 8 22:41:38 CST 2018] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
        [Wed Aug 8 22:41:38 CST 2018] CA_CONF='/tmp/acme/yon.net-2//ca/acme-v02.api.letsencrypt.org/ca.conf'
        [Wed Aug 8 22:41:38 CST 2018] DOMAIN_PATH='/tmp/acme/yon.net-2//yon.net'
        [Wed Aug 8 22:41:38 CST 2018] 'dns_nsupdate' does not contain 'dns'
        [Wed Aug 8 22:41:38 CST 2018] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
        [Wed Aug 8 22:41:38 CST 2018] _init api for server: https://acme-v02.api.letsencrypt.org/directory
        [Wed Aug 8 22:41:38 CST 2018] GET
        [Wed Aug 8 22:41:38 CST 2018] url='https://acme-v02.api.letsencrypt.org/directory'
        [Wed Aug 8 22:41:38 CST 2018] timeout=
        [Wed Aug 8 22:41:38 CST 2018] curl exists=0
        [Wed Aug 8 22:41:38 CST 2018] wget exists=127
        [Wed Aug 8 22:41:38 CST 2018] _CURL='curl -L --silent --dump-header /tmp/acme/yon.net-2//http.header -g '
        [Wed Aug 8 22:41:43 CST 2018] ret='0'
        [Wed Aug 8 22:41:43 CST 2018] response='{
        "LZh-A99FZvI": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
        "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
        "meta": {
        "caaIdentities": [
        "letsencrypt.org"
        ],
        "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
        "website": "https://letsencrypt.org"
        },
        "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
        "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
        "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
        "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
        }'
        [Wed Aug 8 22:41:43 CST 2018] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
        [Wed Aug 8 22:41:43 CST 2018] ACME_NEW_AUTHZ
        [Wed Aug 8 22:41:43 CST 2018] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
        [Wed Aug 8 22:41:43 CST 2018] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
        [Wed Aug 8 22:41:43 CST 2018] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
        [Wed Aug 8 22:41:43 CST 2018] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
        [Wed Aug 8 22:41:43 CST 2018] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
        [Wed Aug 8 22:41:43 CST 2018] ACME_VERSION='2'
        [Wed Aug 8 22:41:43 CST 2018] Le_NextRenewTime
        [Wed Aug 8 22:41:43 CST 2018] OK
        [Wed Aug 8 22:41:43 CST 2018] 1:Le_Domain='yon.net'
        [Wed Aug 8 22:41:43 CST 2018] OK
        [Wed Aug 8 22:41:43 CST 2018] 2:Le_Alt='        .yon.net'
        [Wed Aug 8 22:41:43 CST 2018] OK
        [Wed Aug 8 22:41:43 CST 2018] 3:Le_Webroot='dns_nsupdate'
        [Wed Aug 8 22:41:43 CST 2018] OK
        [Wed Aug 8 22:41:43 CST 2018] 4:Le_PreHook=''
        [Wed Aug 8 22:41:43 CST 2018] OK
        [Wed Aug 8 22:41:43 CST 2018] 5:Le_PostHook=''
        [Wed Aug 8 22:41:43 CST 2018] OK
        [Wed Aug 8 22:41:43 CST 2018] 6:Le_RenewHook=''
        [Wed Aug 8 22:41:43 CST 2018] OK
        [Wed Aug 8 22:41:43 CST 2018] 7:Le_API='https://acme-v02.api.letsencrypt.org/directory'
        [Wed Aug 8 22:41:43 CST 2018] _on_before_issue
        [Wed Aug 8 22:41:43 CST 2018] _chk_main_domain='yon.net'
        [Wed Aug 8 22:41:43 CST 2018] _chk_alt_domains='.yon.net'
        [Wed Aug 8 22:41:43 CST 2018] 'dns_nsupdate' does not contain 'no'
        [Wed Aug 8 22:41:43 CST 2018] Le_LocalAddress
        [Wed Aug 8 22:41:43 CST 2018] d='yon.net'
        [Wed Aug 8 22:41:43 CST 2018] Check for domain='yon.net'
        [Wed Aug 8 22:41:43 CST 2018] _currentRoot='dns_nsupdate'
        [Wed Aug 8 22:41:43 CST 2018] d='        .yon.net'
        [Wed Aug 8 22:41:43 CST 2018] Check for domain='.yon.net'
        [Wed Aug 8 22:41:43 CST 2018] _currentRoot='dns_nsupdate'
        [Wed Aug 8 22:41:43 CST 2018] d
        [Wed Aug 8 22:41:43 CST 2018] 'dns_nsupdate' does not contain 'apache'
        [Wed Aug 8 22:41:43 CST 2018] _saved_account_key_hash='cP/GOmaOTPwyzPOSLFAvQrmkrFGMqzzrVJI='
        [Wed Aug 8 22:41:43 CST 2018] base64 single line.
        [Wed Aug 8 22:41:43 CST 2018] _saved_account_key_hash is not changed, skip register account.
        [Wed Aug 8 22:41:43 CST 2018] Read key length:
        [Wed Aug 8 22:41:43 CST 2018] _createcsr
        [Wed Aug 8 22:41:43 CST 2018] domain='yon.net'
        [Wed Aug 8 22:41:43 CST 2018] domainlist='        .yon.net'
        [Wed Aug 8 22:41:43 CST 2018] csrkey='/tmp/acme/yon.net-2//yon.net/yon.net.key'
        [Wed Aug 8 22:41:43 CST 2018] csr='/tmp/acme/yon.net-2//yon.net/yon.net.csr'
        [Wed Aug 8 22:41:43 CST 2018] csrconf='/tmp/acme/yon.net-2//yon.net/yon.net.csr.conf'
        [Wed Aug 8 22:41:43 CST 2018] _is_idn_d='.yon.net'
        [Wed Aug 8 22:41:43 CST 2018] _idn_temp
        [Wed Aug 8 22:41:43 CST 2018] domainlist='        .yon.net'
        [Wed Aug 8 22:41:43 CST 2018] Multi domain='DNS:yon.net,DNS:*.yon.net'
        [Wed Aug 8 22:41:43 CST 2018] OK
        [Wed Aug 8 22:41:43 CST 2018] 8:Le_OCSP_Staple='1'
        [Wed Aug 8 22:41:43 CST 2018] _is_idn_d='yon.net'
        [Wed Aug 8 22:41:43 CST 2018] _idn_temp
        [Wed Aug 8 22:41:43 CST 2018] _csr_cn='yon.net'
        [Wed Aug 8 22:41:43 CST 2018] Create CSR error.
        [Wed Aug 8 22:41:43 CST 2018] pid
        [Wed Aug 8 22:41:43 CST 2018] No need to restore nginx, skip.
        [Wed Aug 8 22:41:43 CST 2018] _clearupdns
        [Wed Aug 8 22:41:43 CST 2018] skip dns.
        [Wed Aug 8 22:41:43 CST 2018] _on_issue_err
        [Wed Aug 8 22:41:43 CST 2018] Please check log file for more details: /tmp/acme/yon.net-2/acme_issuecert.log
        [Wed Aug 8 22:41:43 CST 2018] _chk_vlist

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          The GUI does not have support for EC keys at this time.

          Remember: Upvote with the πŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post