Private key only



  • I've trying to get certificates ACME certs but when it finished I get the little broken chainlink and no indication or error anywhere but the certificates return with only with a private key.

    I'm not sure if I broke it, I'v tried both staging and production already and searched the fileystem for clues but even the temp cert have only private keys.

    Thanks!


  • Rebel Alliance Developer Netgate

    That must mean it did not fully complete the validation.

    It should display some output when it completes, including a link to the log with more detail. It's usually at /tmp/acme/<your entry name>/acme_issuecert.log. Look in there and see what it says.



  • I actually watched it go using tail -f /tmp/acme/<your entry name>/acme_issuecert.log, it's silly but it gaves me some sort of comfort; there weren't any obvious error. After reading your answers I'm checking again, there's something about a key change and mention that my client broke--on the links given, not on the log. I'm investigating.

    Thanks!


  • Rebel Alliance Developer Netgate

    We have seen a couple reports where the ACME servers won't accept key updates over IPv6 for whatever reason. If you set your firewall to prefer IPv4 under System > Advanced on the Networking tab, does that let it proceed?



  • I have disabled IPv6 network-wide at the moment. It is advertised by my ISP on the edge interfaces though--anyway--I don't think it was that. I thought HAProxy was broken so I resorted to other means and I move back the domains to Cloudflare and on the same entry on ACME I changed each of the requests from Dynu to Cloudflare's credentials and API key and ti went through this time.

    I have to rinse and repeat now with the production CA, although I set the cert on HAProxy, tunneled in and it got me a green padlock right away. I think I might just stay put. :)

    Thanks!