New Install unable to load Private Key
-
Hello everyone, I am hoping someone can help me with a problem that has me banging my head against the wall for the past 2 days.
I have recently installed pfSense and have been able to get everything working but the ACME package. I have created an account key and registered it with Let's Encrypt and configured ACME to use DNS-API for Godaddy, but when ever I try to issue a license I get an error that says
unable to load Private Key
34380794936:error:0906D06C:PEM routines:PEM_read_bio:no start line:/build/ce-crossbuild-244/pfSense/tmp/FreeBSD-src/crypto/openssl/crypto/pem/pem_lib.c:708:Expecting: ANY PRIVATE KEY
[Fri Mar 8 12:24:11 CST 2019] Create CSR error.I am at a loss and any help would be appreciated.
-
I'm having the same issue at Demigawd.
I've tried using dns-only, http standalone server and a few other options. Each time I receive create CSR error message. Here's a copy of the log:
[Sat Mar 9 21:09:09 EST 2019] readlink exists=0 [Sat Mar 9 21:09:09 EST 2019] dirname exists=0 [Sat Mar 9 21:09:09 EST 2019] Lets find script dir. [Sat Mar 9 21:09:09 EST 2019] _SCRIPT_='/usr/local/pkg/acme/acme.sh' [Sat Mar 9 21:09:09 EST 2019] _script='/usr/local/pkg/acme/acme.sh' [Sat Mar 9 21:09:09 EST 2019] _script_home='/usr/local/pkg/acme' [Sat Mar 9 21:09:09 EST 2019] Using config home:/tmp/acme/my.domain.name / [Sat Mar 9 21:09:09 EST 2019] APP [Sat Mar 9 21:09:09 EST 2019] 3:LOG_FILE='/tmp/acme/my.domain.name/acme_ issuecert.log' [Sat Mar 9 21:09:09 EST 2019] APP [Sat Mar 9 21:09:09 EST 2019] 4:LOG_LEVEL='3' [Sat Mar 9 21:09:09 EST 2019] LE_WORKING_DIR='/tmp/acme/my.domain.name/' [Sat Mar 9 21:09:09 EST 2019] _main_domain='my.domain.name' [Sat Mar 9 21:09:09 EST 2019] _alt_domains='no' [Sat Mar 9 21:09:09 EST 2019] Using config home:/tmp/acme/my.domain.name / [Sat Mar 9 21:09:09 EST 2019] ACME_DIRECTORY='https://acme-v01.api.letsencrypt. org/directory' [Sat Mar 9 21:09:09 EST 2019] _ACME_SERVER_HOST='acme-v01.api.letsencrypt.org' [Sat Mar 9 21:09:09 EST 2019] CA_CONF='/tmp/acme/my.domain.name//ca/acme -v01.api.letsencrypt.org/ca.conf' [Sat Mar 9 21:09:09 EST 2019] DOMAIN_PATH='/tmp/acme/my.domain.name//alg onquin.mnelson.org' [Sat Mar 9 21:09:09 EST 2019] 'no' does not contain 'dns' [Sat Mar 9 21:09:09 EST 2019] Using ACME_DIRECTORY: https://acme-v01.api.letsen crypt.org/directory [Sat Mar 9 21:09:09 EST 2019] _init api for server: https://acme-v01.api.letsen crypt.org/directory [Sat Mar 9 21:09:09 EST 2019] GET [Sat Mar 9 21:09:09 EST 2019] url='https://acme-v01.api.letsencrypt.org/directo ry' [Sat Mar 9 21:09:09 EST 2019] timeout= [Sat Mar 9 21:09:09 EST 2019] curl exists=0 [Sat Mar 9 21:09:09 EST 2019] wget exists=127 [Sat Mar 9 21:09:09 EST 2019] _CURL='curl -L --silent --dump-header /tmp/acme/my.domain.name//http.header -g ' [Sat Mar 9 21:09:09 EST 2019] ret='0' [Sat Mar 9 21:09:09 EST 2019] response='{ "ZmsbH9X_HGw": "https://community.letsencrypt.org/t/adding-random-entries-to-t he-directory/33417", "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentities": [ "letsencrypt.org" ], "terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.2-November-1 5-2017.pdf", "website": "https://letsencrypt.org" }, "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz", "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert", "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg", "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert" }' [Sat Mar 9 21:09:09 EST 2019] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt .org/acme/key-change' [Sat Mar 9 21:09:09 EST 2019] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt. org/acme/new-authz' [Sat Mar 9 21:09:09 EST 2019] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt. org/acme/new-cert' [Sat Mar 9 21:09:09 EST 2019] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencryp t.org/acme/new-reg' [Sat Mar 9 21:09:09 EST 2019] ACME_REVOKE_CERT='https://acme-v01.api.letsencryp t.org/acme/revoke-cert' [Sat Mar 9 21:09:09 EST 2019] ACME_AGREEMENT='https://letsencrypt.org/documents /LE-SA-v1.2-November-15-2017.pdf' [Sat Mar 9 21:09:09 EST 2019] ACME_NEW_NONCE [Sat Mar 9 21:09:09 EST 2019] ACME_VERSION [Sat Mar 9 21:09:09 EST 2019] Le_NextRenewTime [Sat Mar 9 21:09:09 EST 2019] OK [Sat Mar 9 21:09:09 EST 2019] 1:Le_Domain='my.domain.name' [Sat Mar 9 21:09:09 EST 2019] OK [Sat Mar 9 21:09:09 EST 2019] 2:Le_Alt='no' [Sat Mar 9 21:09:09 EST 2019] OK [Sat Mar 9 21:09:09 EST 2019] 3:Le_Webroot='no' [Sat Mar 9 21:09:09 EST 2019] OK [Sat Mar 9 21:09:09 EST 2019] 4:Le_PreHook='' [Sat Mar 9 21:09:09 EST 2019] OK [Sat Mar 9 21:09:09 EST 2019] 5:Le_PostHook='' [Sat Mar 9 21:09:09 EST 2019] OK [Sat Mar 9 21:09:09 EST 2019] 6:Le_RenewHook='' [Sat Mar 9 21:09:09 EST 2019] OK [Sat Mar 9 21:09:09 EST 2019] 7:Le_API='https://acme-v01.api.letsencrypt.org/directory' [Sat Mar 9 21:09:09 EST 2019] _on_before_issue [Sat Mar 9 21:09:09 EST 2019] _chk_main_domain='my.domain.name' [Sat Mar 9 21:09:09 EST 2019] _chk_alt_domains [Sat Mar 9 21:09:09 EST 2019] 'no' contains 'no' [Sat Mar 9 21:09:09 EST 2019] socat exists=0 [Sat Mar 9 21:09:09 EST 2019] Le_LocalAddress [Sat Mar 9 21:09:09 EST 2019] d='my.domain.name' [Sat Mar 9 21:09:09 EST 2019] Check for domain='my.domain.name' [Sat Mar 9 21:09:09 EST 2019] _currentRoot='no' [Sat Mar 9 21:09:09 EST 2019] Standalone mode. [Sat Mar 9 21:09:09 EST 2019] APP [Sat Mar 9 21:09:09 EST 2019] 8:Le_HTTPPort='8082' [Sat Mar 9 21:09:09 EST 2019] _checkport='8082' [Sat Mar 9 21:09:09 EST 2019] _checkaddr [Sat Mar 9 21:09:09 EST 2019] ss exists=127 [Sat Mar 9 21:09:09 EST 2019] netstat exists=0 [Sat Mar 9 21:09:09 EST 2019] Using: netstat [Sat Mar 9 21:09:09 EST 2019] d [Sat Mar 9 21:09:09 EST 2019] 'no' does not contain 'apache' [Sat Mar 9 21:09:09 EST 2019] _saved_account_key_hash='somekeyhash' [Sat Mar 9 21:09:09 EST 2019] base64 single line. [Sat Mar 9 21:09:09 EST 2019] _saved_account_key_hash is not changed, skip register account. [Sat Mar 9 21:09:09 EST 2019] Read key length: [Sat Mar 9 21:09:09 EST 2019] _createcsr [Sat Mar 9 21:09:09 EST 2019] domain='my.domain.name' [Sat Mar 9 21:09:09 EST 2019] domainlist [Sat Mar 9 21:09:09 EST 2019] csrkey='/tmp/acme/my.domain.name//my.domain.name/my.domain.name.key' [Sat Mar 9 21:09:09 EST 2019] csr='/tmp/acme/my.domain.name//my.domain.name/my.domain.name.csr' [Sat Mar 9 21:09:09 EST 2019] csrconf='/tmp/acme/my.domain.name//my.domain.name/my.domain.name.csr.conf' [Sat Mar 9 21:09:09 EST 2019] Single domain='my.domain.name' [Sat Mar 9 21:09:09 EST 2019] _is_idn_d='my.domain.name' [Sat Mar 9 21:09:09 EST 2019] _idn_temp [Sat Mar 9 21:09:09 EST 2019] _csr_cn='my.domain.name' [Sat Mar 9 21:09:09 EST 2019] Create CSR error. [Sat Mar 9 21:09:09 EST 2019] pid [Sat Mar 9 21:09:09 EST 2019] No need to restore nginx, skip. [Sat Mar 9 21:09:09 EST 2019] _clearupdns [Sat Mar 9 21:09:09 EST 2019] dnsadded [Sat Mar 9 21:09:09 EST 2019] vlist [Sat Mar 9 21:09:09 EST 2019] skip dns. [Sat Mar 9 21:09:09 EST 2019] _on_issue_err [Sat Mar 9 21:09:09 EST 2019] Please check log file for more details: /tmp/acme /my.domain.name/acme_issuecert.log [Sat Mar 9 21:09:09 EST 2019] _chk_vlist
-
so i went back into Services -> Acme -> Certificates and deleted everything. then went to Account Keys and deleted everything, and then recreated what was already there and it worked successfully. maybe try that?
-
I tried deleting all the settings in account keys and certificates and starting over but ended up with the same error. In the end I just reformatted the system and started from scratch. Everything is working great now. I just wish I knew what went wrong the first time.
-
having the same issue
installed acme package
tried issue a cert[Thu Sep 15 00:08:32 CEST 2022] Creating domain key [Thu Sep 15 00:08:32 CEST 2022] The domain key is here: /tmp/acme/vpn.datafund.io//vpn.blabla.com_ecc/vpn.blabla.com.key [Thu Sep 15 00:00:24 CEST 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory unable to load Private Key
i can confirm in shell that the file is there
and the same happens on rsa or ecdsa -
nevermind i solved it
didnt have the letsencrypt key.
I thought clicking save would create it