Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    New Install unable to load Private Key

    Scheduled Pinned Locked Moved ACME
    6 Posts 3 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      Demigawd
      last edited by

      Hello everyone, I am hoping someone can help me with a problem that has me banging my head against the wall for the past 2 days.

      I have recently installed pfSense and have been able to get everything working but the ACME package. I have created an account key and registered it with Let's Encrypt and configured ACME to use DNS-API for Godaddy, but when ever I try to issue a license I get an error that says

      unable to load Private Key
      34380794936:error:0906D06C:PEM routines:PEM_read_bio:no start line:/build/ce-crossbuild-244/pfSense/tmp/FreeBSD-src/crypto/openssl/crypto/pem/pem_lib.c:708:Expecting: ANY PRIVATE KEY
      [Fri Mar 8 12:24:11 CST 2019] Create CSR error.

      I am at a loss and any help would be appreciated.

      1 Reply Last reply Reply Quote 0
      • B
        blundr
        last edited by

        I'm having the same issue at Demigawd.

        I've tried using dns-only, http standalone server and a few other options. Each time I receive create CSR error message. Here's a copy of the log:

        [Sat Mar  9 21:09:09 EST 2019] readlink exists=0
[Sat Mar  9 21:09:09 EST 2019] dirname exists=0
[Sat Mar  9 21:09:09 EST 2019] Lets find script dir.
[Sat Mar  9 21:09:09 EST 2019] _SCRIPT_='/usr/local/pkg/acme/acme.sh'
[Sat Mar  9 21:09:09 EST 2019] _script='/usr/local/pkg/acme/acme.sh'
[Sat Mar  9 21:09:09 EST 2019] _script_home='/usr/local/pkg/acme'
[Sat Mar  9 21:09:09 EST 2019] Using config home:/tmp/acme/my.domain.name
/
[Sat Mar  9 21:09:09 EST 2019] APP
[Sat Mar  9 21:09:09 EST 2019] 3:LOG_FILE='/tmp/acme/my.domain.name/acme_
issuecert.log'
[Sat Mar  9 21:09:09 EST 2019] APP
[Sat Mar  9 21:09:09 EST 2019] 4:LOG_LEVEL='3'
[Sat Mar  9 21:09:09 EST 2019] LE_WORKING_DIR='/tmp/acme/my.domain.name/'
[Sat Mar  9 21:09:09 EST 2019] _main_domain='my.domain.name'
[Sat Mar  9 21:09:09 EST 2019] _alt_domains='no'
[Sat Mar  9 21:09:09 EST 2019] Using config home:/tmp/acme/my.domain.name
/
[Sat Mar  9 21:09:09 EST 2019] ACME_DIRECTORY='https://acme-v01.api.letsencrypt.
org/directory'
[Sat Mar  9 21:09:09 EST 2019] _ACME_SERVER_HOST='acme-v01.api.letsencrypt.org'
[Sat Mar  9 21:09:09 EST 2019] CA_CONF='/tmp/acme/my.domain.name//ca/acme
-v01.api.letsencrypt.org/ca.conf'
[Sat Mar  9 21:09:09 EST 2019] DOMAIN_PATH='/tmp/acme/my.domain.name//alg
onquin.mnelson.org'
[Sat Mar  9 21:09:09 EST 2019] 'no' does not contain 'dns'
[Sat Mar  9 21:09:09 EST 2019] Using ACME_DIRECTORY: https://acme-v01.api.letsen
crypt.org/directory
[Sat Mar  9 21:09:09 EST 2019] _init api for server: https://acme-v01.api.letsen
crypt.org/directory
[Sat Mar  9 21:09:09 EST 2019] GET
[Sat Mar  9 21:09:09 EST 2019] url='https://acme-v01.api.letsencrypt.org/directo
ry'
[Sat Mar  9 21:09:09 EST 2019] timeout=
[Sat Mar  9 21:09:09 EST 2019] curl exists=0
[Sat Mar  9 21:09:09 EST 2019] wget exists=127
[Sat Mar  9 21:09:09 EST 2019] _CURL='curl -L --silent --dump-header /tmp/acme/my.domain.name//http.header  -g '
[Sat Mar  9 21:09:09 EST 2019] ret='0'
[Sat Mar  9 21:09:09 EST 2019] response='{
  "ZmsbH9X_HGw": "https://community.letsencrypt.org/t/adding-random-entries-to-t
he-directory/33417",
  "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.2-November-1
5-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",
  "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",
  "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",
  "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"
}'
[Sat Mar  9 21:09:09 EST 2019] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt
.org/acme/key-change'
[Sat Mar  9 21:09:09 EST 2019] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.
org/acme/new-authz'
[Sat Mar  9 21:09:09 EST 2019] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.
org/acme/new-cert'
[Sat Mar  9 21:09:09 EST 2019] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencryp
t.org/acme/new-reg'
[Sat Mar  9 21:09:09 EST 2019] ACME_REVOKE_CERT='https://acme-v01.api.letsencryp
t.org/acme/revoke-cert'
[Sat Mar  9 21:09:09 EST 2019] ACME_AGREEMENT='https://letsencrypt.org/documents
/LE-SA-v1.2-November-15-2017.pdf'
[Sat Mar  9 21:09:09 EST 2019] ACME_NEW_NONCE
[Sat Mar  9 21:09:09 EST 2019] ACME_VERSION
[Sat Mar  9 21:09:09 EST 2019] Le_NextRenewTime
[Sat Mar  9 21:09:09 EST 2019] OK
[Sat Mar  9 21:09:09 EST 2019] 1:Le_Domain='my.domain.name'
[Sat Mar  9 21:09:09 EST 2019] OK
[Sat Mar  9 21:09:09 EST 2019] 2:Le_Alt='no'
[Sat Mar  9 21:09:09 EST 2019] OK
[Sat Mar  9 21:09:09 EST 2019] 3:Le_Webroot='no'
[Sat Mar  9 21:09:09 EST 2019] OK
[Sat Mar  9 21:09:09 EST 2019] 4:Le_PreHook=''
[Sat Mar  9 21:09:09 EST 2019] OK
[Sat Mar  9 21:09:09 EST 2019] 5:Le_PostHook=''
[Sat Mar  9 21:09:09 EST 2019] OK
[Sat Mar  9 21:09:09 EST 2019] 6:Le_RenewHook=''
[Sat Mar  9 21:09:09 EST 2019] OK
[Sat Mar  9 21:09:09 EST 2019] 7:Le_API='https://acme-v01.api.letsencrypt.org/directory'
[Sat Mar  9 21:09:09 EST 2019] _on_before_issue
[Sat Mar  9 21:09:09 EST 2019] _chk_main_domain='my.domain.name'
[Sat Mar  9 21:09:09 EST 2019] _chk_alt_domains
[Sat Mar  9 21:09:09 EST 2019] 'no' contains 'no'
[Sat Mar  9 21:09:09 EST 2019] socat exists=0
[Sat Mar  9 21:09:09 EST 2019] Le_LocalAddress
[Sat Mar  9 21:09:09 EST 2019] d='my.domain.name'
[Sat Mar  9 21:09:09 EST 2019] Check for domain='my.domain.name'
[Sat Mar  9 21:09:09 EST 2019] _currentRoot='no'
[Sat Mar  9 21:09:09 EST 2019] Standalone mode.
[Sat Mar  9 21:09:09 EST 2019] APP
[Sat Mar  9 21:09:09 EST 2019] 8:Le_HTTPPort='8082'
[Sat Mar  9 21:09:09 EST 2019] _checkport='8082'
[Sat Mar  9 21:09:09 EST 2019] _checkaddr
[Sat Mar  9 21:09:09 EST 2019] ss exists=127
[Sat Mar  9 21:09:09 EST 2019] netstat exists=0
[Sat Mar  9 21:09:09 EST 2019] Using: netstat
[Sat Mar  9 21:09:09 EST 2019] d
[Sat Mar  9 21:09:09 EST 2019] 'no' does not contain 'apache'
[Sat Mar  9 21:09:09 EST 2019] _saved_account_key_hash='somekeyhash'
[Sat Mar  9 21:09:09 EST 2019] base64 single line.
[Sat Mar  9 21:09:09 EST 2019] _saved_account_key_hash is not changed, skip register account.
[Sat Mar  9 21:09:09 EST 2019] Read key length:
[Sat Mar  9 21:09:09 EST 2019] _createcsr
[Sat Mar  9 21:09:09 EST 2019] domain='my.domain.name'
[Sat Mar  9 21:09:09 EST 2019] domainlist
[Sat Mar  9 21:09:09 EST 2019] csrkey='/tmp/acme/my.domain.name//my.domain.name/my.domain.name.key'
[Sat Mar  9 21:09:09 EST 2019] csr='/tmp/acme/my.domain.name//my.domain.name/my.domain.name.csr'
[Sat Mar  9 21:09:09 EST 2019] csrconf='/tmp/acme/my.domain.name//my.domain.name/my.domain.name.csr.conf'
[Sat Mar  9 21:09:09 EST 2019] Single domain='my.domain.name'
[Sat Mar  9 21:09:09 EST 2019] _is_idn_d='my.domain.name'
[Sat Mar  9 21:09:09 EST 2019] _idn_temp
[Sat Mar  9 21:09:09 EST 2019] _csr_cn='my.domain.name'
[Sat Mar  9 21:09:09 EST 2019] Create CSR error.
[Sat Mar  9 21:09:09 EST 2019] pid
[Sat Mar  9 21:09:09 EST 2019] No need to restore nginx, skip.
[Sat Mar  9 21:09:09 EST 2019] _clearupdns
[Sat Mar  9 21:09:09 EST 2019] dnsadded
[Sat Mar  9 21:09:09 EST 2019] vlist
[Sat Mar  9 21:09:09 EST 2019] skip dns.
[Sat Mar  9 21:09:09 EST 2019] _on_issue_err
[Sat Mar  9 21:09:09 EST 2019] Please check log file for more details: /tmp/acme
/my.domain.name/acme_issuecert.log
[Sat Mar  9 21:09:09 EST 2019] _chk_vlist
        1 Reply Last reply Reply Quote 0
        • B
          blundr
          last edited by

          so i went back into Services -> Acme -> Certificates and deleted everything. then went to Account Keys and deleted everything, and then recreated what was already there and it worked successfully. maybe try that?

          1 Reply Last reply Reply Quote 0
          • D
            Demigawd
            last edited by

            I tried deleting all the settings in account keys and certificates and starting over but ended up with the same error. In the end I just reformatted the system and started from scratch. Everything is working great now. I just wish I knew what went wrong the first time.

            1 Reply Last reply Reply Quote 0
            • D
              darkobas
              last edited by darkobas

              having the same issue
              installed acme package
              tried issue a cert

              [Thu Sep 15 00:08:32 CEST 2022] Creating domain key
[Thu Sep 15 00:08:32 CEST 2022] The domain key is here: /tmp/acme/vpn.datafund.io//vpn.blabla.com_ecc/vpn.blabla.com.key


[Thu Sep 15 00:00:24 CEST 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
unable to load Private Key

              i can confirm in shell that the file is there
              and the same happens on rsa or ecdsa

              D 1 Reply Last reply Reply Quote 0
              • D
                darkobas @darkobas
                last edited by

                nevermind i solved it
                didnt have the letsencrypt key.
                I thought clicking save would create it

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.