2098358032:error:09FFF06C:PEM routines:CRYPTO_internal:no start line:/usr/src/lib/libcrypto/pem/pem_lib.c:690:Expecting: ANY PRIVATE KEY

Question

2098358032:error:09FFF06C:PEM routines:CRYPTO_internal:no start line:/usr/src/lib/libcrypto/pem/pem_lib.c:690:Expecting: ANY PRIVATE KEY

user10012 opened this issue 7 years ago · comments

acme-client -vv mydomain.com
acme-client: /etc/acme/letsencrypt-privkey.pem: PEM_read_PrivateKeyacme-client: /etc/ssl/private/mydomain.key: loaded RSA domain key
2098358032:error:09FFF06C:PEM routines:CRYPTO_internal:no start line:/usr/src/lib/libcrypto/pem/pem_lib.c:690:Expecting: ANY PRIVATE KEY
acme-client: /etc/ssl/mydomain.crt: certificate valid: 37 days left
acme-client: bad exit: acctproc(63594): 1

This is a machine running obsd 6.1. I have another machine with 6.1 on which I generated the key/crt. I then copied them over to this machine (port 80 is blocked; it only runs https), upgraded it from 6.0 to 6.1 and tried to run acme-client.

Can acme-client renew certs if via my server running only on https?
Will this error prevent its renewal?
How can I eliminate this error?

user10012 · Answer 1 · Fri Aug 04 2017 23:38:12 GMT+0800 (China Standard Time)

SOLVED (at least functionally)
I think I found (part of) the problem: my account key is empty. But
acme-client -vvA mydomain
did not produce an account key.

I copied over the account key from my other machine and now acme-client works.

Why was I not able to create an account key? Is the reason due to my having made the private key on another machine?

user10012 · Answer 2 · Fri Aug 04 2017 23:41:00 GMT+0800 (China Standard Time)

and can acme-client update if the web server is only running https?
I am using apache, and the relevant part of my configuration file reads,
<Directory /var/www/htdocs/.well-known/acme-challenge>
Options None
AllowOverride None
Require all granted
Header add Content-Type text/plain

Is this correct?