Hello,

Thanks for your work, PHP Fatal error: Uncaught Exception: Could not load account key: 'account_key.pem ' (error:0E06D06C:configuration file routines:NCONF_get_string:no value)

Do you know what is wrong ?

I'm using a WAMP Server with php 7.3

Thank you,

Hello !

It looks like there is a problem with the OpenSSL configuration file openssl.cnf.

Check the output of phpinfo() for 'Openssl default config' to find the location of openssl.cnf.

You could temporarily replace it by https://github.com/openssl/openssl/blob/master/apps/openssl.cnf to test if this solves the problem.

Hello,

Thank you for your message, i just try it, but still same issues,
I'm using a Wamp server in Windows, maybe there some changes to do .

I'm still looking for it .

Thank you .

From the error message "Could not load account key" it seems the function openssl_pkey_get_private fails, so let's test that isolated:

What do you get when running the following code?

error_reporting(E_ALL);

$ret=openssl_pkey_get_private('-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDL6/5QF6PE/qVC2jdhs3HNSid+AwFLMBICPKIwO0M3xz/3iGNG
6kAHSTSnG7vvbDHCDJEmGiwB/NP0/x9tT2qYPXwshVlVh/VxvBfyuloTc0Zqzm5j
dRVnht0Be1OSJV1SNvz10p/ut96hL6XWpjzXa5Q7vUJBXYNOh7+fbcApeQIDAQAB
AoGBALGTilxYmaZ8UZFL0Zpk1x78CjPzjfbZn3UPM/VoRfqWqh92R22Do8o0d4Nl
5VxzDUl8BBH4DIaWkkTwvX9E/v6RzL+/Daxp3PQtrKOjfBxGZbvmqXt0PIQfGBwX
pOyHopuHuNdeAtyNNwbBvnWOSiHHaXevo6cs0BNjWvMIpRj5AkEA6lid8Pubg+tH
erbzaKOtG+AQYxSVSlRgdEv2qxKhj+ETu4igHvKqt2lG+zCFATjXp5RzwkZQCK9o
O1DJsfX2CwJBAN7DsvyN1XhwIBHqk9KmsR22oyPZ6HITu9SwhIe0wFVA8lTJLodb
XONiRS5u2D1et8x9UEdMVQUXy2edabE9JQsCQHIBuJzDGy47aSPXG2W9svrLr80z
90kY8W/CgPdK8hR4EEx8tEE6FzlxWxnayeoFSEz7mLFb2ZXQF+o7bFRKb28CQHvd
g3PNBer/JcXwkpuqFof4GwR/UTHFaUbdlAPFbMC66URdzWJ0WdURungUKGcPeNHa
yD2s4wV+8po9vBxSbHsCQFOvZS304GQQeUBvMRj9mQgMYiDtYD+lKqaQHuYK+CbV
2fgI3QaubjJ6orhjjhLAaJlXqpaPvcDyI5piNXIhK0w=
-----END RSA PRIVATE KEY-----');

while(false!==($msg=openssl_error_string())){
	var_dump($msg);
}

var_dump($ret);

Hello,

Thank for your message, I try what you just said, and it's give me the following :

string 'error:140E0197:SSL routines:SSL_shutdown:shutdown while in init' (length=63)
resource(3, OpenSSL key)

Do you know what that's mean exactly ?

Thank you .

Edit : I try it once again, now i only have resource(3, OpenSSL key), it's seems to work propely .

If you got resource(3, OpenSSL key) it indeed worked properly!

So there must be a problem with the key you used with loadAccountKey.

What do you get when running the following code? (Make sure you use the same account_key.pem you used with loadAccountKey when you got the error 0E06D06C)

error_reporting(E_ALL);

$ret=openssl_pkey_get_private('file://account_key.pem');

while(false!==($msg=openssl_error_string())){
	var_dump($msg);
}

var_dump($ret);

If you get the same error 0E06D06C again:

• How did you generate the key?
• Is it a RSA-Key?
• How many bits has it?

I too am getting an error when running loadAccountKey. I tried the above code with my .pem file and get 'error:0906D06C:PEM routines:PEM_read_bio:no start line'

When I load the PEM file RSA private key directly as a string into the code as in your first suggestion, I get the resource(2, OpenSSL key)

I generated my key via the $key=$ac->generateRSAKey(2048);

Thoughts?

Hello @wilsmex,

Does it work if you replace:

$ac->loadAccountKey('file://account_key.pem');

with:

$ac->loadAccountKey(preg_replace('/[\x00-\x09\x0b-\x1f\x7f-\xff]/','',file_get_contents('account_key.pem')));

?

(My guess is that there is maybe a UTF-8 BOM header at the beginning of your .pem file)

@skoerfgen Bingo! That did the trick. Sorry for the delay here, was off on holiday for past week.

@wilsmex Nice to hear it worked out!

(Hint: If you use file_put_contents to save the generated key directly the problem does not occur.)

Just to rule out another thing:
Are you using

$ac->loadAccountKey('account_key.pem'); // WRONG !!

or

$ac->loadAccountKey('file://account_key.pem'); // Correct

Oddly enough, that's the method Im using.

$key=$ac->generateRSAKey(2048);
file_put_contents('key_dir',$key);

Unrelated, (as I'm brand new to this whole certificate stuff). Is this script using the '1 domain per certificate' or does it bundle all of the domains I specify into 1 cert (up to 100)? If the latter, and say I generate a cert for 10 domains but then need to add an 11th a day or two later, do I just request a new certificate, or is there an 'add domain' to the existing cert?

This is indeed strange!

What does it output if you run:

$key=$ac->generateRSAKey(2048);
file_put_contents('key_dir',$key);
try {
	$ac->loadAccountKey('file://key_dir');
	echo 'it worked!';
}catch(Exception $e){
	echo bin2hex(file_get_contents('key_dir'));
}

getCertificateChain outputs only one certificate, so all domains listed in $domain_config get bundled into one. If you want to add another domain to an existing certificate just request a new one (same for renewal). (There is no 'add domain' functionality in the ACME protocol.)

Big giant hex of key, doesn't look unusual. (stripped out big section with ......)
2d2d2d2d2d424547494e2050524956415445204b45592d2d2d2d2d0a4d494945774149424144414e42676b71686b6947397730424151454641415343424b6f776767536d41674541416f494241514431564e647177436941483842440a59583175695336445343352b596574366666464a54786b3343584b4f702f716835466f62425a3333512b694532666e567444504336712b6976505756373879530a68513638334766525330534130444d3249744d326157466e6c4d58563277356865694f586d6154565661484250564431424e446f325a4b795570674d533250430a7467436149464d4f476a6c61414c786f4b7342394731335833575a503953703333765448727a6c
.........
6a73610a312f3838664c483838726b43675945412b484f52663959434c71663041706241514a566c5963526a4c6972624e72524138574a6d3530644b37443942577967520a78764147454d2f414d427a75347a7944516c4d45786f49643957743958616f4378507857736d6c6f35496a506546784d4d42327a7078712b6e414142494538770a6c44543167336e4a633949744175372f4e334951636e6278573242482f4975315a7675664c6f6a52454c756f7a4e53564b7574626e55587a67425543675945410a697738677a703232365479584f5676487a32673275576a7549435264384832326b415145546c72446e326d66495a79495252556f5a676275634a65733943686b0a3749457450343970617244455373717352704557306b5347744a594a445a3676345a487463474153512f6a5758554358424655704e6159574c7755364e6d6e460a50332b73386276415839515a45456369593452734869484848796a6f4b5a6f68782b444b30477779487745436759454172306a6c492b346273494b71515654690a2b386764777667667333615a4b32307468427478337469615878704f333544394f78304e593478346c624e324c4e426f2b56375a2f314163463737336a4b6a2b0a5847656246754c44733371356155694a306355733678783378476251666d685038304a50544a345151423370544b4e7730657435696c517274666a63346f7a470a4449694956642b613342566a4b7066413678373344513567384f303d0a2d2d2d2d2d454e442050524956415445204b45592d2d2d2d2d0a

Ok, this looks like a valid key, very strange..

And it works if you run the following?

$key=$ac->generateRSAKey(2048);
file_put_contents('key_dir',$key);
try {
	$ac->loadAccountKey(preg_replace('/[\x00-\x09\x0b-\x1f\x7f-\xff]/','',file_get_contents('key_dir')));
	echo 'it worked!';
}catch(Exception $e){
	echo 'failed: '.$e->getMessage();
}

Oh wow, I just figured what I was doing wrong. Facepalm. I wasn't adding the 'file://', as I had my key file path setup in a variable, I was just adding that variable assuming that the file:// was just an 'arbitrary path' placeholder to the key file.

I was just doing:
$ac->loadAccountKey($keyfile_path);
which is why when I changed to:
$ac->loadAccountKey(file_get_contents($keyfile_path));
or
$ac->loadAccountKey("file://".$keyfile_path);

Things worked. Sorry for the trouble and thanks for helping me troubleshoot that!

@wilsmex I see! Sometimes it's the simple things :)

I'll update the README next weekend to make this more clear, it isn't indeed obvious.

Thanks!