140602:Expecting: ANY PRIVATE KEY

So I am trying to get two domains registered and im hitting this problem.

Command I run (as su):
./acme.sh --issue -d staging.flutter.tours -d karmagrade.com -w /usr/share/nginx/html --force --debug

[Sun Feb 14 02:50:11 UTC 2021] Multi domain='DNS:staging.flutter.tours,DNS:karmagrade.com'

unable to load Private Key

140602583942992:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:707:Expecting: ANY PRIVATE KEY

[Sun Feb 14 02:50:11 UTC 2021] Create CSR error.

[Sun Feb 14 02:50:11 UTC 2021] pid

[Sun Feb 14 02:50:11 UTC 2021] No need to restore nginx, skip.

[Sun Feb 14 02:50:11 UTC 2021] _clearupdns

[Sun Feb 14 02:50:11 UTC 2021] dns_entries

[Sun Feb 14 02:50:11 UTC 2021] skip dns.

[Sun Feb 14 02:50:11 UTC 2021] _on_issue_err

[Sun Feb 14 02:50:11 UTC 2021] Please add '--debug' or '--log' to check more details.

[Sun Feb 14 02:50:11 UTC 2021] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub

I've read the other "private key" topics ... and I dont get them either LOL.

What am I missing?

1 Like

First: Using --force is kind of a last resort; I don't see how adding that to the command above improves your situation.
[you can't force it to read the private key]

Let's have a look at which certs are currently maintained by acme.sh with:
./acme.sh --list


This is what I see with --list

Main_Domain KeyLength SAN_Domains CA Created Renew
karmagrade.com "" no LetsEncrypt.org
staging.flutter.tours "" karmagrade.com LetsEncrypt.org Sat Feb 13 03:14:48 UTC 2021 Wed Apr 14 03:14:48 UTC 2021

1 Like

Your private key file is missing or not accessible?

Check in the path where your cert file for this domain is kept (as per your nginx cert config).

If the private .key file is indeed missing I wonder if you might be best to remove this configuration and start again, alternatively create a new private key file (look where the rest of your cert files are being created) or copy a different one.


Thanks. How do I remove the configuration exactly?

Figured it out.
just removed ~/.acme.sh/ and started again.

1 Like

Please make note of the rate limits applicable if you haven't done so already: Rate Limits - Let's Encrypt - Free SSL/TLS Certificates

It might not be relevant in this specific case, but removing previously issued certificates carelessly by removing entire directories from an ACME client, such as in this case, might lead to rate limit issues. I'm not saying you'd do that in the future, but I thought it might be a good idea to warn you and/or other people finding this thread anyway :slight_smile:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.