Cert Creation Fails When Attempting CSR Submission

Dear Forum:

I am attempting to create a certificate using the certonly command. My web host has a control-panel SSL setup, for which they provide a CSR. I am attempting to generate the certificate using Ubuntu 18.04.2 LTS on Windows 10. I am able to log in to my server and have been able to test that it’s connecting using DNS TXT entries. Using the DNS TXT entries and Certbot in Ubuntu, I am able to successfully generate certificates, but my web host, again, requires that I use their CSR to generate the certificate. I am now attempting to do that using the command line given below. The errors I receive are detailed below the command. Please note that while I’m “comfortable” using command line, I don’t find the need to very often, and so I’m not as proficient as I’d like to be.

Please also note that my web host states the following in the control panel page that shows the text of the CSR: “…Ensure that when purchasing an SSL certificate “Apache mod_ssl” is selected…”

My domain is: www.wisconsinitguru.com

I ran this command, where the CSR was saved on my local computer in the directory that certbot generated the CSR files when I ran certbot with the DNS TXT verfication: sudo certbot -d www.wisconsinitguru.com --manual --csr /etc/letsencrypt/csr/csr.pem certonly

It produced this output:
usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] …

Certbot can obtain and install HTTPS/TLS/SSL certificates.  By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: argument --csr: No such file or directory

I then copied the csr.pem file to my server in the /etc/letsencrypt/csr/ directory, wondering if that was where certbot was looking for the PEM file. That attempt produced the following result:

usage:
  certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates.  By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: File not found: sr

My web server is (include version): Apache, version unknown

The operating system my web server runs on is (include version): Linux 5.0.2.328-1

My hosting provider is: Aplus.Net / Deluxe

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Yes, default control panel, version unknown.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): Certbot 0.31.0

Here’s the CSR file contents, also included in the directory listed above:
-----BEGIN CERTIFICATE REQUEST-----
MIIC0jCCAboCAQAwgYwxCzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlXaXNjb25zaW4x
GDAWBgNVBAcTD1BvcnQgV2FzaGluZ3RvbjEeMBwGA1UEChMVVGhlIFdpc2NvbnNp
biBJVCBHdXJ1MREwDwYDVQQLEwhJbnRlcm5ldDEcMBoGA1UEAxMTd2lzY29uc2lu
aXRndXJ1LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK+sdiA8
H7n9NU/eurCXMERgMQsH8RDrlGZ4+PLIiOy4xkFnrRCMMXvptIQxp4Jc5zQe9Qhf
nVm7XQRz923FsCgNLR7E0FRjOjXY+wXjaBUNP5ET2H58qHY3Wz63/I+k/3YfocHS
5yW9f7Ciltl58xtkc1ew6qoL9xAqk/WafV6Qiq2LKj6lxzf+aPgbhSxRJCfsw3R6
pwVzTEGASh6PgImia4PnX1aB/+WaiUbV3drvkiAgwew7mUfv/lndrUMSIQlBisss
u9ha5IM37xT+fSI8nvRlpt6X/dtfdqSujH1XtHIrDBNMALGbWkwm+LjgQcGYSEcs
x3xzuraEUgVkSK8CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQCjZ8QZkHtDTTT+
wqbFcOJIADNutZbS6ZAnBhjd0QpFOhcJzxJ50phPtwWsljXEZntIidSdNNaxQHL2
czuoWuNOB1CUFmYyS54VswXjMQL+DyjMOMv8H5sljE+Zhw3yWRMEibjZbzz15Oi6
3DqUDVsPOAJsACGZy4gK4n8QgycsO5CZJXLluG2ys84R7IUZts6MP2LzE7Lv8Zl7
ORY/4JYwu5vHJZMLCKry7L70FTGw8gBZmlbG6Ng6lu51p8sVf/e3sqMVsK2w/6Dh
xUrRfFAnB223S69yqwtlcmkaIux1z2beavHLKpE0XbBkKvBsSaNz18yE3u+px9Zy
+I7H/Vp2
-----END CERTIFICATE REQUEST-----

Any help you could provide would be greatly appreciated.

Thanks!

Brian

Hi @wiscitguy

looks like a typo - csr.pem is your file name.

Share always the complete command.

Hi @wiscitguy,

I would just like to point out that this is not the way that Let's Encrypt is meant to be used; the intended application of Let's Encrypt is to request a certificate directly from the web server, using automated software. While you're certainly allowed to use Let's Encrypt the way that you're doing, it's probably going to be a lot of extra effort compared to a proper hosting provider integration.

If you'd like to continue down this manual path, I agree with @JuergenAuer that we need to see the exact command that you ran that produced the most recent error message.

Guys,

Thanks for your replies. That is not a type-o. Please see the attached image for the output from my Ubuntu window.

Also, please note that the first attempt was before I copied the PEM file to my server - the second attempt was after.

[Edit: added extra info.]

Brian

There is a typo:

- d

with a space between - and d.

Must be

-d

PS: And there is a second typo:

-csr

instead of

--csr

So -c is the parameter and sr is the value.

1 Like

Juergen,

You are indeed correct. Thanks for catching that! I tried correcting the command, and I get the same error as in the first attempt, listed above. Here’s a screenshot of the output, as well as images showing that I have the PEM file in both the local folder where I believe it should be, and on my server.

Brian

Your directory starts with /public, not with /etc.

Yes, that is because the root on my server is the /public directory. In spite of that, I attempted pre-pending public to the directory string and got the same error.

Brian

If you use such a "mixed configuration", use ls and other basic linux commands to find the correct place.

Juergen,

I apologize, but I am not familiar with using ls and other basic linux commands. I’m sure that is part of the reason I’m having the problems and have asked for help.

Can you provide any guidance on how to use the ls command to get the information I need?

Brian

Dear Forum Users,

Does anyone else have any input on this matter? I’m still in need of assistance.

Brian

If you’re going to administer a Unix system, I would suggest looking for some introductory Unix tutorials and learning a bit more about it. In many cases, you’ll have to do some tasks that can’t simply be done over FTP. (One possibility that I remember is the FLOSS Manuals “Introduction to the Command Line”, which seemed pretty well-done.)

In this case, you might try something like

sudo find / -name csr.pem

in order to figure out where the csr.pem file really ended up on this server.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.