Creating cert. > message: Please enter password with the systemd-tty-ask-password-agent tool! (?)

Hello,

I had this problem with a not starting server, after I deleted my le cert.
( After del. certificate, IP out of reach - #13 by andytechy )

I have resolved the problem by simply installing an openSSL cert.

Now, I want to install a new letsencrypt cert.

And when running certbot, and choosing the domain I want a cert for (1,2)
I get the strange message:
Please enter password with the systemd-tty-ask-password-agent tool!

which I have never gotten before.

I ask myself what password the system asks for.

Any idea what I shall do here?

[I must say that there is a short passphrase, which I have to type in when for ex. restarting httpd, but I don't think it has sth do with it. At least, it won't work when I type it in.]

That's weird. Certbot does not use passwords for the certificate/private keys. And also it isn't in the process of doing anything with an issued cert yet.

To me, it looks like you're using a password protected private key currently in your webserver setup, maybe when you fixed your webserver previously using th "OpenSSL cert". And you're probably using the nginx or apache authenticator plugin for the challenges, so nginx or Apache gets restarted.. And at that restart, it probably requires the password for the "OpenSSL cert".

Am I close?

6 Likes

I think yes.
There is a very short passphrase, which I created with openSSL.

However, typing that in here, leads to nothing.
(it even shows me the passphrase in clear letters, instead of hidden in **, which is act. untypical)

I'm not sure ifpretty sure Certbot doesn't even support such a thing, entering a password during the process.

If the password is for the self signed "OpenSSL cert" which you generated purely for repairing your webserver, you might as well remove that password altogether. Password protecting a relatively useless self signed cert isn't very helpful IMO.

4 Likes

I concur with @Osiris's perception. Is your website accessible and would you be willing to share the domain name?

2 Likes

I'm sorry, me and a friend are trying to do something new here (a new 'idea'), and the development has not come to a total end.

That's why I can't share the url at this very moment.

Just remove the password.

2 Likes

How would I do that?
Is there a command for this (openssl),
or inside of one of the files?

Edit: Ok, googled a little.
Will try that,
thanks.

1 Like

That would not be very secure :wink: :stuck_out_tongue:

But indeed, Google is your friend here, I don't know how it works exactly, but I guess it has something to do with combining -in <yourprivatekey> -nodes -out <privatekeywithoutpassword> or something similar, using the correct OpenSSL module of course.

4 Likes

Please show the complete certbot command used.

1 Like

sudo certbot

Figured the problem.
I had changed the domain name inside the httpd-le-ssl.conf file,
and this has caused this problem.

Once I changed the domains back (to old / default domain), the problem was gone and I was able to install the certificate.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.