Error creating certs


#1

Hi
I have the same issue like described here but cannot find any invalid cert.

I tested all with this commands.

check keys

find /etc/letsencrypt/live/ -name “privkey*.pem” -print0 | xargs -0 -i openssl rsa -in {} -check

check certs

find /etc/letsencrypt/live/ -name “fullchain*.pem” -print0 | xargs -0 -i openssl x509 -in {} -text -noout
find /etc/letsencrypt/live/ -name “cert*.pem” -print0 | xargs -0 -i openssl x509 -in {} -text -noout
find /etc/letsencrypt/live/ -name “chain*.pem” -print0 | xargs -0 -i openssl x509 -in {} -text -noout

check csrs

find /etc/letsencrypt/csr -name “*.pem” -print0 | xargs -0 -i openssl req -in {} -text -noout

this command failes

./letsencrypt-auto certonly --webroot -w /tmp/letsencrypt -d test-cert1.review.agricircle.com --email somemail@gmx.net --text --agree-tos

[(‘PEM routines’, ‘PEM_read_bio’, ‘no start line’)]
Traceback (most recent call last):
File “/router/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/crypto_util.py”, line 260, in _load_cert_or_req
return load_func(typ, cert_or_req_str)
File “/router/.local/share/letsencrypt/local/lib/python2.7/site-packages/OpenSSL/crypto.py”, line 1661, in load_certificate
_raise_current_error()
File “/router/.local/share/letsencrypt/local/lib/python2.7/site-packages/OpenSSL/_util.py”, line 48, in exception_from_error_queue
raise exception_type(errors)
Error: [(‘PEM routines’, ‘PEM_read_bio’, ‘no start line’)]

System Debian 4.4.0-53-generic


#2

I solved the problem. i had to run 'letsencrypt-auto renew --dry-run’
0 renew failure(s), 1 parse failure(s)

then i removed the config with a parse failure. This is pretty annoying since this breaks all other things as well.


#3

What was the config causing the parse failure ?


#4

the same failure that was happening for all other letsencrypt commands before.


Processing /etc/letsencrypt/renewal/example.com.conf

[(‘PEM routines’, ‘PEM_read_bio’, ‘no start line’)]
Traceback (most recent call last):
File “/router/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/crypto_util.py”, line 260, in _load_cert_or_req
return load_func(typ, cert_or_req_str)
File “/router/.local/share/letsencrypt/local/lib/python2.7/site-packages/OpenSSL/crypto.py”, line 1661, in load_certificate
_raise_current_error()
File “/router/.local/share/letsencrypt/local/lib/python2.7/site-packages/OpenSSL/_util.py”, line 48, in exception_from_error_queue
raise exception_type(errors)
Error: [(‘PEM routines’, ‘PEM_read_bio’, ‘no start line’)]
Renewal configuration file /etc/letsencrypt/renewal/insurance.develop.review.agricircle.com.conf produced an unexpected error: [(‘PEM routines’, ‘PEM_read_bio’, ‘no start line’)]. Skipping.


#5

I guess @serverco may have been helping to find out the content of that file (in order to understand why it failed to parse).


#6

Fortunately i made a backup before i deleted the file :wink:
I compared it to a working one and found no issue at all.

renew_before_expiry = 30 days

version = 0.9.3
cert = /etc/letsencrypt/live/insurance.develop.example.com/cert.pem
privkey = /etc/letsencrypt/live/insurance.develop.example.com/privkey.pem
chain = /etc/letsencrypt/live/insurance.develop.example.com/chain.pem
fullchain = /etc/letsencrypt/live/insurance.develop.example.com/fullchain.pem

# Options used in the renewal process
[renewalparams]
authenticator = webroot
installer = None
account = fagd651afg654sadg65asdf5
webroot_path = /tmp/letsencrypt,
[[webroot_map]]
api.develop.example.com = /tmp/letsencrypt

#7

The only thing that strikes me as slightly odd is the comma at the end of the webroot_path


#8

Same for me but i have this comma also in valid configs.


#9

The comma is OK. It’s the way the library we use signifies webroot_path is a list, but Certbot understands the value whether the file has a comma or not.

I followed up on GitHub asking for a complete log of the issue.


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.