Hi
I have the same issue like described here but cannot find any invalid cert.
I tested all with this commands.
check keys
find /etc/letsencrypt/live/ -name "privkey*.pem" -print0 | xargs -0 -i openssl rsa -in {} -check
check certs
find /etc/letsencrypt/live/ -name "fullchain*.pem" -print0 | xargs -0 -i openssl x509 -in {} -text -noout
find /etc/letsencrypt/live/ -name "cert*.pem" -print0 | xargs -0 -i openssl x509 -in {} -text -noout
find /etc/letsencrypt/live/ -name "chain*.pem" -print0 | xargs -0 -i openssl x509 -in {} -text -noout
check csrs
find /etc/letsencrypt/csr -name "*.pem" -print0 | xargs -0 -i openssl req -in {} -text -noout
this command failes
./letsencrypt-auto certonly --webroot -w /tmp/letsencrypt -d test-cert1.review.agricircle.com --email somemail@gmx.net --text --agree-tos
[('PEM routines', 'PEM_read_bio', 'no start line')]
Traceback (most recent call last):
File "/router/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/crypto_util.py", line 260, in _load_cert_or_req
return load_func(typ, cert_or_req_str)
File "/router/.local/share/letsencrypt/local/lib/python2.7/site-packages/OpenSSL/crypto.py", line 1661, in load_certificate
_raise_current_error()
File "/router/.local/share/letsencrypt/local/lib/python2.7/site-packages/OpenSSL/_util.py", line 48, in exception_from_error_queue
raise exception_type(errors)
Error: [('PEM routines', 'PEM_read_bio', 'no start line')]
System Debian 4.4.0-53-generic
I solved the problem. i had to run 'letsencrypt-auto renew --dry-run’
0 renew failure(s), 1 parse failure(s)
then i removed the config with a parse failure. This is pretty annoying since this breaks all other things as well.
What was the config causing the parse failure ?
the same failure that was happening for all other letsencrypt commands before.
Processing /etc/letsencrypt/renewal/example.com.conf
[(‘PEM routines’, ‘PEM_read_bio’, ‘no start line’)]
Traceback (most recent call last):
File “/router/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/crypto_util.py”, line 260, in _load_cert_or_req
return load_func(typ, cert_or_req_str)
File “/router/.local/share/letsencrypt/local/lib/python2.7/site-packages/OpenSSL/crypto.py”, line 1661, in load_certificate
_raise_current_error()
File “/router/.local/share/letsencrypt/local/lib/python2.7/site-packages/OpenSSL/_util.py”, line 48, in exception_from_error_queue
raise exception_type(errors)
Error: [(‘PEM routines’, ‘PEM_read_bio’, ‘no start line’)]
Renewal configuration file /etc/letsencrypt/renewal/insurance.develop.review.agricircle.com.conf produced an unexpected error: [(‘PEM routines’, ‘PEM_read_bio’, ‘no start line’)]. Skipping.
schoen
February 1, 2017, 8:25pm
5
I guess @serverco may have been helping to find out the content of that file (in order to understand why it failed to parse).
1 Like
Fortunately i made a backup before i deleted the file
I compared it to a working one and found no issue at all.
renew_before_expiry = 30 days
version = 0.9.3
cert = /etc/letsencrypt/live/insurance.develop.example.com/cert.pem
privkey = /etc/letsencrypt/live/insurance.develop.example.com/privkey.pem
chain = /etc/letsencrypt/live/insurance.develop.example.com/chain.pem
fullchain = /etc/letsencrypt/live/insurance.develop.example.com/fullchain.pem
# Options used in the renewal process
[renewalparams]
authenticator = webroot
installer = None
account = fagd651afg654sadg65asdf5
webroot_path = /tmp/letsencrypt,
[[webroot_map]]
api.develop.example.com = /tmp/letsencrypt
The only thing that strikes me as slightly odd is the comma at the end of the webroot_path
Same for me but i have this comma also in valid configs.
bmw
February 3, 2017, 12:15am
9
The comma is OK. It’s the way the library we use signifies webroot_path
is a list, but Certbot understands the value whether the file has a comma or not.
I followed up on GitHub asking for a complete log of the issue.
1 Like
system
Closed
March 5, 2017, 12:21am
10
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.