ERROR:letsencrypt.crypto_util:[('PEM routines', 'PEM_read_bio', 'no start line')]


#1

Hi,

I’m trying to issue a new certificate on my ubuntu server. I did it many times for about 10 domains on this machine. But now it stop working.

I use this command:
/root/letsencrypt/letsencrypt-auto certonly --apache -d philip.ps -d www.philip.ps

The letsencrypt.log contains following lines:
ERROR:letsencrypt.crypto_util:[('PEM routines', 'PEM_read_bio', 'no start line')] Traceback (most recent call last): File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/crypto_util.py", line 226, in _get_sans_from_cert_or_req cert_or_req = load_func(typ, cert_or_req_str) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/OpenSSL/crypto.py", line 1511, in load_certificate _raise_current_error() File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/OpenSSL/_util.py", line 48, in exception_from_error_queue raise exception_type(errors)

Where is my issue?

greets
Dennis


Error creating certs
#2

My issue still exist.
Has no one an idea?

Dennis


#3

Could you try only with one domain (not more) and report back?


#4

The following command has the same output:
/root/letsencrypt/letsencrypt-auto certonly --manual -d example.org

2016-04-08 21:17:05,410:ERROR:letsencrypt.crypto_util:[('PEM routines', 'PEM_read_bio', 'no start line')] Traceback (most recent call last): File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/crypto_util.py", line 226, in _get_sans_from_cert_or_req cert_or_req = load_func(typ, cert_or_req_str) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/OpenSSL/crypto.py", line 1511, in load_certificate _raise_current_error() File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/OpenSSL/_util.py", line 48, in exception_from_error_queue raise exception_type(errors) Error: [('PEM routines', 'PEM_read_bio', 'no start line')] 2016-04-08 21:17:05,420:DEBUG:letsencrypt.main:Exiting abnormally: Traceback (most recent call last): File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module> sys.exit(main()) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/main.py", line 692, in main return config.func(config, plugins) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/main.py", line 509, in obtain_cert _, action = _auth_from_domains(le_client, config, domains, lineage) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/main.py", line 76, in _auth_from_domains action, lineage = _treat_as_renewal(config, domains) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/main.py", line 212, in _treat_as_renewal ident_names_cert, subset_names_cert = _find_duplicative_certs(config, domains) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/main.py", line 243, in _find_duplicative_certs candidate_names = set(candidate_lineage.names()) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/storage.py", line 604, in names return crypto_util.get_sans_from_cert(f.read()) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/crypto_util.py", line 245, in get_sans_from_cert cert, OpenSSL.crypto.load_certificate, typ) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/crypto_util.py", line 226, in _get_sans_from_cert_or_req cert_or_req = load_func(typ, cert_or_req_str) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/OpenSSL/crypto.py", line 1511, in load_certificate _raise_current_error() File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/OpenSSL/_util.py", line 48, in exception_from_error_queue raise exception_type(errors) Error: [('PEM routines', 'PEM_read_bio', 'no start line')]


#5

It seems as if the client runs into some error while reading existing certificates. Maybe some corrupted file from a previous run?

Unfortunately the log currently doesn’t give any hint as to which file might be causing this. You could try running the client in verbose mode with -vvvv, but I’m not certain if this will lead you to the problem.

Did you modify any files in /etc/letsencrypt manually? That’s where I’d start looking.

Here are some generic openssl commands you can use to check various files (if there’s an error, you probably found the “bad” file):

# verify a private key file
openssl rsa -in privkey1.pem -check
# verify a cert
openssl x509 -in cert1.pem -text -noout

Do that for every privkey<n>.pem and cert<n>.pem file in all directories under /etc/letsencrypt/archive/. You might also want to do that for /etc/letsencrypt/live if nothing shows up (those files should only be symlinks to /archive, but who knows.)

You could also try openssl req -in 0001_csr-letsencrypt.pem -text -noout on all files in /etc/letsencrypt/csr, if the rest doesn’t find anything.


#6

Wohoo \o/

I found the bad certificates. The cert.pem from one domain was in binary format (wtf?).
I’ve deleted this folder and Letsencrypt works again.

Thanks a lot!
Dennis


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.