Error verifying certificate with OpenSSL


#1

After completing all requirements when i try to verify the private and cert key i get this following error. Kindly help

** Verifying cert.pem against privkey.pem Certificate (cert.pem) and private key (privkey.pem) match. XXXXX ERROR: Invalid Certificate: cert.pem: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 error 2 at 1 depth lookup:unable to get issuer cer

#2

Hi, can you provide the detailed log for the error please ?


#3

Which type of log are you asking for?


#4

ideally the output it prints when you are running it with the --debug option, at a minimum though the complete output it gives when you run it nornally ( rather than an edited single line ) .


#5

Or, did you run openssl yourself in order to verify the certificate? I guess it would need the issuer certificate in chain.pem as well in order to confirm the leaf certificate’s validity.


#6

hi @mmarsl

OpenSSL is a great library for matching keys to certificates

You do need to understand how it works though

There are 2 types of keys which you will encounter on your LetsEncrypt process

A) An account key (what you use to sign all requests to LetsEncrypt)
B) a Web Key (what you use to sign the CSR and encryption activities once cert is avaialble)

when you are running the comparison which key are you using

If you are using key A) then it will always fail

Andrei


#7

I suggest that you paste the entire output, as a quoted block-of-code, from (and, including) the command-line prompt and your command, all the way through to everything that it produces when the --debug option is used.

It might also be helpful to include ls -l (filename) output so that we can see how long the files are, that you (think that you) are referencing in that command.   Folks around here will know if that file-length doesn’t jive …


#8

Thank you for giving your input. The issue is now resolved. Actually i was comparing the private.key with the cert.pem and error occurred. I reinstalled the key and this time concatenated the root file text correctly. The error is now no more but thank you for kind input.


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.