Le64.exe: Can't locate utf8_heavy.pl in @INC

birdwaves · November 10, 2017, 4:26pm

Hi Folks,
I’m working on getting a certificate for a server hosted at a local college running Apache in Windows 2012. I’m following along with the usage instructions, and I’m using the Windows client le64.exe.
Domains: www.americancenturies.mass.edu,americancenturies.mass.edu,www.memorialhall.mass.edu,memorialhall.mass.edu

I’m testing getting my first certificate, so I’m using the command without –live

The command:

“le64.exe --key account.key --csr mydomain.csr --csr-key mydomain.key --crt mydomain.crt --domains “www.americancenturies.mass.edu,americancenturies.mass.edu,www.memorialhall.mass.edu,memorialhall.mass.edu” --path /Tomcat-centuries/webapps/ROOT/.well-known/acme-challenge/ --generate-missing --unlink”

It comes up with a long error that starts with:

Can’t locate utf8_heavy.pl in @INC

Does anyone have any ideas how to troubleshoot this?

Thanks!

jared.m · November 10, 2017, 5:45pm

What client are you using? You didn’t include all of the command, just the flags…

birdwaves · November 10, 2017, 6:21pm

Sorry, I mentioned it at the top of my post, the windows client. Le64.exe.

Thanks for giving this a look!

leader · November 10, 2017, 6:56pm

That's the first report of the sort, but I might know how to get this fixed quickly. The alpha version le64-028a.zip has now been updated at Releases · do-know/Crypt-LE · GitHub - give it a go and see if the problem goes away,

birdwaves · November 13, 2017, 6:51pm

I used the le64-28a.exe and the “can’t locate utf8_heavy.pl” error is gone. I now get a new error:
“Incorrect parameters - need account key file name specified.”

Isn’t the name simply account.key? The file account.key is in the same directory alongside le64-28a.exe, and mydomain.key.

I tried moving the account.key and mydomain.key files to the desktop and seeing if they’d get created automatically and it didn’t work. Same error message, and no files created in that folder.

thanks

ahaw021 · November 14, 2017, 3:40am

has some sample uses and screenshots of where things are

pay attention to syntax

birdwaves · November 14, 2017, 3:38pm

Hmm…
Your example looks a lot different from the example on the usage page. what is .\LETSECRYPT_ACCOUNTKEY_PRIVATE.PEM ?
There is no mention of a .pem file.
There are also no leading – (double-dash) in your script.

As far as I can tell it looks a lot different, and there is not much I can glean from your example.

My syntax looks different than yours, but much closer to the usage example that was given, so I can’t see what the issue is.
If you see something in my syntax, can you tell me what you see?

Thanks for your help.

ahaw021 · November 14, 2017, 9:17pm

hi @birdwaves

i work with fairly technical people as such words like PEM should mean something

i am not sure what your skill level etc is but bear with me as i try to explain

when we work with tools usually we spend a lot of time reading and understanding what the options are

if you are not really technical and just want things to work may i suggest that you look at certify https://certify.webprofusion.com/

I am not trying to be rude in any way however i am assuming you have an outcome and want to get there

If you are interested in the nitty gritty of windows and let’s encrypt have a look at these two articles which explore this

https://www.linkedin.com/pulse/lets-encrypt-part-1-issuing-installing-certificates-andrei-hawke/

https://www.linkedin.com/pulse/lets-encrypt-part-2-3-repurposing-clients-making-things-andrei-hawke

https://www.linkedin.com/pulse/lets-encrypt-windows-update-may-2017-andrei-hawke

Andrei

birdwaves · November 14, 2017, 10:18pm

The link you provide for certifytheweb seems to address IIS servers, not Apache. All the other links to your articles refer to IIS as well.

My post indicates that I’m running Apache.

I have read the documentation provided on the usage page, and the other pages, and as you see, my script closely matches the script provided on the usage page. This script is not working, and I’ve provided the error messages that came in, in hopes that someone may be able to spot an error in syntax, or some such.

Your assumption that I wish for an outcome is correct. Your assumption about my skill level is not.

Apparently you have spotted an error in syntax. Perhaps you can share that knowledge with me.

ahaw021 · November 14, 2017, 10:38pm

hey mate

all good

i usually use powershell and tab (correct paths are populated)

LE64 won’t (i don’t believe) generate a private key for you

My syntax is explained below

.\le64.exe -key .\LETSECRYPT_ACCOUNTKEY_PRIVATE.pem -domains zerossl-win.firecube.xyz -crt .\zerossl-win-firecube-xyz.crt -csr .\zerossl-win-firecube-xyz.csr -csr-key .\zerossl-win-firecube-xyz.key -path C:\LetsEncrypt.well-known\acme-challenge -generate-missing -live

I create a private key using OpenSSL called LETSECRYPT_ACCOUNTKEY_PRIVATE.pem that was in the same folder as i was calling le64 from

-path was the path to the webroot for my IIS. As this is the where zerossl will create the challenge response for the HTTP challenge

The theory of the challenges is covered in the articles i posted above

Andrei

leader · November 14, 2017, 10:55pm

The name can be anything as long as it follows --key parameter. The error saying that account key needs to be specified would indicate that it was not provided like that. There is of course a slim chance that something might be odd with the command interpreter in your environment or locale settings leading to some bizarre case of not parsing the parameters or not being able to decode them. Just in case I would suggest to check the locale settings. If that looks normal, I guess I might need to spin some AWS instance with Win 2012 to see if that is reproducible.

rg305 · November 15, 2017, 12:16am

Not sure if this will be of any use to you.
But I’m using LE64 v0.27 on Win2012 without any problem.
Using the following parameters:

le64.exe 
--key account.private.key 
--csr delete.me.csr 
--csr-key private.key 
--crt public.key 
--domains "my.domain" 
--path "x:\website\\.well-known\acme-challenge" 
--generate-missing 
--unlink 
--live 
--renew 35 
--handle-as http

after creating the necessary private key files (using OpenSSL):

openssl ecparam -out ecc-private.key -genkey -name secp384r1
openssl genrsa  -out rsa-private.key     4096
openssl genrsa  -out account.private.key 4096

birdwaves · November 15, 2017, 3:49pm

I bailed on the windows client. Tried the perl module (le.pl) and almost immediate success.

There was an error that my challenge directory was unwritable. But it turns out I had misspelt my .well-known directory as .wellknown. I fixed that, and voila.

I did not use the openssl string to create my keys first. the --generate-missing command did it for me.

rg305 · November 15, 2017, 4:32pm

The OpenSSL created a file named: amcen_domain.key
The le64 complained "need account key file name specified"
The le64 command called –key amcen_account.key
Does that file exist? If not, review my steps again, as you need to create both keys.

birdwaves · November 15, 2017, 5:02pm

rg305-

Thanks for the suggestions. I got it going by bailing on the windows client and using the perl module instead. Go figure…

leader · November 15, 2017, 7:25pm

Glad that le.pl worked for you. I haven’t seen any similar reports regarding Windows build before, but I might check whether that is reproducible in my tests anyway. Some Windows configurations might indeed be quite surprising

system · December 15, 2017, 7:29pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.