I’m working on getting a certificate for a server hosted at a local college running Apache in Windows 2012. I’m following along with the usage instructions, and I’m using the Windows client le64.exe.
I’m testing getting my first certificate, so I’m using the command without –live
“le64.exe --key account.key --csr mydomain.csr --csr-key mydomain.key --crt mydomain.crt --domains “www.americancenturies.mass.edu,americancenturies.mass.edu,www.memorialhall.mass.edu,memorialhall.mass.edu” --path /Tomcat-centuries/webapps/ROOT/.well-known/acme-challenge/ --generate-missing --unlink”
It comes up with a long error that starts with:
Can’t locate utf8_heavy.pl in @INC
Does anyone have any ideas how to troubleshoot this?
What client are you using? You didn’t include all of the command, just the flags…
Sorry, I mentioned it at the top of my post, the windows client. Le64.exe.
Thanks for giving this a look!
That's the first report of the sort, but I might know how to get this fixed quickly. The alpha version le64-028a.zip has now been updated at Releases · do-know/Crypt-LE · GitHub - give it a go and see if the problem goes away,
I used the le64-28a.exe and the “can’t locate utf8_heavy.pl” error is gone. I now get a new error:
“Incorrect parameters - need account key file name specified.”
Isn’t the name simply account.key? The file account.key is in the same directory alongside le64-28a.exe, and mydomain.key.
I tried moving the account.key and mydomain.key files to the desktop and seeing if they’d get created automatically and it didn’t work. Same error message, and no files created in that folder.
has some sample uses and screenshots of where things are
pay attention to syntax
Your example looks a lot different from the example on the usage page. what is .\LETSECRYPT_ACCOUNTKEY_PRIVATE.PEM ?
There is no mention of a .pem file.
There are also no leading – (double-dash) in your script.
As far as I can tell it looks a lot different, and there is not much I can glean from your example.
My syntax looks different than yours, but much closer to the usage example that was given, so I can’t see what the issue is.
If you see something in my syntax, can you tell me what you see?
Thanks for your help.
i work with fairly technical people as such words like PEM should mean something
i am not sure what your skill level etc is but bear with me as i try to explain
when we work with tools usually we spend a lot of time reading and understanding what the options are
if you are not really technical and just want things to work may i suggest that you look at certify https://certify.webprofusion.com/
I am not trying to be rude in any way however i am assuming you have an outcome and want to get there
If you are interested in the nitty gritty of windows and let’s encrypt have a look at these two articles which explore this
The link you provide for certifytheweb seems to address IIS servers, not Apache. All the other links to your articles refer to IIS as well.
My post indicates that I’m running Apache.
I have read the documentation provided on the usage page, and the other pages, and as you see, my script closely matches the script provided on the usage page. This script is not working, and I’ve provided the error messages that came in, in hopes that someone may be able to spot an error in syntax, or some such.
Your assumption that I wish for an outcome is correct. Your assumption about my skill level is not.
Apparently you have spotted an error in syntax. Perhaps you can share that knowledge with me.
i usually use powershell and tab (correct paths are populated)
LE64 won’t (i don’t believe) generate a private key for you
My syntax is explained below
.\le64.exe -key .\LETSECRYPT_ACCOUNTKEY_PRIVATE.pem -domains zerossl-win.firecube.xyz -crt .\zerossl-win-firecube-xyz.crt -csr .\zerossl-win-firecube-xyz.csr -csr-key .\zerossl-win-firecube-xyz.key -path C:\LetsEncrypt.well-known\acme-challenge -generate-missing -live
I create a private key using OpenSSL called LETSECRYPT_ACCOUNTKEY_PRIVATE.pem that was in the same folder as i was calling le64 from
-path was the path to the webroot for my IIS. As this is the where zerossl will create the challenge response for the HTTP challenge
The theory of the challenges is covered in the articles i posted above
The name can be anything as long as it follows --key parameter. The error saying that account key needs to be specified would indicate that it was not provided like that. There is of course a slim chance that something might be odd with the command interpreter in your environment or locale settings leading to some bizarre case of not parsing the parameters or not being able to decode them. Just in case I would suggest to check the locale settings. If that looks normal, I guess I might need to spin some AWS instance with Win 2012 to see if that is reproducible.
Not sure if this will be of any use to you.
But I’m using LE64 v0.27 on Win2012 without any problem.
Using the following parameters:
after creating the necessary private key files (using OpenSSL):
openssl ecparam -out ecc-private.key -genkey -name secp384r1
openssl genrsa -out rsa-private.key 4096
openssl genrsa -out account.private.key 4096
I bailed on the windows client. Tried the perl module (le.pl) and almost immediate success.
There was an error that my challenge directory was unwritable. But it turns out I had misspelt my .well-known directory as .wellknown. I fixed that, and voila.
I did not use the openssl string to create my keys first. the --generate-missing command did it for me.
The OpenSSL created a file named: amcen_domain.key
The le64 complained "need account key file name specified"
The le64 command called –key amcen_account.key
Does that file exist? If not, review my steps again, as you need to create both keys.
Thanks for the suggestions. I got it going by bailing on the windows client and using the perl module instead. Go figure…
le.pl worked for you. I haven’t seen any similar reports regarding Windows build before, but I might check whether that is reproducible in my tests anyway. Some Windows configurations might indeed be quite surprising
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.