Renouvellement de certificat


#81

openssl rsa -noout -modulus -in /root/.acme.sh/cloud.hugoclo411.xyz_ecc/cloud.hugoclo411.xyz.key
unable to load Private Key
139850916881792:error:0906D06C:PEM routines:PEM_read_bio:no start line:…/crypto/pem/pem_lib.c:686:Expecting: ANY PRIVATE KEY


#82

OK you can’t use
openssl rsa …
with an ECC key.


#83

grep '\-\-\-\-' /root/.acme.sh/cloud.hugoclo411.xyz_ecc/


#84

grep: /root/.acme.sh/cloud.hugoclo411.xyz_ecc/: Is a directory


#85

then:
grep '\-\-\-\-' /root/.acme.sh/cloud.hugoclo411.xyz_ecc/*
or
grep -R '\-\-\-\-' /root/.acme.sh/cloud.hugoclo411.xyz_ecc/


#86

grep -R ‘----’ /root/.acme.sh/cloud.hugoclo411.xyz_ecc/
/root/.acme.sh/cloud.hugoclo411.xyz_ecc/cloud.hugoclo411.xyz.csr:-----BEGIN CERTIFICATE REQUEST-----
/root/.acme.sh/cloud.hugoclo411.xyz_ecc/cloud.hugoclo411.xyz.csr:-----END CERTIFICATE REQUEST-----
/root/.acme.sh/cloud.hugoclo411.xyz_ecc/backup/fullchain.bak:-----BEGIN CERTIFICATE-----
/root/.acme.sh/cloud.hugoclo411.xyz_ecc/backup/fullchain.bak:-----END CERTIFICATE-----
/root/.acme.sh/cloud.hugoclo411.xyz_ecc/backup/fullchain.bak:-----BEGIN CERTIFICATE-----
/root/.acme.sh/cloud.hugoclo411.xyz_ecc/backup/fullchain.bak:-----END CERTIFICATE-----
/root/.acme.sh/cloud.hugoclo411.xyz_ecc/ca.cer:-----BEGIN CERTIFICATE-----
/root/.acme.sh/cloud.hugoclo411.xyz_ecc/ca.cer:-----END CERTIFICATE-----


#87

the files are gone…
moved?

maybe when you issued the
--install-cert

find / -name cloud.hugo*


#88

find / -name cloud.hugo*
/root/.acme.sh/cloud.hugoclo411.xyz_ecc
/root/.acme.sh/cloud.hugoclo411.xyz_ecc/cloud.hugoclo411.xyz.csr
/root/.acme.sh/cloud.hugoclo411.xyz_ecc/cloud.hugoclo411.xyz.conf
/root/.acme.sh/cloud.hugoclo411.xyz_ecc/cloud.hugoclo411.xyz.cer
/root/.acme.sh/cloud.hugoclo411.xyz_ecc/cloud.hugoclo411.xyz.key
/root/.acme.sh/cloud.hugoclo411.xyz_ecc/cloud.hugoclo411.xyz.csr.conf
/root/.acme.sh/cloud.hugoclo411.xyz
/root/.acme.sh/cloud.hugoclo411.xyz/cloud.hugoclo411.xyz.csr
/root/.acme.sh/cloud.hugoclo411.xyz/cloud.hugoclo411.xyz.conf
/root/.acme.sh/cloud.hugoclo411.xyz/cloud.hugoclo411.xyz.cer
/root/.acme.sh/cloud.hugoclo411.xyz/cloud.hugoclo411.xyz.key
/root/.acme.sh/cloud.hugoclo411.xyz/cloud.hugoclo411.xyz.csr.conf


#89

Please show this public cert file:

And we seem to have lost the “fullchain.cer” file…


#90

Also, please show to confirm they match:

openssl ec   -pubout -in /root/.acme.sh/cloud.hugoclo411.xyz_ecc/cloud.hugoclo411.xyz.key
openssl x509 -pubkey -in /root/.acme.sh/cloud.hugoclo411.xyz_ecc/cloud.hugoclo411.xyz.cer

If matched, then update file:
/etc/nginx/sites-enabled/nextcloud.conf

ssl_certificate /root/.acme.sh/cloud.hugoclo411.xyz_ecc/cloud.hugoclo411.xyz.cer;
ssl_certificate_key /root/.acme.sh/cloud.hugoclo411.xyz_ecc/cloud.hugoclo411.xyz.key;


#91

openssl ec -pubout -in /root/.acme.sh/cloud.hugoclo411.xyz_ecc/cloud.hugoclo411.xyz.key
read EC key
unable to load Key
139929287808384:error:0906D06C:PEM routines:PEM_read_bio:no start line:…/crypto/pem/pem_lib.c:686:Expecting: ANY PRIVATE KEY


#92

It was there earlier…
But now it is not there.


#93

please show only top part of this private file - FIRST LINE ONLY:
/root/.acme.sh/cloud.hugoclo411.xyz_ecc/cloud.hugoclo411.xyz.key


#94

maybe you can just reissue a new cert (without doing the --install-cert):
acme.sh --force --standalone --issue -d cloud.hugoclo411.xyz --k ec-384

Then start nginx
systemctl start nginx


#95

acme.sh --force --standalone --issue -d cloud.hugoclo411.xyz --keylength ec-384
[Mon Dec 17 22:23:08 CET 2018] Standalone mode.
[Mon Dec 17 22:23:08 CET 2018] Single domain=‘cloud.hugoclo411.xyz’
unable to load Private Key
140581453714816:error:0906D06C:PEM routines:PEM_read_bio:no start line:…/crypto/pem/pem_lib.c:686:Expecting: ANY PRIVATE KEY
[Mon Dec 17 22:23:08 CET 2018] Create CSR error.
[Mon Dec 17 22:23:08 CET 2018] Please add ‘–debug’ or ‘–log’ to check more details.
[Mon Dec 17 22:23:08 CET 2018] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh


#96

first move or delete the files in:
/root/.acme.sh/cloud.hugoclo411.xyz_ecc/

Then


#97

also please show:
openssl version


#98

OpenSSL 1.1.0j 20 Nov 2018


#99

/.acme.sh# acme.sh --force --standalone --issue -d cloud.hugoclo411.xyz --keylength ecc-384
[Mon Dec 17 22:35:56 CET 2018] Standalone mode.
[Mon Dec 17 22:35:56 CET 2018] Creating domain key
[Mon Dec 17 22:35:56 CET 2018] Create key error.
[Mon Dec 17 22:35:56 CET 2018] Single domain=‘cloud.hugoclo411.xyz’
unable to load Private Key
139705709929856:error:0906D06C:PEM routines:PEM_read_bio:no start line:…/crypto/pem/pem_lib.c:686:Expecting: ANY PRIVATE KEY
[Mon Dec 17 22:35:56 CET 2018] Create CSR error.
[Mon Dec 17 22:35:56 CET 2018] Please add ‘–debug’ or ‘–log’ to check more details.
[Mon Dec 17 22:35:56 CET 2018] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh


#100