I delete file and after acme.sh --force --standalone --issue -d cloud.hugoclo411.xyz --keylength ecc-384
or allow acme.sh to remove it for you:
it may be:
acme.sh --remove cloud.hugoclo411.xyz
if not, show list of cert names:
acme.sh --list
acme.sh --remove {your cert name}
Main_Domain KeyLength SAN_Domains Created Renew
chat.hugoclo411.xyz “ec-384” no Mon Dec 17 18:15:44 UTC 2018 Fri Feb 15 18:15:44 UTC 2019
cloud.hugoclo411.xyz “” no
pyload.hugoclo411.xyz “ec-384” no Thu Nov 1 08:53:29 UTC 2018 Mon Dec 31 08:53:29 UTC 2018
acme.sh --remove -d cloud.hugoclo411.xyz --ecc
[Mon Dec 17 22:46:15 CET 2018] cloud.hugoclo411.xyz is removed, the key and cert files are in /root/.acme.sh/cloud.hugoclo411.xyz_ecc
[Mon Dec 17 22:46:15 CET 2018] You can remove them by yourself.
ls -l /root/.acme.sh/cloud.hugoclo411.xyz_ecc
ls -l /root/.acme.sh/cloud.hugoclo411.xyz_ecc
total 8
-rw-r–r-- 1 root root 162 Dec 17 22:35 cloud.hugoclo411.xyz.conf.removed
-rw-r–r-- 1 root root 215 Dec 17 22:35 cloud.hugoclo411.xyz.csr.conf
-rw-r–r-- 1 root root 0 Dec 17 22:35 cloud.hugoclo411.xyz.key
key remains
it must go or rename it too.
Then:
also openssl version look good.
/.acme.sh# acme.sh --force --standalone --issue -d cloud.hugoclo411.xyz --k ec-384
[Mon Dec 17 22:58:01 CET 2018] Unknown parameter : --k
Main_Domain KeyLength SAN_Domains Created Renew
chat.hugoclo411.xyz “ec-384” no Mon Dec 17 18:15:44 UTC 2018 Fri Feb 15 18:15:44 UTC 2019
cloud.hugoclo411.xyz “ec-384” no Mon Dec 17 21:59:03 UTC 2018 Fri Feb 15 21:59:03 UTC 2019
pyload.hugoclo411.xyz “ec-384” no Thu Nov 1 08:53:29 UTC 2018 Mon Dec 31 08:53:29 UTC 2018
This is strange.
I use -k all the time with acme.sh
But I see that you got a new cert?:
Not:
double dash K (--k)
should be:
single dash K (-k)
-rw-r--r-- 1 root root 1647 Dec 17 23:08 ca.cer
-rw-r--r-- 1 root root 1688 Dec 17 23:08 cloud.hugoclo411.xyz.cer
-rw-r--r-- 1 root root 516 Dec 17 23:08 cloud.hugoclo411.xyz.conf
-rw-r--r-- 1 root root 538 Dec 17 23:08 cloud.hugoclo411.xyz.csr
-rw-r--r-- 1 root root 215 Dec 17 23:08 cloud.hugoclo411.xyz.csr.conf
-rw-r--r-- 1 root root 359 Dec 17 23:08 cloud.hugoclo411.xyz.key
-rw-r--r-- 1 root root 3335 Dec 17 23:08 fullchain.cer
Beautiful!
File:
/etc/nginx/sites-enabled/nextcloud.conf
contians:
ssl_certificate /root/.acme.sh/cloud.hugoclo411.xyz_ecc/fullchain.cer;
ssl_certificate_key /root/.acme.sh/cloud.hugoclo411.xyz_ecc/cloud.hugoclo411.xyz.key;
And both files now exist!
restart web server.
ssl_certificate /root/.acme.sh/cloud.hugoclo411.xyz_ecc/fullchain.cer;
ssl_certificate_key /root/.acme.sh/cloud.hugoclo411.xyz_ecc/cloud.hugoclo411.xyz.key;
The files are good.
systemclt start nginx;
if fail, then show:
nginx -t
If it works, go have a bottle of wine!
nginx: [emerg] PEM_read_bio_X509_AUX("/root/.acme.sh/chat.hugoclo411.xyz_ecc/fullchain.cer") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)
nginx: configuration file /etc/nginx/nginx.conf test failed
Well that is unfortunate - we going in circles, it seems.
Ok, please show:
openssl ec -pubout -in /root/.acme.sh/cloud.hugoclo411.xyz_ecc/cloud.hugoclo411.xyz.key openssl x509 -pubkey -in /root/.acme.sh/cloud.hugoclo411.xyz_ecc/cloud.hugoclo411.xyz.cer