Found the following certs:
Certificate Name: justsnoxbingo.com
Serial Number: 3eda6207de401558869034e31cd05fba413
Key Type: ECDSA
Domains: justsnoxbingo.com www.justsnoxbingo.com
Expiry Date: 2024-05-21 16:49:16+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/justsnoxbingo.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/justsnoxbingo.com/privkey.pem
That is a very strange error message.
The key is ECDSA - not RSA and not 1024 bit length.
1 Like
How would i go to change that?
You can't.
Let's try to workaround that error message.
Let's try having certbot do the work for you, with:
certbot --nginx -d justsnoxbingo.com -d www.justsnoxbingo.com
Choose options NOT to renew the cert but YES to [re-]install it.
2 Likes
1: Attempt to reinstall this existing certificate
It gives me the same error:
Unsupported RSA key length: 1024
What shows?:
certbot --version
2 Likes
It shows:
certbot 2.9.0
Please show this file:
2 Likes
-----BEGIN CERTIFICATE-----
MIIEOzCCAyOgAwIBAgISA+2mIH3kAVWIaQNOMc0F+6QTMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yNDAyMjExNjQ5MTdaFw0yNDA1MjExNjQ5MTZaMBwxGjAYBgNVBAMT
EWp1c3Rzbm94YmluZ28uY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE9Qbo
WCTM/ewEQypoOg4/b5cjHENvPjBQ7+P5oEBR1j6dThaC+JujRRDp+HEJBV6pJMGj
rI8UvWI4WIykwNmi7aOCAiowggImMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAU
BggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUPxIP
cFBOvPY826uapl5hCtHBJt8wHwYDVR0jBBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsU
wsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vcjMuby5sZW5j
ci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNyLm9yZy8wMwYDVR0R
BCwwKoIRanVzdHNub3hiaW5nby5jb22CFXd3dy5qdXN0c25veGJpbmdvLmNvbTAT
BgNVHSAEDDAKMAgGBmeBDAECATCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB3AEiw
42vapkc0D+VqAvqdMOscUgHLVt0sgdm7v6s52IRzAAABjczJPyUAAAQDAEgwRgIh
APPTJ4/zn4Fam4obBCO+uDQkilGWVco9rqdOlOmi8r3iAiEA6ggbJOkgEV6dgBss
HUxJFuZBduSDYDZ/S7qlRHa4g5QAdQA7U3d1Pi25gE6LMFsG/kA7Z9hPw/THvQAN
LXJv4frUFwAAAY3MyT8pAAAEAwBGMEQCIDr7I94Z6LFRlb1PprwnjL5D0hiIfm8k
UFDvNB4UCmxaAiAKU0OR5Mc19psosa+lhe7JysfgmaidAbWPqAM2aFfanzANBgkq
hkiG9w0BAQsFAAOCAQEARZp5r+rnF6Xic+gauPj0vhs6/IpVShU7E5UgbSLEjJSZ
XuTPKOcVvWrKeP99gLzVkEzZN2V0vZ65fZ01rTebkqKYW4VL5t02/7Zn6VSStT0A
rwUDn19d+x5qAxTI1l93CD0N3g8k7rtRFmwHWpPVC1bjDRZGtWaZaBTjiCF+9MI4
q7jH/JA6HIT7N5EgroKidaSNtP8tCdlqhTRpSgtEjjHOowpERBguBLhJRrv+RaVw
jygcX2yQ+a50dKpqKJsyOU/2mn9Oa/E8T0GtS83YDNkysLyFB74nZnqDhJeng6PG
diXJep4D6OGUT4exYk1989i2sbei1PMdxChy5THvyQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
nLRbwHOoq7hHwg==
-----END CERTIFICATE-----
As expected, that leaf cert is NOT RSA 1024:
And neither is the chain cert:
Let's have a look at the log file... maybe there is a clue about why this error is happening in the logs.
/var/log/letsencrypt/letsencrypt.log
1 Like
2024-02-21 18:35:30,500:DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): r3.o.lencr.org:80
2024-02-21 18:35:30,519:DEBUG:urllib3.connectionpool:http://r3.o.lencr.org:80 "POST / HTTP/1.1" 200 503
2024-02-21 18:35:30,519:DEBUG:certbot.ocsp:OCSP response for certificate /etc/letsencrypt/archive/justsnoxbingo.com/cert2.pem is signe>
2024-02-21 18:35:30,520:DEBUG:certbot.ocsp:OCSP certificate status for /etc/letsencrypt/archive/justsnoxbingo.com/cert2.pem is: OCSPCe>
2024-02-21 18:35:30,523:DEBUG:certbot._internal.display.obj:Notifying user: Certificate not yet due for renewal
2024-02-21 18:35:42,010:INFO:certbot._internal.main:Keeping the existing certificate
2024-02-21 18:35:42,010:DEBUG:certbot._internal.display.obj:Notifying user: Deploying certificate
2024-02-21 18:35:42,015:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/local/lib/python3.10/dist-packages/certbot/_internal/client.py", line 657, in deploy_certificate
self.installer.deploy_cert(
File "/usr/lib/python3/dist-packages/certbot_nginx/_internal/configurator.py", line 232, in deploy_cert
vhosts = self.choose_vhosts(domain, create_if_no_match=True)
File "/usr/lib/python3/dist-packages/certbot_nginx/_internal/configurator.py", line 352, in choose_vhosts
self._make_server_ssl(vhost)
File "/usr/lib/python3/dist-packages/certbot_nginx/_internal/configurator.py", line 732, in _make_server_ssl
snakeoil_cert, snakeoil_key = self._get_snakeoil_paths()
File "/usr/lib/python3/dist-packages/certbot_nginx/_internal/configurator.py", line 678, in _get_snakeoil_paths
le_key = crypto_util.generate_key(
File "/usr/local/lib/python3.10/dist-packages/certbot/crypto_util.py", line 81, in generate_key
key_pem = make_key(
File "/usr/local/lib/python3.10/dist-packages/certbot/crypto_util.py", line 225, in make_key
raise errors.Error("Unsupported RSA key length: {}".format(bits))
certbot.errors.Error: Unsupported RSA key length: 1024
2024-02-21 18:35:42,015:DEBUG:certbot._internal.error_handler:Calling registered functions
2024-02-21 18:35:42,089:DEBUG:certbot._internal.display.obj:Notifying user: Could not install certificate
2024-02-21 18:35:42,089:DEBUG:certbot._internal.display.obj:Notifying user: NEXT STEPS:
2024-02-21 18:35:42,089:DEBUG:certbot._internal.display.obj:Notifying user: - The certificate was saved, but could not be installed (i>
certbot install --cert-name justsnoxbingo.com
2024-02-21 18:35:42,089:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/local/bin/certbot", line 8, in <module>
sys.exit(main())
File "/usr/local/lib/python3.10/dist-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
File "/usr/local/lib/python3.10/dist-packages/certbot/_internal/main.py", line 1894, in main
return config.func(config, plugins)
File "/usr/local/lib/python3.10/dist-packages/certbot/_internal/main.py", line 1480, in run
raise installer_err
File "/usr/local/lib/python3.10/dist-packages/certbot/_internal/main.py", line 1464, in run
_install_cert(config, le_client, domains, new_lineage)
File "/usr/local/lib/python3.10/dist-packages/certbot/_internal/main.py", line 1058, in _install_cert
le_client.deploy_certificate(domains, path_provider.key_path, path_provider.cert_path,
File "/usr/local/lib/python3.10/dist-packages/certbot/_internal/client.py", line 657, in deploy_certificate
self.installer.deploy_cert(
File "/usr/lib/python3/dist-packages/certbot_nginx/_internal/configurator.py", line 232, in deploy_cert
vhosts = self.choose_vhosts(domain, create_if_no_match=True)
File "/usr/lib/python3/dist-packages/certbot_nginx/_internal/configurator.py", line 352, in choose_vhosts
self._make_server_ssl(vhost)
File "/usr/lib/python3/dist-packages/certbot_nginx/_internal/configurator.py", line 732, in _make_server_ssl
snakeoil_cert, snakeoil_key = self._get_snakeoil_paths()
File "/usr/lib/python3/dist-packages/certbot_nginx/_internal/configurator.py", line 678, in _get_snakeoil_paths
le_key = crypto_util.generate_key(
File "/usr/local/lib/python3.10/dist-packages/certbot/crypto_util.py", line 81, in generate_key
key_pem = make_key(
File "/usr/local/lib/python3.10/dist-packages/certbot/crypto_util.py", line 225, in make_key
raise errors.Error("Unsupported RSA key length: {}".format(bits))
certbot.errors.Error: Unsupported RSA key length: 1024
2024-02-21 18:35:42,089:ERROR:certbot._internal.log:Unsupported RSA key length: 1024
Two things I see "wrong" there:
- it's using a "
snakeoil" cert [not yourcertbotcert] - it's using
python3outside ofsnap
Do you use python in your system?
How/when did you install python?
2 Likes
I am not using anything using python right now as far as I know of right now
sudo apt install python3
Edit: Is there a way to fix this easy?
Did a reinstall of ubunut and everything is working now
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.