To check the hypothesis that this is a Synology bug, you could also run some openssl
command line commands to parse those files and see if they were corrupted somehow. If you can run openssl
on your own computer, we can suggest what those commands would look like. But I guess the Synology bug hypothesis seems like a likely one.
Sigh. My ISP charges an activation fee just to get a static IP in addition to a monthly charge. This is ridiculous . Let me try your troubleshooting suggestion schoen. What commands would I run?
You could try running these commands:
openssl x509 -in intermediatecert.crt -text -noout
openssl x509 -in domain.crt -text -noout
openssl rsa -in server.key -modulus -noout
In the first two cases you should see a lot of cert data, while in the third case you should see a numeric modulus (I suggested -modulus
, which displays part of the associated public key, instead of -text
in order to avoid displaying secret key parameters on your screen). None of the commands should show an error message.
I'm getting an error message running this in terminal. Am I supposed to run this in terminal on my computer?
Yes, do you already have OpenSSL on your computer? Iâm not sure what operating system youâre using.
It should also be run from the same directory where the files are located; it wonât be able to find them otherwise.
Iâm not sure. Iâm using Mac OS, most recent Seirra.
Edit: I appreciate all this help. But at this point this all feels over my head and without detailed instructions Iâll probably get lost. I also realize people donât have time to walk me through things. meh.
Hi @iwantSSL,
Is the error message that you saw something like openssl: command not found
or something like unable to load certificate
?
Yes. Unable to load for all three. But I did it in terminal. Not sure if thatâs the same thing as OpenSSL.
So, the problem there is the directory (sometimes also referred to as a folder) where these are saved; do you know where that is? The default is to assume that theyâre in your home directory, which is not right, so weâll have to specify where they are.
@iwantSSL Earlier you downloaded the three required files from ZeroSSL to your computer in a specific folder and tried to upload them to your NAS, again, from said folder:
You have to go to thĂĄt folder and execute the openssl
commands from there.
On the command line, this is done with the cd
command (for "change directory").
I have them saved on a folder on my desktop called âcert.â
So I went to my directory where my files are. I'm getting the same "unable to load ___," but what's different is I got "EXPECTING: Trusted Certificate, EXPECTING: ANY PRIVATE KEY."
I could screen shot the rest of the error but I do not know if I should keep it confidential? Is it safe to share?
Edit: I'm wondering if I have OpenSSL installed and if this is the reason for the error? How can I check if OpenSSL is installed?
unable to load certificate
is an error from OpenSSL. If you didn't have OpenSSL, you would instead get something like openssl: command not found
.
Your error message is interesting; in that directory, could you try this?
grep BEGIN *.crt *.key
It displayed each file name with f0\fs24...etc. for each. and then ----begin cert---- ----begin cert----- ---begin private key----
I didn't make that exact but that's basically what was displayed.
Could you please check exactly which lines are displayed for which files? The thing I was hoping to investigate here was whether theyâre misnamed or duplicated somehow.
Yes. I wonder what those backslashes are doing there. That looks like an RTF file rather than a plain text file, which could be part of the story somehow.
Could you please upload the intermediatecert.crt
file itself somewhere? (You can use the âAdd an image or fileâ button in the center of the commenting tools.) The intermediatecert.crt
file, unlike the other two, contains no secrets and no personal or identifying information about you. Its contents will be the same as the publicly-available https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt except apparently slightly corrupted in some way, such as having been converted to RTFâŚ
Itâs an RTF file for sure. Thatâs all Mac gave me the option to do when I created it. Should I convert these to plain text files? Youâre brilliant btw.
omgâŚI think it worked! I converted the files to plain text files from rich text filesâŚhow could I make such a stupid mistake?
Edit: now I see the entire point of the CSR. To identify yourself / company so people can see that when they go to your website. If I redid this process on zeroSSLâŚwith my own CSR, it would populate under âforâ correct? Iâll note in confusion I issued two certs previously. So if I did it again to correct the CSR, thatâs three certs.
Or I could wait until this one expires and generate a new CSR? What do you think the best process is?