Using LE to handle CSRs from OpenFire


#1

Please fill out the fields below so we can help you better.

My domain is: fenrir.stelth2000inc.com

I ran this command: ./letsencrypt-auto --email demonicpagan@gmail.com --text --authenticator manual --work-dir /tmp/work/ --config-dir /tmp/config/ --logs-dir /tmp/logs/ auth --cert-path /tmp/certs --chain-path /tmp/chains --csr /root/letsencrypt-nosudo/openfire.csr

It produced this output:
An unexpected error occurred:
The request message was malformed :: Invalid key in certificate request :: Unknown key type *dsa.PublicKey

My operating system is (include version): Debian Linux 9.0

My web server is (include version): Apache 2.4.23

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


#2

I’m pretty sure Let’s Encrypt does not support DSA keys. You’ll have to stick to RSA or ECDSA.

Unfortunately, I don’t know anything about OpenFire, but if you could share how you created that key (or point to the relevant documentation), I might be able to help.


#3

This is what I have for documentation for creating TLS/SSL certificates. I have added my RSA LE cert, but am left with the message of

One or more certificates are missing. Click here to generate self-signed certificates or here to import a signed certificate and its private key.

I am presented the message because I do not have a DSA cert in my certificate store.


#4

Which files did you attempt to import? I assume you were using the “Import Signed Certificate” interface mentioned by that guide. Is the error you mentioned something you got as a result of that import, or just a warning message shown somewhere? In case OpenFire requires both a RSA and DSA key to function properly, Let’s Encrypt won’t be able to help you with the DSA key.


#5

I don’t believe it requires both to function. I can live with message it gives about missing certificates. I can still connect to my XMPP server with the RSA one that I have from LE.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.