Using LetsEncrypt with Bitvise SSH


#1

I have letsencrypt which has been working fine for a year but recently i dropped one of my registered domain names and got an error in the certificate renewal because the DNS lookup failed. I have fixed that using certbot -d option. However my public/private key seems to have disappeared from Bitvise SSH on my Windows machine.

I want to get BitVise SSH working again. I copied fullchain.pem (from etc/letsencrypt/live/bunnfamily.nz) to my windows computer but BitVise SSH does not recognise it.

If I use ‘import’ under BitVise client key manager and select “all files” and then click on fullchain.pem it says “Decoding client key has failed. Keypair importer: unrecognised or invalid import format. Make sure this key is not only public, but a full private key or keypair”.

I know I made this work once, what am I doing wrong?

My domain is: bunnfamily.nz

My web server is (include version): Apache

The operating system my web server runs on is (include version): Ubuntu 18.03

My hosting provider, if applicable, is: None (home laptop running Ubuntu 18.03

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is 0.30.0


#2

I haven’t used BitVise SSH, but the fullchain.pem file is only half of the public/private key pair.
Do you recall the original instructions you followed to load the previous cert?


#3

SSH servers (such as Bitvise) don’t typically use signed certificates. Bitvise only uses them if you’re using the newly added FTPS (FTP over SSL) support. In the server dashboard, you there are separate sections for Host keys (for SSH) and Certificates (for FTPS). As far as I know, the only types of Host Keys supported for importing into Bitvise are its own .bpk files or PuTTY .ppk files.

You mention Apache which makes me think you have a website running at the domain you mentioned and might be using a Let’s Encrypt certificate. But I fail to see how Bitvise is related to that.


#4

As @rmbolger mentions, X509 certificates (as Let’s Encrypt issues) aren’t used with SSH. For more info about private/public key usage in the case of Bitvise SSH, please see https://www.bitvise.com/getting-started-public-key-bitvise