lego icon indicating copy to clipboard operation
lego copied to clipboard

Published 20 hours ago verified publisher icon go-acme

EC Private key not match Aliyun requirement

Open smoothdvd opened this issue 5 years ago • 2 comments

lego generated key format: -----BEGIN EC PRIVATE KEY----- .... -----END EC PRIVATE KEY-----

Aliyun requirement: -----BEGIN EC PARAMETERS----- 证书私钥(BASE64编码) -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- 证书私钥(BASE64编码) -----END EC PRIVATE KEY-----

smoothdvd avatar Nov 23 '20 03:11 smoothdvd 

$ openssl ecparam -name secp256k1 -genkey
-----BEGIN EC PARAMETERS-----
BgUrgQQACg==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIByJRuZONlvVvRk4MFyO+5RtFqAwhGAKy0+YCZTZO3O5oAcGBSuBBAAK
oUQDQgAECW9IZqblZA50P1QJmKdcGhe6FkbpY8b+/HwMMCC71oZjKW0i1BHsooy9
WPZp6mLotIkgtjHLCtU02UG+gFRWIw==
-----END EC PRIVATE KEY-----
$ openssl ecparam -name secp256k1 -genkey -noout
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIKljxCNlQbcUe4ij+9khs9eJwz3BMwC8C9WrQ5e61IrDoAcGBSuBBAAK
oUQDQgAErMsOa9Orl7Bfo1lBVnhBYTPTINbqSVmi/jJ5YvZx3UhDSuZQdl7UCApJ
bJVOnXneQwCq2Gbd3s1KVavBN+FOQw==
-----END EC PRIVATE KEY-----

Why do you think this is a Lego problem and should be addressed by Lego and not an Aliyun problem that should be addressed by Aliyun?

ad-m avatar Nov 23 '20 03:11 ad-m

Another utility which requires the BEGIN EC PARAMETERS block is RedHat/CentOS's `/usr/sbin/remotectl certificate'. I solved the issue by concatenating a block such as that shown above and the LEGO-created PEM key file, and that worked.

jpmens avatar Mar 30 '21 12:03 jpmens