getssl icon indicating copy to clipboard operation
getssl copied to clipboard

Published 20 hours ago verified publisher icon srvrco

Can't renew certificates (unable to load X509 request)

Open mmclist opened this issue 3 years ago • 2 comments

Describe the bug Can't renew certificates. getssl ver. 2.29 was configured and worked properly until today. I didn't edit any config file, upgreded script to the latest version 2.30, and it still not works.

To Reproduce sudo ./getssl -a Check all certificates creating domain csr - /root/.getssl/mydomain/mydomain.csr Error Loading request extension section SAN 34380884552:error:2206D06D:X509 V3 routines:X509V3_parse_list:invalid null value:/usr/src/crypto/openssl/crypto/x509v3/v3_utl.c:336: 34380884552:error:22097069:X509 V3 routines:DO_EXT_NCONF:invalid extension string:/usr/src/crypto/openssl/crypto/x509v3/v3_conf.c:140:name=subjectAltName,section=DNS:mydomain,DNS:www.mydomain,DNS:,DNS:www2.mydomain,DNS:,DNS:www2.mydomain,DNS:,DNS:www4.mydomain 34380884552:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:/usr/src/crypto/openssl/crypto/x509v3/v3_conf.c:95:name=subjectAltName, value=DNS:mydomain,DNS:www.mydomain,DNS:,DNS:www2.mydomain,DNS:,DNS:www2.mydomain,DNS:,DNS:www4.mydomain Registering account Verify each domain Verifying mydomain mydomain is already validated Verifying www.mydomain www.mydomain is already validated Verifying www2.mydomain www2.mydomain is already validated Verifying www3.mydomain ww3.mydomain is already validated Verifying www4.mydomain www4.mydomain is already validated Verification completed, obtaining certificate. unable to load X509 request 34380884552:error:0906D06C:PEM routines:PEM_read_bio:no start line:/usr/src/crypto/openssl/crypto/pem/pem_lib.c:697:Expecting: CERTIFICATE REQUEST Requesting Finalize Link getssl: ACME server returned error: 400: "detail": "Error parsing certificate request: asn1: syntax error: sequence truncated",

Operating system (please complete the following information): FreeBSD 11.4-RELEASE-p2 FreeBSD 11.4-RELEASE-p2 #0: Tue Aug 4 19:21:02 UTC 2020 GENERIC amd64 bash, 5.0.18(3)-release (amd64-portbld-freebsd11.4) OpenSSL 1.0.2u-freebsd 20 Dec 2019 the same with: OpenSSL 1.1.1h 22 Sep 2020

mmclist avatar Nov 09 '20 07:11 mmclist

Hi @mmclist

Thanks for reporting this, it appears to be related to OpenSSL and probably something to do with the settings in the openssl.cnf file. I'll try and reproduce and fix.

timkimber avatar Nov 09 '20 20:11 timkimber

A space at the end of the subj. alt. name list was the reason of this error message for me.

hontvari avatar Oct 28 '23 11:10 hontvari