DEF_LOAD_BIO:missing equal sign:conf_def.c:346 #106

New Issue

Closed

opened 2025-12-29 00:25:02 +01:00 by adam · 6 comments

adam commented 2025-12-29 00:25:02 +01:00

Owner

Copy Link

Originally created by @nilthacker on GitHub (May 26, 2016).

I'm trying to generate some certificates on AWS with Ubuntu 14.04.4. Whenever I run ./letsencrypt.sh -c I always get this error. I've checked for any missing equal signs in the openssl config file and it appears to be valid.

output:
Generating signing request... error on line 6 of /tmp/letsencrypt.sh-s29jat 139960430315168:error:0E079065:configuration file routines:DEF_LOAD_BIO:missing equal sign:conf_def.c:346:line 6

contents of /tmp/letsencrypt.sh-s29jat:
#!/bin/sh LD_LIBRARY_PATH="/opt/bitnami/common/lib:$LD_LIBRARY_PATH" DYLD_LIBRARY_PATH="/opt/bitnami/common/lib:$DYLD_LIBRARY_PATH" OPENSSL_CONF="/opt/bitnami/common/openssl/openssl.cnf" OPENSSL_ENGINES="/opt/bitnami/common/lib/engines" export LD_LIBRARY_PATH export DYLD_LIBRARY_PATH export OPENSSL_CONF export OPENSSL_ENGINES exec /opt/bitnami/common/bin/openssl.bin "$@" [SAN] subjectAltName=DNS:testdomain.com, DNS:www.testdomain.com

Originally created by @nilthacker on GitHub (May 26, 2016). I'm trying to generate some certificates on AWS with Ubuntu 14.04.4. Whenever I run `./letsencrypt.sh -c` I always get this error. I've checked for any missing equal signs in the openssl config file and it appears to be valid. output: `Generating signing request... error on line 6 of /tmp/letsencrypt.sh-s29jat 139960430315168:error:0E079065:configuration file routines:DEF_LOAD_BIO:missing equal sign:conf_def.c:346:line 6` contents of /tmp/letsencrypt.sh-s29jat: `#!/bin/sh LD_LIBRARY_PATH="/opt/bitnami/common/lib:$LD_LIBRARY_PATH" DYLD_LIBRARY_PATH="/opt/bitnami/common/lib:$DYLD_LIBRARY_PATH" OPENSSL_CONF="/opt/bitnami/common/openssl/openssl.cnf" OPENSSL_ENGINES="/opt/bitnami/common/lib/engines" export LD_LIBRARY_PATH export DYLD_LIBRARY_PATH export OPENSSL_CONF export OPENSSL_ENGINES exec /opt/bitnami/common/bin/openssl.bin "$@" [SAN] subjectAltName=DNS:testdomain.com, DNS:www.testdomain.com`

adam closed this issue 2025-12-29 00:25:03 +01:00

adam commented 2025-12-29 00:25:04 +01:00

Author

Owner

Copy Link

@nilthacker commented on GitHub (May 26, 2016):

Here's the output of ./letsencrypt.sh -e:

letsencrypt.sh configuration
INFO: Using main config file /opt/bitnami/apache2/htdocs/letsencrypt/config
declare -- CA="https://acme-staging.api.letsencrypt.org/directory"
declare -- LICENSE="https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf"
declare -- CHALLENGETYPE="http-01"
declare -- DOMAINS_TXT="/opt/bitnami/apache2/htdocs/letsencrypt/domains.txt"
declare -- HOOK=""
declare -- HOOK_CHAIN="no"
declare -- RENEW_DAYS="30"
declare -- ACCOUNT_KEY="/opt/bitnami/apache2/htdocs/letsencrypt/private_key.pem"
declare -- ACCOUNT_KEY_JSON="/opt/bitnami/apache2/htdocs/letsencrypt/private_key.json"
declare -- KEYSIZE="4096"
declare -- WELLKNOWN="/opt/bitnami/apache2/htdocs/letsencrypt/.well-known/acme-challenge"
declare -- PRIVATE_KEY_RENEW="yes"
declare -- OPENSSL_CNF="/opt/bitnami/common/bin/openssl"
declare -- CONTACT_EMAIL="nil@nil.gs"
declare -- LOCKFILE="/opt/bitnami/apache2/htdocs/letsencrypt/lock"

@nilthacker commented on GitHub (May 26, 2016): Here's the output of `./letsencrypt.sh -e`: letsencrypt.sh configuration INFO: Using main config file /opt/bitnami/apache2/htdocs/letsencrypt/config declare -- CA="https://acme-staging.api.letsencrypt.org/directory" declare -- LICENSE="https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf" declare -- CHALLENGETYPE="http-01" declare -- DOMAINS_TXT="/opt/bitnami/apache2/htdocs/letsencrypt/domains.txt" declare -- HOOK="" declare -- HOOK_CHAIN="no" declare -- RENEW_DAYS="30" declare -- ACCOUNT_KEY="/opt/bitnami/apache2/htdocs/letsencrypt/private_key.pem" declare -- ACCOUNT_KEY_JSON="/opt/bitnami/apache2/htdocs/letsencrypt/private_key.json" declare -- KEYSIZE="4096" declare -- WELLKNOWN="/opt/bitnami/apache2/htdocs/letsencrypt/.well-known/acme-challenge" declare -- PRIVATE_KEY_RENEW="yes" declare -- OPENSSL_CNF="/opt/bitnami/common/bin/openssl" declare -- CONTACT_EMAIL="nil@nil.gs" declare -- LOCKFILE="/opt/bitnami/apache2/htdocs/letsencrypt/lock"

adam commented 2025-12-29 00:25:04 +01:00

Author

Owner

Copy Link

@lukas2511 commented on GitHub (May 26, 2016):

OPENSSL_CNF should not be the path to your openssl binary / wrapper, it should be the path to a base openssl config. Maybe you just had a typo since your wrapper seems to refer to /opt/bitnami/common/openssl/openssl.cnf while you used /opt/bitnami/common/bin/openssl in the config.

@lukas2511 commented on GitHub (May 26, 2016): OPENSSL_CNF should not be the path to your openssl binary / wrapper, it should be the path to a base openssl config. Maybe you just had a typo since your wrapper seems to refer to `/opt/bitnami/common/openssl/openssl.cnf` while you used `/opt/bitnami/common/bin/openssl` in the config.

adam commented 2025-12-29 00:25:04 +01:00

Author

Owner

Copy Link

@nilthacker commented on GitHub (May 26, 2016):

I set OPENSSL_CNF to /opt/bitnami/common/bin/openssl/openssl.cnf in the config file and now see this error:

cat: /opt/bitnami/common/bin/openssl/openssl.cnf: Not a directory

Which leads me to believe that it should be the directly, shouldn't it?

@nilthacker commented on GitHub (May 26, 2016): I set `OPENSSL_CNF` to `/opt/bitnami/common/bin/openssl/openssl.cnf` in the `config` file and now see this error: `cat: /opt/bitnami/common/bin/openssl/openssl.cnf: Not a directory` Which leads me to believe that it should be the directly, shouldn't it?

adam commented 2025-12-29 00:25:05 +01:00

Author

Owner

Copy Link

@nilthacker commented on GitHub (May 26, 2016):

Here's the entire config file:

########################################################
# This is the main config file for letsencrypt.sh      #
#                                                      #
# This file is looked for in the following locations:  #
# $SCRIPTDIR/config (next to this script)              #
# /usr/local/etc/letsencrypt.sh/config                 #
# /etc/letsencrypt.sh/config                           #
# ${PWD}/config (in current working-directory)         #
#                                                      #
# Default values of this config are in comments        #
########################################################

# Path to certificate authority (default: https://acme-v01.api.letsencrypt.org/directory)
#CA="https://acme-v01.api.letsencrypt.org/directory"
CA="https://acme-staging.api.letsencrypt.org/directory"

# Path to license agreement (default: https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf)
LICENSE="https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf"

# Which challenge should be used? Currently http-01 and dns-01 are supported
CHALLENGETYPE="http-01"

# Path to a directory containing additional config files, allowing to override
# the defaults found in the main configuration file. Additional config files
# in this directory needs to be named with a '.sh' ending.
# default: <unset>
#CONFIG_D=

# Base directory for account key, generated certificates and list of domains (default: $SCRIPTDIR -- uses config directory if undefined)
BASEDIR=$SCRIPTDIR

# File containing the list of domains to request certificates for (default: $BASEDIR/domains.txt)
DOMAINS_TXT="${BASEDIR}/domains.txt"

# Output directory for challenge-tokens to be served by webserver or deployed in HOOK (default: $BASEDIR/.acme-challenges)
WELLKNOWN="${BASEDIR}/.well-known/acme-challenge"

# Location of private account key (default: $BASEDIR/private_key.pem)
ACCOUNT_KEY="${BASEDIR}/private_key.pem"

# Location of private account registration information (default: $BASEDIR/private_key.json)
ACCOUNT_KEY_JSON="${BASEDIR}/private_key.json"

# Default keysize for private keys (default: 4096)
# KEYSIZE="4096"

# Path to openssl config file (default: <unset> - tries to figure out system default)
OPENSSL_CNF="/opt/bitnami/common/bin/openssl"

# Program or function called in certain situations
#
# After generating the challenge-response, or after failed challenge (in this case altname is empty)
# Given arguments: clean_challenge|deploy_challenge altname token-filename token-content
#
# After successfully signing certificate
# Given arguments: deploy_cert domain path/to/privkey.pem path/to/cert.pem path/to/fullchain.pem
#
# BASEDIR and WELLKNOWN variables are exported and can be used in an external program
# default: <unset>
#HOOK=

# Chain clean_challenge|deploy_challenge arguments together into one hook call per certificate (default: no)
#HOOK_CHAIN="no"

# Minimum days before expiration to automatically renew certificate (default: 30)
RENEW_DAYS="30"

# Regenerate private keys instead of just signing new certificates on renewal (default: yes)
PRIVATE_KEY_RENEW="yes"

# Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1
#KEY_ALGO=rsa

# E-mail to use during the registration (default: <unset>)
#CONTACT_EMAIL=

# Lockfile location, to prevent concurrent access (default: $BASEDIR/lock)
#LOCKFILE="${BASEDIR}/lock"

@nilthacker commented on GitHub (May 26, 2016): Here's the entire config file: ``` ######################################################## # This is the main config file for letsencrypt.sh # # # # This file is looked for in the following locations: # # $SCRIPTDIR/config (next to this script) # # /usr/local/etc/letsencrypt.sh/config # # /etc/letsencrypt.sh/config # # ${PWD}/config (in current working-directory) # # # # Default values of this config are in comments # ######################################################## # Path to certificate authority (default: https://acme-v01.api.letsencrypt.org/directory) #CA="https://acme-v01.api.letsencrypt.org/directory" CA="https://acme-staging.api.letsencrypt.org/directory" # Path to license agreement (default: https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf) LICENSE="https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf" # Which challenge should be used? Currently http-01 and dns-01 are supported CHALLENGETYPE="http-01" # Path to a directory containing additional config files, allowing to override # the defaults found in the main configuration file. Additional config files # in this directory needs to be named with a '.sh' ending. # default: <unset> #CONFIG_D= # Base directory for account key, generated certificates and list of domains (default: $SCRIPTDIR -- uses config directory if undefined) BASEDIR=$SCRIPTDIR # File containing the list of domains to request certificates for (default: $BASEDIR/domains.txt) DOMAINS_TXT="${BASEDIR}/domains.txt" # Output directory for challenge-tokens to be served by webserver or deployed in HOOK (default: $BASEDIR/.acme-challenges) WELLKNOWN="${BASEDIR}/.well-known/acme-challenge" # Location of private account key (default: $BASEDIR/private_key.pem) ACCOUNT_KEY="${BASEDIR}/private_key.pem" # Location of private account registration information (default: $BASEDIR/private_key.json) ACCOUNT_KEY_JSON="${BASEDIR}/private_key.json" # Default keysize for private keys (default: 4096) # KEYSIZE="4096" # Path to openssl config file (default: <unset> - tries to figure out system default) OPENSSL_CNF="/opt/bitnami/common/bin/openssl" # Program or function called in certain situations # # After generating the challenge-response, or after failed challenge (in this case altname is empty) # Given arguments: clean_challenge|deploy_challenge altname token-filename token-content # # After successfully signing certificate # Given arguments: deploy_cert domain path/to/privkey.pem path/to/cert.pem path/to/fullchain.pem # # BASEDIR and WELLKNOWN variables are exported and can be used in an external program # default: <unset> #HOOK= # Chain clean_challenge|deploy_challenge arguments together into one hook call per certificate (default: no) #HOOK_CHAIN="no" # Minimum days before expiration to automatically renew certificate (default: 30) RENEW_DAYS="30" # Regenerate private keys instead of just signing new certificates on renewal (default: yes) PRIVATE_KEY_RENEW="yes" # Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1 #KEY_ALGO=rsa # E-mail to use during the registration (default: <unset>) #CONTACT_EMAIL= # Lockfile location, to prevent concurrent access (default: $BASEDIR/lock) #LOCKFILE="${BASEDIR}/lock" ```

adam commented 2025-12-29 00:25:05 +01:00

Author

Owner

Copy Link

@lukas2511 commented on GitHub (May 26, 2016):

Set /opt/bitnami/common/openssl/openssl.cnf

@lukas2511 commented on GitHub (May 26, 2016): Set `/opt/bitnami/common/openssl/openssl.cnf`

adam commented 2025-12-29 00:25:05 +01:00

Author

Owner

Copy Link

@nilthacker commented on GitHub (May 26, 2016):

That fixed that error, I didn't see the extra /bin/ in there. Thanks for the help.

@nilthacker commented on GitHub (May 26, 2016): That fixed that error, I didn't see the extra `/bin/` in there. Thanks for the help.

adam referenced this issue 2025-12-29 01:28:37 +01:00

[PR #106] [CLOSED] Fix issue 101 #715

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

sudo-env

testing

rfc8738

jsonsh

v0.7.2

v0.7.1

v0.7.0

v0.6.5

v0.6.4

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

v0.4.0

v0.3.1

v0.3.0

v0.2.0

v0.1.0

Labels

Clear labels

Complicated

bug

enhancement

help wanted

pull-request

Mirrored from GitHub Pull Request

suggestions wanted

testing

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

adam

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/dehydrated#106