starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-01-11 22:30:44 +01:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

Error when creating fullchain #147

New Issue
Closed
opened 2025-12-29 00:25:50 +01:00 by adam · 4 comments
adam commented 2025-12-29 00:25:50 +01:00
Owner
Copy Link

Originally created by @wibimaster on GitHub (Sep 17, 2016).

Hi,

I try to create a certificate with DNS validation, but it always fail on fullchain creation :

 + Challenge is valid!
 + Requesting certificate...
 + Checking certificate...
 + Done!
 + Creating fullchain.pem...
unable to load certificate
140288499504896:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:crypto/asn1/asn1_lib.c:100:

I take a look on the code, and after some debug I see that the certificate that fail comes from :
http://cert.int-x3.letsencrypt.org/

Note: I'm working with "OpenSSL 1.1.0 25 Aug 2016"

I tried :

wget -4 http://cert.int-x3.letsencrypt.org/ && \
mv index.html test.pem && \
openssl x509 -in "test.pem" -inform DER -out "test2.pem" -outform PEM

=> fail

wget -4 http://cert.int-x3.letsencrypt.org/ && \
mv index.html test.pem && \
openssl x509 -in "test.pem" -inform DER -out "test2.pem" -outform PEM

=> success

The only difference is the name of the output file which is different from the input file.

On your bash script you do the same thing :

openssl x509 -in "${CERTDIR}/${domain}/chain-${timestamp}.pem" -inform DER -out "${CERTDIR}/${domain}/chain-${timestamp}.pem" -outform PEM

I try a rename before :

mv ${CERTDIR}/${domain}/chain-${timestamp}.pem ${CERTDIR}/${domain}/tmp-chain-${timestamp}.pem
openssl x509 -in "${CERTDIR}/${domain}/tmp-chain-${timestamp}.pem" -inform DER -out "${CERTDIR}/${domain}/chain-${timestamp}.pem" -outform PEM

and it works.

Can you fix it ?

Thanks !

Originally created by @wibimaster on GitHub (Sep 17, 2016). Hi, I try to create a certificate with DNS validation, but it always fail on fullchain creation : ``` + Challenge is valid! + Requesting certificate... + Checking certificate... + Done! + Creating fullchain.pem... unable to load certificate 140288499504896:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:crypto/asn1/asn1_lib.c:100: ``` I take a look on the code, and after some debug I see that the certificate that fail comes from : http://cert.int-x3.letsencrypt.org/ Note: I'm working with "OpenSSL 1.1.0 25 Aug 2016" I tried : ``` wget -4 http://cert.int-x3.letsencrypt.org/ && \ mv index.html test.pem && \ openssl x509 -in "test.pem" -inform DER -out "test2.pem" -outform PEM ``` => fail ``` wget -4 http://cert.int-x3.letsencrypt.org/ && \ mv index.html test.pem && \ openssl x509 -in "test.pem" -inform DER -out "test2.pem" -outform PEM ``` => success The only difference is the name of the output file which is different from the input file. On your bash script you do the same thing : ``` openssl x509 -in "${CERTDIR}/${domain}/chain-${timestamp}.pem" -inform DER -out "${CERTDIR}/${domain}/chain-${timestamp}.pem" -outform PEM ``` I try a rename before : ``` mv ${CERTDIR}/${domain}/chain-${timestamp}.pem ${CERTDIR}/${domain}/tmp-chain-${timestamp}.pem openssl x509 -in "${CERTDIR}/${domain}/tmp-chain-${timestamp}.pem" -inform DER -out "${CERTDIR}/${domain}/chain-${timestamp}.pem" -outform PEM ``` and it works. Can you fix it ? Thanks !
adam added the bug label 2025-12-29 00:25:50 +01:00
adam closed this issue 2025-12-29 00:25:50 +01:00
adam commented 2025-12-29 00:25:51 +01:00
Author
Owner
Copy Link

@lukas2511 commented on GitHub (Sep 17, 2016):

@wibimaster can you check if that fixed your problem?

@lukas2511 commented on GitHub (Sep 17, 2016): @wibimaster can you check if that fixed your problem?
adam commented 2025-12-29 00:25:51 +01:00
Author
Owner
Copy Link

@wibimaster commented on GitHub (Sep 17, 2016):

I got a fail now, don't know if it's a consequence of the fix :

Processing xxx.xxx with alternative names: www.xxx.xxx
 + Signing domains...
 + Creating new directory /home/xxx/dehydrated/certs/xxx.xxx ...
 + Generating private key...
 + Generating signing request...
 + Requesting challenge for xxx.xxx...
  + ERROR: An error occurred while sending post-request to https://acme-staging.api.letsencrypt.org/acme/new-authz (Status 403)

Details:
{
  "type": "urn:acme:error:unauthorized",
  "detail": "No registration exists matching provided key",
  "status": 403
}

EDIT

Sorry, just see https://github.com/lukas2511/dehydrated/issues/92

All seems good but DNS validation is very slow, I could validate as soon as it's finished

@wibimaster commented on GitHub (Sep 17, 2016): I got a fail now, don't know if it's a consequence of the fix : ``` Processing xxx.xxx with alternative names: www.xxx.xxx + Signing domains... + Creating new directory /home/xxx/dehydrated/certs/xxx.xxx ... + Generating private key... + Generating signing request... + Requesting challenge for xxx.xxx... + ERROR: An error occurred while sending post-request to https://acme-staging.api.letsencrypt.org/acme/new-authz (Status 403) Details: { "type": "urn:acme:error:unauthorized", "detail": "No registration exists matching provided key", "status": 403 } ``` **EDIT** Sorry, just see https://github.com/lukas2511/dehydrated/issues/92 All seems good but DNS validation is very slow, I could validate as soon as it's finished
adam commented 2025-12-29 00:25:52 +01:00
Author
Owner
Copy Link

@wibimaster commented on GitHub (Sep 17, 2016):

That's OK, temporary got a fail :

  + ERROR: An error occurred while sending post-request to https://acme-staging.api.letsencrypt.org/acme/challenge/5J3S4KbKiWRmhBISoUyOdhQMxFQT3F1yY9TLdTPz03U/14433918 (Status 400)

Details:
{
  "type": "urn:acme:error:malformed",
  "detail": "JWS verification error",
  "status": 400
}

 + OVH hook executing: clean_challenge
 + http_request() error in letsencrypt.sh?

But after a retry all seems good :)

Thanks !

@wibimaster commented on GitHub (Sep 17, 2016): That's OK, temporary got a fail : ``` + ERROR: An error occurred while sending post-request to https://acme-staging.api.letsencrypt.org/acme/challenge/5J3S4KbKiWRmhBISoUyOdhQMxFQT3F1yY9TLdTPz03U/14433918 (Status 400) Details: { "type": "urn:acme:error:malformed", "detail": "JWS verification error", "status": 400 } + OVH hook executing: clean_challenge + http_request() error in letsencrypt.sh? ``` But after a retry all seems good :) Thanks !
adam commented 2025-12-29 00:25:52 +01:00
Author
Owner
Copy Link

@lukas2511 commented on GitHub (Sep 17, 2016):

@wibimaster Since you are doing dns validation the temporary error was probably because the dns entry didn't propagate fast enough.

@lukas2511 commented on GitHub (Sep 17, 2016): @wibimaster Since you are doing dns validation the temporary error was probably because the dns entry didn't propagate fast enough.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Complicated
bug
enhancement
help wanted
pull-request
Mirrored from GitHub Pull Request
 suggestions wanted
testing
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/dehydrated#147
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?