starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-01-13 15:13:33 +01:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

openssl config usage missing on requesting certificate #225

New Issue
Closed
opened 2025-12-29 01:19:15 +01:00 by adam · 0 comments
adam commented 2025-12-29 01:19:15 +01:00
Owner
Copy Link

Originally created by @kyse on GitHub (Jun 4, 2017).

I noticed when I was trying to run this script on a UTM host with an openssl config specified in my dehydrated config file, I kept running into an issue where openssl would complain about not being able to load up section v3_ca. This was due to the openssl.cnf in /etc/ssl/openssl.cnf using some env variable dehydrated doesn't use. The openssl.cnf file I specify in the dehydrated config isn't being applied when it attmepts to create a csr:

 echo " + Requesting certificate..."
  csr64="$( <<<"${csr}" openssl req -outform DER | urlbase64)"

Now, I didn't mess around much to create a tmp config, but changing it to this seemed to resolve the issue.

 echo " + Requesting certificate..."
  csr64="$( <<<"${csr}" openssl req -config ${OPENSSL_CNF} -outform DER | urlbase64)"

This stumped me for a while because I thought it was an error in my openssl.cnf file I specified, but turns out it was using the default cert UTM has since dehyrated is not specifying the cert in this call.

Originally created by @kyse on GitHub (Jun 4, 2017). I noticed when I was trying to run this script on a UTM host with an openssl config specified in my dehydrated config file, I kept running into an issue where openssl would complain about not being able to load up section v3_ca. This was due to the openssl.cnf in /etc/ssl/openssl.cnf using some env variable dehydrated doesn't use. The openssl.cnf file I specify in the dehydrated config isn't being applied when it attmepts to create a csr: ``` echo " + Requesting certificate..." csr64="$( <<<"${csr}" openssl req -outform DER | urlbase64)" ``` Now, I didn't mess around much to create a tmp config, but changing it to this seemed to resolve the issue. ``` echo " + Requesting certificate..." csr64="$( <<<"${csr}" openssl req -config ${OPENSSL_CNF} -outform DER | urlbase64)" ``` This stumped me for a while because I thought it was an error in my openssl.cnf file I specified, but turns out it was using the default cert UTM has since dehyrated is not specifying the cert in this call.
adam closed this issue 2025-12-29 01:19:15 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Complicated
bug
enhancement
help wanted
pull-request
Mirrored from GitHub Pull Request
 suggestions wanted
testing
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/dehydrated#225
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?