Hello guys,
I can't restore my webpage certificates to default.
I created a Let's Encrypt certificate for my database GUI, expired and I can't renew it. My idea is that I could try to remove it from my VE and restoring to defaults. I did try the method from this site: pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x_and_newer) (Revert to default configuration) and it did nothing at all.
I tried revoking it with acme.sh and certbot-auto from another machine and here is what happened...
Acme.sh (local):
acme.sh --revoke -d <domain.com>
[Tue Aug 29 23:20:52 CEST 2017] Try domain key first.
[Tue Aug 29 23:20:53 CEST 2017] Revoke error by domain key.
[Tue Aug 29 23:20:53 CEST 2017] {"type":"urn:acme:error:unauthorized","detail":"Revocation request must be signed by private key of cert to be revoked, by the account key of the account that issued it, or by the account key of an account that holds valid authorizations for all names in the certificate.","status": 403}
[Tue Aug 29 23:20:53 CEST 2017] Try account key.
[Tue Aug 29 23:20:54 CEST 2017] Revoke error.
And certbot on another machine:
2017-08-29 21:23:29,463EBUG:certbot.main:certbot version: 0.17.0
2017-08-29 21:23:29,463EBUG:certbot.main:Arguments: ['--cert-path', '/home/someuser/revoke/cert.pem', '--key-path', '/home/someuser/revoke/account.key']
2017-08-29 21:23:29,463EBUG:certbot.mainiscovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2017-08-29 21:23:29,476EBUG:certbot.log:Root logging level set at 20
2017-08-29 21:23:29,476:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-08-29 21:23:29,477EBUG:certbot.main:Revoking /home/someuser/revoke/cert.pem using cert key /home/someuser/revoke/account.key
2017-08-29 21:23:29,478:ERROR:certbot.crypto_util:verifying the cert located at /home/someuser/revoke/cert.pem matches the private key located at /home/someuser/revoke/account.key has failed. Details: [('x509 certificate routines', 'X509_check_private_key', 'key values mismatch')]
Traceback (most recent call last):
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/crypto_util.py", line 252, in verify_cert_matches_priv_key
context.use_privatekey_file(key_path)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/OpenSSL/SSL.py", line 655, in use_privatekey_file
self._raise_passphrase_exception()
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/OpenSSL/SSL.py", line 631, in _raise_passphrase_exception
_raise_current_error()
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/OpenSSL/_util.py", line 48, in exception_from_error_queue
raise exception_type(errors)
Error: [('x509 certificate routines', 'X509_check_private_key', 'key values mismatch')]
2017-08-29 21:23:29,479EBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
sys.exit(main())
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 753, in main
return config.func(config, plugins)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 570, in revoke
crypto_util.verify_cert_matches_priv_key(config.cert_path[0], config.key_path[0])
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/crypto_util.py", line 260, in verify_cert_matches_priv_key
raise errors.Error(error_str)
Error: verifying the cert located at /home/someuser/revoke/cert.pem matches the private key located at /home/someuser/revoke/account.key has failed. Details: [('x509 certificate routines', 'X509_check_private_key', 'key values mismatch')]
I can't restore my webpage certificates to default.
I created a Let's Encrypt certificate for my database GUI, expired and I can't renew it. My idea is that I could try to remove it from my VE and restoring to defaults. I did try the method from this site: pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x_and_newer) (Revert to default configuration) and it did nothing at all.
I tried revoking it with acme.sh and certbot-auto from another machine and here is what happened...
Acme.sh (local):
acme.sh --revoke -d <domain.com>
[Tue Aug 29 23:20:52 CEST 2017] Try domain key first.
[Tue Aug 29 23:20:53 CEST 2017] Revoke error by domain key.
[Tue Aug 29 23:20:53 CEST 2017] {"type":"urn:acme:error:unauthorized","detail":"Revocation request must be signed by private key of cert to be revoked, by the account key of the account that issued it, or by the account key of an account that holds valid authorizations for all names in the certificate.","status": 403}
[Tue Aug 29 23:20:53 CEST 2017] Try account key.
[Tue Aug 29 23:20:54 CEST 2017] Revoke error.
And certbot on another machine:
2017-08-29 21:23:29,463EBUG:certbot.main:certbot version: 0.17.0
2017-08-29 21:23:29,463EBUG:certbot.main:Arguments: ['--cert-path', '/home/someuser/revoke/cert.pem', '--key-path', '/home/someuser/revoke/account.key']
2017-08-29 21:23:29,463EBUG:certbot.mainiscovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2017-08-29 21:23:29,476EBUG:certbot.log:Root logging level set at 20
2017-08-29 21:23:29,476:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-08-29 21:23:29,477EBUG:certbot.main:Revoking /home/someuser/revoke/cert.pem using cert key /home/someuser/revoke/account.key
2017-08-29 21:23:29,478:ERROR:certbot.crypto_util:verifying the cert located at /home/someuser/revoke/cert.pem matches the private key located at /home/someuser/revoke/account.key has failed. Details: [('x509 certificate routines', 'X509_check_private_key', 'key values mismatch')]
Traceback (most recent call last):
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/crypto_util.py", line 252, in verify_cert_matches_priv_key
context.use_privatekey_file(key_path)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/OpenSSL/SSL.py", line 655, in use_privatekey_file
self._raise_passphrase_exception()
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/OpenSSL/SSL.py", line 631, in _raise_passphrase_exception
_raise_current_error()
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/OpenSSL/_util.py", line 48, in exception_from_error_queue
raise exception_type(errors)
Error: [('x509 certificate routines', 'X509_check_private_key', 'key values mismatch')]
2017-08-29 21:23:29,479EBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
sys.exit(main())
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 753, in main
return config.func(config, plugins)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 570, in revoke
crypto_util.verify_cert_matches_priv_key(config.cert_path[0], config.key_path[0])
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/crypto_util.py", line 260, in verify_cert_matches_priv_key
raise errors.Error(error_str)
Error: verifying the cert located at /home/someuser/revoke/cert.pem matches the private key located at /home/someuser/revoke/account.key has failed. Details: [('x509 certificate routines', 'X509_check_private_key', 'key values mismatch')]