Acme.sh: Cannot read key length from csr
Hi @Neilpang
I have an issue while validating a CSR.
Steps to reproduce
acme.sh --showcsr --csr /path/to/mycsr.csr
Error Message: Cannot read key length from csr: CSR.csr
This was the command executed:
./acme.sh --signcsr --csr CSR.csr --tls --test --debug 2
The CSR is a valid one. I tested with Symantec here: https://cryptoreport.websecurity.symantec.com/checker/views/csrCheck.jsp
Debug log
./acme.sh --signcsr --csr CSR.csr --tls --test --debug 2
[Thu Mar 30 18:22:23 UTC 2017] Lets find script dir.
[Thu Mar 30 18:22:23 UTC 2017] _SCRIPT_='./acme.sh'
[Thu Mar 30 18:22:23 UTC 2017] _script='/root/.acme.sh/acme.sh'
[Thu Mar 30 18:22:23 UTC 2017] _script_home='/root/.acme.sh'
[Thu Mar 30 18:22:23 UTC 2017] Using default home:/root/.acme.sh
[Thu Mar 30 18:22:23 UTC 2017] Using config home:/root/.acme.sh
[Thu Mar 30 18:22:23 UTC 2017] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/Neilpang/acme.sh
v2.6.7
[Thu Mar 30 18:22:23 UTC 2017] Using config home:/root/.acme.sh
[Thu Mar 30 18:22:23 UTC 2017] Using stage api:https://acme-staging.api.letsencrypt.org
[Thu Mar 30 18:22:23 UTC 2017] _csrsubj='myDN' (* remove the data here. Is ok )
[Thu Mar 30 18:22:23 UTC 2017] _csrsubj='myDN' ( remove the data here. Is ok *)
[Thu Mar 30 18:22:23 UTC 2017] _dnsAltnames
[Thu Mar 30 18:22:23 UTC 2017] AltNames doesn't contain subject
[Thu Mar 30 18:22:23 UTC 2017] _csrdomainlist
[Thu Mar 30 18:22:23 UTC 2017] RSA CSR
[Thu Mar 30 18:22:23 UTC 2017] Can not read key length from csr: CSR.csr
Could you please help me with this issue?
Thanks!
fpeterson194
All 9 comments
@Neilpang I found out other closed issue here #614 in which @TomFreudenberg commented it.
Do you know if the issue still persist?
Thanks in advance!
fpeterson194
on 31 Mar 2017
Hi @fpeterson194
Please try to change the Regex in Line: https://github.com/Neilpang/acme.sh/blob/master/acme.sh#L1110
from
echo "$_outcsr" | _egrep_o "(^ *|^RSA )Public.Key:.*" | cut -d '(' -f 2 | cut -d ' ' -f 1
to
echo "$_outcsr" | _egrep_o "^.*Public(-| )Key:.*" | cut -d '(' -f 2 | cut -d ' ' -f 1
That worked for me all the time.
Cheers
Tom
TomFreudenberg
on 31 Mar 2017
@fpeterson194 - Sorry first post was not my last used Regex, I have updated the previous comment.
TomFreudenberg
on 31 Mar 2017
This should do the job as well:
echo "$_outcsr" | _egrep_o "^ *(RSA )?Public.Key:.*" | cut -d '(' -f 2 | cut -d ' ' -f 1
@TomFreudenberg excellent! Thanks very much for your prompt reply! I will give it a try to this regex and get back to you :)
Until this is solved, we should keep in mind not to update the agent or change this line with any new version.
fpeterson194
on 1 Apr 2017
@fpeterson194
Please tell me your OS version and openssl version.
Neilpang
on 1 Apr 2017
@Neilpang
SUSE Linux Enterprise Server 11 (x86_64) VERSION = 11 PATCHLEVEL = 4
OpenSSL 0.9.8j-fips 07 Jan 2009
fpeterson194
on 4 Apr 2017
@fpeterson194
I just added more debug info for you at: https://github.com/Neilpang/acme.sh/pull/771/commits/7df062b7d7d9ff95f6a3b58f005431ccd3cd4ec8
Please try with the latest code with --debug 2 level. Then paste to me the debug output.
Neilpang
on 4 Apr 2017
Hi guys, @TomFreudenberg @fpeterson194
I just made a fix.
Please try with the lastest dev branch:
export BRANCH=dev
acme.sh --upgrade
Related issues
simkimsia
路
5Comments
p3x-robot
路
5Comments
hxx-fetch
路
4Comments
caruccio
路
5Comments
luochenzhimu
路
3Comments