New Setup LetsEncrypt Issue

Hi,

So I have started a new install and used the -c flag for LetsEncrypt, however this failed with the following error

[Info] Issuing certificates...
[Mon Jun 28 09:44:55 UTC 2021] Using stage ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
[Mon Jun 28 09:44:56 UTC 2021] Standalone mode.
[Mon Jun 28 09:44:56 UTC 2021] Standalone mode.
[Mon Jun 28 09:44:56 UTC 2021] Standalone mode.
[Mon Jun 28 09:44:56 UTC 2021] Standalone mode.
[Mon Jun 28 09:44:56 UTC 2021] Standalone mode.
[Mon Jun 28 09:44:57 UTC 2021] Create account key ok.
[Mon Jun 28 09:44:57 UTC 2021] Registering account
[Mon Jun 28 09:44:58 UTC 2021] Register account Error: {
  "type": "urn:ietf:params:acme:error:badPublicKey",
  "detail": "key too small: 240",
  "status": 400
}
[Mon Jun 28 09:44:58 UTC 2021] Please add '--debug' or '--log' to check more details.
[Mon Jun 28 09:44:58 UTC 2021] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh

I am new to openBalena, so can anyone point me in the direction of how to fix this?

Thanks

Hello @wildfireone

could you please confirm your balenaOS version and the supervisor version? Thanks!

So if anyone else gets this, looks like the version of acme.sh is too old. What worked for me is to change the checked out version in src/cert-provider/DockerFile on line 12 to git checkout 2.8.9

Rebuild the container and start it back up. You will then encounter this issue: Using real (not self-signed) certificates - #184 by ppoth

You will need to look at this and comment out lines 182 & 183 to fix it:

Hope this helps others

1 Like

BTW welcome to the balena forums community :slight_smile:

Ok! That was fast @wildfireone thank you for reporting the solution!

Feel free to contribute into the openBalena repository!

Let us know how we can help you more!

Thanks, well I had some time this morning so thought I might try and resolve the issue myself by getting down and dirty with how you have it setup. Do you prefer this as a PR in github, or shall I raise it as an issue on there?

1 Like

Thanks for looking into this issue, wildfireone! It seems that on some systems acme.sh has problems with xxd which does the key transformation, hence the error key too small: 240. This is reported here and seems to be resolved from acme v2.8.9 onwards, as you have figured out.

As Marc said, feel free to contribute to the openBalena repository!

Thanks to community contribution the tracking issue Cert Provider - Cannot issue a production certificate · Issue #108 · balena-io/open-balena · GitHub has been closed. This issue and related PR should have fixed the here discussed issue.
Thanks to everyone involved.