Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

What would cause the error "Error creating new cert :: Certificate public key must be different than account key" #11

Closed
russellballestrini opened this issue Nov 5, 2015 · 9 comments
Closed

What would cause the error "Error creating new cert :: Certificate public key must be different than account key" #11

russellballestrini opened this issue Nov 5, 2015 · 9 comments

Comments

@russellballestrini
Copy link

{"type":"urn:acme:error:malformed","detail":"Error creating new cert :: Certificate public key must be different than account key"}

I'm using the following process to create public and private keys and CSR:

http://www.foxhop.net/ssl-certificates#how-i-manage-requesting-certs
@diafygi
Copy link
Owner

diafygi commented Nov 5, 2015

Your user.key and domain.key can't be the same private key. Unfortunately, this is a restriction by Let's Encrypt[1].

[1] - https://github.com/letsencrypt/boulder/blob/master/ra/registration-authority.go#L483

@diafygi diafygi closed this as completed Nov 5, 2015
@russellballestrini
Copy link
Author

Thank you for the really quick reply!

Wow, ok thats a pain. I'm thinking about creating a PR that puts $USERKEY instead of user.key to stdout, so that the lines are documented but could also be copied and pasted without modification if the user has the environment var set.

Thoughts?

@diafygi
Copy link
Owner

diafygi commented Nov 5, 2015

Interesting, the issue I see is that if users export USERKEY="/path/to/user.key" in their current terminal (seems likely), then when you paste the commands into a new terminal window, that environmental variable won't be available.

@russellballestrini
Copy link
Author

Yeah, it would need to be exported in the term that the pasting is occurring in, but still acts as a placeholder if they don't want to use ENV vars.

@diafygi
Copy link
Owner

diafygi commented Nov 5, 2015

how about this?

STEP 2: You need to sign some files (replace './user.key' with the path to your user private key).

export USERKEY="./user.key"
openssl dgst -sha256 -sign $USERKEY -out register_KN2ihH.sig register_ABUO4T.json
openssl dgst -sha256 -sign $USERKEY -out domain_BbpWG4.sig domain_rSKa5G.json
openssl dgst -sha256 -sign $USERKEY -out challenge_fo6_ib.sig challenge_e3gHzd.json
openssl dgst -sha256 -sign $USERKEY -out cert_36OUdW.sig cert_3IZULZ.json

Press Enter when you've run the above commands in a new terminal window...

@russellballestrini
Copy link
Author

Looks good to me, STEP 3 output would need the same change.

Also now that I think about it, maybe $USER_PRIVATE_KEY is more descriptive / verbose.

I just successfully used this tool to create a cert, great work!

I'm going to be writing a blog post later tonight.

@diafygi
Copy link
Owner

diafygi commented Nov 5, 2015

Cool, do you want the honors of doing a pull request, or should I do it?

@russellballestrini
Copy link
Author

I'll work on a PR after dinner. ; )

On Thu, Nov 5, 2015, 5:59 PM Daniel Roesler notifications@github.com
wrote:

Cool, do you want the honors of doing a pull request, or should I do it?


Reply to this email directly or view it on GitHub
#11 (comment)
.

@russellballestrini russellballestrini mentioned this issue Nov 6, 2015
Closed
@russellballestrini
Copy link
Author

This was user error, I misunderstood which keys were needed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@diafygi @russellballestrini