search

django / daphne

Django Channels HTTP/WebSocket server
BSD 3-Clause "New" or "Revised" License
2.37k stars 266 forks source link

Daphne SSL certs failing #407

Closed patientplatypus6 closed 2 years ago

patientplatypus6 commented 2 years ago

Running

daphne -e ssl:443:privateKey=./yourdomain.pem:certKey=./yourdomain_public.pem lightchan.asgi:application

results in

(env) pweyand@pweyand-ThinkPad-E15:~/NEST/lightchan/lightchan/backend/lightchan$ ./run.sh 
inside the ready function
2022-02-27 16:48:45,426 INFO     Starting server at ssl:443:privateKey=yourdomain.pem:certKey=yourdomain_public.pem
2022-02-27 16:48:45,427 INFO     HTTP/2 support enabled
2022-02-27 16:48:45,427 INFO     Configuring endpoint ssl:443:privateKey=yourdomain.pem:certKey=yourdomain_public.pem
Traceback (most recent call last):
  File "/home/pweyand/.local/bin/daphne", line 8, in <module>
    sys.exit(CommandLineInterface.entrypoint())
  File "/home/pweyand/.local/lib/python3.8/site-packages/daphne/cli.py", line 170, in entrypoint
    cls().run(sys.argv[1:])
  File "/home/pweyand/.local/lib/python3.8/site-packages/daphne/cli.py", line 285, in run
    self.server.run()
  File "/home/pweyand/.local/lib/python3.8/site-packages/daphne/server.py", line 123, in run
    ep = serverFromString(reactor, str(socket_description))
  File "/home/pweyand/.local/lib/python3.8/site-packages/twisted/internet/endpoints.py", line 1779, in serverFromString
    nameOrPlugin, args, kw = _parseServer(description, None)
  File "/home/pweyand/.local/lib/python3.8/site-packages/twisted/internet/endpoints.py", line 1703, in _parseServer
    return (endpointType.upper(),) + parser(factory, *args[1:], **kw)
  File "/home/pweyand/.local/lib/python3.8/site-packages/twisted/internet/endpoints.py", line 1436, in _parseSSL
    privateCertificate = ssl.PrivateCertificate.loadPEM(certPEM + b"\n" + keyPEM)
  File "/home/pweyand/.local/lib/python3.8/site-packages/twisted/internet/_sslverify.py", line 632, in loadPEM
    return Class.load(
  File "/home/pweyand/.local/lib/python3.8/site-packages/twisted/internet/_sslverify.py", line 612, in load
    return Class._load(data, format)._setPrivateKey(privateKey)
  File "/home/pweyand/.local/lib/python3.8/site-packages/twisted/internet/_sslverify.py", line 452, in load
    return Class(crypto.load_certificate(format, requestData), *args)
  File "/home/pweyand/.local/lib/python3.8/site-packages/OpenSSL/crypto.py", line 1962, in load_certificate
    _raise_current_error()
  File "/home/pweyand/.local/lib/python3.8/site-packages/OpenSSL/_util.py", line 55, in exception_from_error_queue
    raise exception_type(errors)
OpenSSL.crypto.Error: [('PEM routines', 'get_name', 'no start line')]

The start lines for OpenSSL are valid

(env) pweyand@pweyand-ThinkPad-E15:~/NEST/lightchan/lightchan/backend/lightchan$ cat yourdomain_public.pem 
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwStU6BsF/kxkV1qvICpQ
Z7ReKewrFEoRaBeb/eFPHdqAK7ohEBRbafbJCGGWwKIfx9fjVRkL1xjoE6KtU92t
1Sw1VU1tpLLdpCzMRbsf6cVvCgJcLypyOxfjxKojfvBwfAAFa4Q/dlqqfJuMu2wv
8ooIy/xvRXv6Ltgu8zsmewZcw3CaxXfiE6OeGXjiQFynxVj/mfjoHgfoxN+UCxRE
79F6rP4lStZe+LG/+MsayfCzclDEl16UPh3c7ihQORg9UASa69nd69JXLQa4DxIN
3hC5Z9ue5SQJ0n6KNL7vJ5T7CvstRbTajray0mYVBFuQ6jPm6a9TXWvZeAhGIOGs
wQIDAQAB
-----END PUBLIC KEY-----
(env) pweyand@pweyand-ThinkPad-E15:~/NEST/lightchan/lightchan/backend/lightchan$ cat yourdomain.pem 
-----BEGIN RSA PRIVATE KEY-----
MIIEpgIBAAKCAQEAwStU6BsF/kxkV1qvICpQZ7ReKewrFEoRaBeb/eFPHdqAK7oh
EBRbafbJCGGWwKIfx9fjVRkL1xjoE6KtU92t1Sw1VU1tpLLdpCzMRbsf6cVvCgJc
LypyOxfjxKojfvBwfAAFa4Q/dlqqfJuMu2wv8ooIy/xvRXv6Ltgu8zsmewZcw3Ca
xXfiE6OeGXjiQFynxVj/mfjoHgfoxN+UCxRE79F6rP4lStZe+LG/+MsayfCzclDE
l16UPh3c7ihQORg9UASa69nd69JXLQa4DxIN3hC5Z9ue5SQJ0n6KNL7vJ5T7Cvst
RbTajray0mYVBFuQ6jPm6a9TXWvZeAhGIOGswQIDAQABAoIBAQCezHR8atq+dyZ1
+YLGOoLm/gv7Ar9Xapxsqhv+1d4oeJutVtIfWdzce5hAX5mCusTNkNi9+F0Xcs42
diFvNGnXOQSPH5vnLXOvp3Q2TuKpVzk1TUNjMs29bqI75nJPxHF0PsA15v4U2ewV
i/phiUrRZFBfASKoSIcfQ3E1W4cC0oZj8DSQGWeM/TEKz6wZ2b71MlkPdkqagG2l
snoG3jIj8CFWaOxTOgCYDI3pgBlEb+86cLet9r5MiMyk/meRtZ0JkRvbJhi/FKky
YEWjnqUr4pRjC7wnL1VE9Oq3ZVZmyX8n5RZJaDGYstkRFo669DB5kZnY00s37RNc
eT8ATcXBAoGBAOSmGTIvDRy1+r2wTKIZIwZybEvR/HzsE+086Hb2WDfi01tT4avp
oDSy0qxUfJ26mJgdINHoIQXUt5n6j6QchYAsESQidDrlFf5/6BuE+6W9Fa7mYn1V
vXz06hnxotWIFiqmHXrp9HJAkgzPiv1DGCj3cgKF8a+UICbQEap0uRJNAoGBANhG
vpfRSkpTIGFonkbCoiTHVXmX5wHp7DBqmXgnfje6vYNPjyWiytXuTXBTyPkTVHCp
QPfD+/G5hD+UMA6pC6B2npybz1VDwl7DT/PbNNUjgnsX2lWucNmEj77Vf5dVByiA
hPuFoV/X0y2Ccu/8ZeMB+Mk3t091K8oG4SIUcbZFAoGBAKmn5UIrT1tiXC6rxfDx
HeAGvvxzTxmSQibh7st2dnbhQ1qcnvJkY482sMNV3TFb5yXXVybpSrd84s7J8BMh
Zp14FS/usLeSjANO/PaOcfrElnY0VBgTqooxYBLoDJ7MX0Y+A9nUBqFP8A65YLQT
OLYNBPeCU5aoHkMuWC1WdoxxAoGBAJphXVlHhw0o6zs9D4YZFt7D/yqNmNNP5E3n
Oed/4WPsg6zA1MCbxMgSk+pzlEjfWG4XEw4JMsWolFNB90/vsSH4ql3GBqipdoxo
RKEgP0VJVLGDJFH29A0AyA8DnVEr27E4lDRqfffJOrAIpvzRoPT7Cliv0cUBMaHD
aV8HUug1AoGBAIOx/+nEhn+fddwUF0dmYNGx9qJw27oenA1Ynty5vXaQKzU/TOw3
WsCV+8p4rMZ7vDOmDjMHYOcSACx6vYl5KCIXdWXv9HevQ/2NTHGaNUWYQHxyE9/Z
5emHnx0lSsCoSoBPNKhrUQoP6MROMeSPW8KOsMCTMpd1HPv38nDRoqBw
-----END RSA PRIVATE KEY-----

...and are located in the current directory. Why isn't this working?

EDIT:

daphne -b 0.0.0.0 -p 8001 lightchan.asgi:application

Works as expected, so it's not that the application can't find the asgi or the asgi is somehow misconfigured.

carltongibson commented 2 years ago

It's not sufficiently clear that there's an error with Daphne here.