(network.c.543) SSL: couldn't read X509 certificate from '/etc/lighttpd/server.pem'

[jcconnell]

Receiving this error after installation. I can no longer access the GUI. Any ideas?

[photinus]

What does your /etc/lighttpd/server.pem file look like? That sounds like either the file didn't get the correct permissions set on it or it wasn't able to write out the certificate.

[jcconnell]

The file seems complete. It begins and ends like:

-----BEGIN RSA PRIVATE KEY-----
......
-----END RSA PRIVATE KEY-----

Here are the permissions:

username@ubnt:~$ ls -lha /etc/lighttpd/server.pem
-rw-r--r--    1 root     root        3.2K Jul 25 04:00 /etc/lighttpd/server.pem

[jcconnell]

I've tried twice to install now on two fresh systems and I've noticed I'm never prompted to enter my FQDN. Any ideas why? Perhaps that's my issue with the certificate.

[photinus]

It should be prompting for FQDN... Try running the install.sh again?

Sorry, the notification for your response ended up in my spam folder...

[jcconnell]

Thanks for the response and no problem. I ended up using achimnol's fork of your work.

https://github.com/achimnol/ubnt-letsencrypt

The only way I could get it to prompt for the domain name was to download the script and run it locally. If I used the curl command in your readme, it would never prompt.

Additionally, there is an issue in your install.sh around line 20 where you reference the domain.key without a path. I believe this is what caused my problems. Achimnol's install.sh references the key with the path.

It's working now but I'm trying to find a way to modify it to work with Pound now. If you have any ideas I'd love to hear them.

[nnutter]

I have the same symptom. Like @jcconnell the install.sh failed with,

(network.c.543) SSL: couldn't read X509 certificate from '/etc/lighttpd/server.pem'

For me this was caused by acme_tiny.py failing and letsrenew.sh not handling that which resulted in a missing cert,

$ cat /config/letsencrypt/signed.crt
$

I restored the old cert and restarted lighttpd just to restore the Web UI,

$ sudo cp /config/letsencrypt/oldcert.pem /etc/lighttpd/server.pem
$ sudo /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf

In my case I think acme_tiny.py is failing because I just changed the DNS for my router and I suspect I just need to lets the DNS change propagate. Maybe letsrenew.sh should validate DNS somehow? Regardless letsrenew.sh should probably validate the PEM file before copying it to /etc/lighttpd/server.pem and restarting lighttpd. @photinus would you want me to add that and make an MR?

[penner42]

I'm having a similar issue. install.sh failed. I ran restore.sh. But now on every boot, lighttpd fails to start and I have to manually the old certificate to /etc/lighttpd. Is there somewhere I can copy this file to that it gets copied to the right place on boot?

[CorpulentBrony]

I've had this problem as well, after it working for a while. achimnol's doesn't work either. Both stop at the "Registering account" phase. After 20+ minutes, I hit ctrl+c and get the following:

File "/config/letsencrypt/acme_tiny.py", line 198, in <module> main(sys.argv[1:]) File "/config/letsencrypt/acme_tiny.py", line 194, in main signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca) ...

I also found a version by gilesw, but that one does the exact same thing. Don't know if LE changed something? Seems odd for it to just stop working after a few days of normalcy.

[hmtanbir]

I have similar issue. Can you tell me solution ?