search

polhenarejos / acme_email

ACME Email Client for EmailReply-00 Challenge
https://acme.castle.cloud
GNU General Public License v3.0
46 stars 7 forks source link

ValueError: Valid PEM but no BEGIN CERTIFICATE/END CERTIFICATE delimiters. #30

Closed HepplerDotNet closed 2 years ago

HepplerDotNet commented 2 years ago

I just tried to run acme_mail on my RHEL8 devbox and setup my environment like this dnf install python3.9 -y wget https://github.com/polhenarejos/acme_email/archive/refs/heads/main.zip unzip main.zip cd acme_email-main python3.9 -m venv venv source venv/bin/activate pip install wheel pip install .

But running python3.9 cli.py cert --config-dir . --work-dir . --logs-dir . -e my@mail.net --contact my@mail.net --usage digitalSignature --usage keyEncipherment aborts with this message:

/root/acme_email-main/cli.py:48: DeprecationWarning: IConfig attribute in certbot.interfaces module is deprecated and will be removed soon.
  zope.component.provideUtility(config, interfaces.IConfig)
Saving debug log to /root/acme_email-main/letsencrypt.log
/root/acme_email-main/cli.py:194: DeprecationWarning: IReporter attribute in certbot.interfaces module is deprecated and will be removed soon.
  zope.component.provideUtility(report, interfaces.IReporter)
An unexpected error occurred:
ValueError: Valid PEM but no BEGIN CERTIFICATE/END CERTIFICATE delimiters. Are you sure this is a certificate?
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /root/acme_email-main/letsencrypt.log or re-run Certbot with -v for more details.

Full letsencrypt.log

2022-05-16 20:51:46,193:DEBUG:certbot._internal.log:Root logging level set at 30
2022-05-16 20:51:46,196:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/root/acme_email-main/cli.py", line 257, in <module>
    main(args)
  File "/root/acme_email-main/cli.py", line 200, in main
    request_cert(args, config)
  File "/root/acme_email-main/cli.py", line 64, in request_cert
    root_cert_advise()
  File "/root/acme_email-main/cli.py", line 57, in root_cert_advise
    fingerprints = list(map(lambda a: a.fingerprint(hashes.SHA256()).hex(), root_certs))
  File "/root/acme_email-main/certbot_castle/utils.py", line 36, in get_root_ca_certs
    cert = x509.load_pem_x509_certificate(cert_pem)
  File "/root/acme_email-main/venv/lib64/python3.9/site-packages/cryptography/x509/base.py", line 514, in load_pem_x509_certificate
    return rust_x509.load_pem_x509_certificate(data)
ValueError: Valid PEM but no BEGIN CERTIFICATE/END CERTIFICATE delimiters. Are you sure this is a certificate?
2022-05-16 20:51:46,196:ERROR:certbot._internal.log:An unexpected error occurred:
2022-05-16 20:51:46,197:ERROR:certbot._internal.log:ValueError: Valid PEM but no BEGIN CERTIFICATE/END CERTIFICATE delimiters. Are you sure this is a certificate?
polhenarejos commented 2 years ago

May I see which package versions are you using?

python3 -c 'import cryptography; print(cryptography.__version__)'
python3 -c 'import certbot; print(certbot.__version__)'

BTW, I think you have a cert in non-PEM format, probably in DER, at /etc/ssl/certs. Is that right?

HepplerDotNet commented 2 years ago

I already deleted the client, since the CA is not trusted and thus useless for me.