search

yourivw / LEClient

An easy-to-use PHP ACME v2 client library, designed to be used with LetsEncrypt.
MIT License
204 stars 98 forks source link

Error: RSA keypair export failed #35

Closed FabulousGee closed 5 years ago

FabulousGee commented 6 years ago

2018/06/16 05:32:02 [error] 7660#3172: *79 FastCGI sent in stderr: "PHP Warning: openssl_pkey_export(): cannot get key from parameter 1 in htdocs\LEClient\src\LEFunctions.php on line 57 PHP Fatal error: Uncaught RuntimeException: RSA keypair export failed! in htdocs\LEClient\src\LEFunctions.php:57 Stack trace:

0 htdocs\LEClient\src\LEAccount.php(69): LEFunctions::RSAGenerateKeys(NULL, 'keys//account...', 'keys//account...')

1 htdocs\LEClient\LEClient.php(164): LEAccount->__construct(Object(LEConnector), 1, Array, Array)

2 htdocs\cert.php(18): LEClient->__construct(Array, true, 1)

3 {main}

thrown in htdocs\LEClient\src\LEFunctions.php on line 57" while reading response header from upstream, client: xxxxxxxxx, server: xxxxxxxxx, request: "GET /cert.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "xxxxxxxxxxx"

Tried to run the example on Windows with nginx+PHP-FastCGI. If you need more information, let me know.

FabulousGee commented 6 years ago

Since this seems to be a configuration issue regarding OpenSSL, we just should add some more information on what is going on... I raised a PR ( https://github.com/yourivw/LEClient/pull/36 ) for this, feel free to modify.

FabulousGee commented 6 years ago

And I added another PR ( https://github.com/yourivw/LEClient/pull/37 ) to have full coverage.

I resolved the error by overriding the openssl config path manually. You might consider to implement this in a generic way, too. For reference, this is what my code looks like after the both PR (see above) and the modification of the config array:

  $config = array(
      "private_key_type" => OPENSSL_KEYTYPE_RSA,
      "private_key_bits" => intval($keySize),
      "config" => "/php/extras/ssl/openssl.cnf"
  );

  $res = openssl_pkey_new($config);

  if ($res === false) {
      $error = "Could not generate key pair! Check your OpenSSL configuration. OpenSSL Error: ".PHP_EOL;
      while($message = openssl_error_string()){
          $error .= $message.PHP_EOL;
      }
      throw new \RuntimeException($error);
  }

  if(!openssl_pkey_export($res, $privateKey, NULL, $config)) {
      $error = "RSA keypair export failed!! Error: ".PHP_EOL;
      while($message = openssl_error_string()){
          $error .= $message.PHP_EOL;
      }
      throw new \RuntimeException($error);
  }