no key with CSR-request

shanti · Sep 29, 2020

Hi,

I found to have an issue at user-level during a CSR-request .. instead of returning CSR and *KEY after submitting a valid request the popup only shows CSR-data.
this seems independet from skin (enhanced+evolution)

here rsa4096+sha256

in /var/log/directadmin/error.log:

Code:

2020:09:29-19:24:55: Ssl::getKeyBit: Error checking for key bit size:
2020:09:29-19:26:58: Couldn't find Private-Key in result for check check
2020:09:29-19:37:00: Old secp384r1-bit key has been backed up to

DA: 1.61.5
CB: uptodate

has anyone seen like this ?

thank & best regards
-c-

shanti · Oct 1, 2020

I ran DA in b9000-debugmode and see that DA creates keys and csr

Code:

executeAsUser('/usr/bin/openssl req -sha256 -new -nodes -key /usr/local/directadmin/data/users/panows/domains/tonstudiowien.co.at.key -config /usr/local/directadmin/data/users/panows/domains/tonstudiowien.co.at.ssltmpQl86BV -out /usr/local/directadmin/data/users/panows/domains/tonstudiowien.co.at.req.tmp', 290, diradmin, 2, '(null)', int *child_pid, *snd, group=(null)) uid=110 gid=116

and

Code:

Apache::write_php_fpm_cgi: username=anows main_domain=diewerkstatt.at : END
Program Sub Location: getHomeDir : anows
Program Sub Location: getHomeDir : anows : done
setOwner:/home/anows/.php: to uid=11016 gid=9999: file already had correct ownership. Not touching it.
setOwner:/home/anows/.php/php-mail.log: to uid=10016 gid=9999: file already had correct ownership. Not touching it.
get_hook_paths_from:/usr/local/directadmin/scripts/custom/user_httpd_write_post.sh: Found hook name 'user_httpd_write_post'
isDir(/usr/local/directadmin/scripts/custom/user_httpd_write_post): lstat error: Datei oder Verzeichnis nicht gefunden
Program Sub Location: getDirFilesAndDirs(/usr/local/directadmin/plugins, *tlf, *tdlf, (null))
Program Sub Location: getDirFilesAndDirs(/usr/local/directadmin/plugins, *tlf, *tdlf, (null)) : done
get_hook_paths_from:/usr/local/directadmin/scripts/custom/user_httpd_write_post.sh: got the following paths for 'user_httpd_write_post':
listType: 0 size=64
Apache::write(creator=(null),...proxy_vh=0): username = anows: end
get_hook_paths_from:/usr/local/directadmin/scripts/custom/ssl_save_post.sh: Found hook name 'ssl_save_post'
isDir(/usr/local/directadmin/scripts/custom/ssl_save_post): lstat error: Datei oder Verzeichnis nicht gefunden
Program Sub Location: getDirFilesAndDirs(/usr/local/directadmin/plugins, *tlf, *tdlf, (null))
Program Sub Location: getDirFilesAndDirs(/usr/local/directadmin/plugins, *tlf, *tdlf, (null)) : done
get_hook_paths_from:/usr/local/directadmin/scripts/custom/ssl_save_post.sh: got the following paths for 'ssl_save_post':
listType: 0 size=64
Program Sub Location: getlock(/usr/local/directadmin/data/task.queue, 'pushOnTaskQueue') : start
Program Sub Location: getlock(/usr/local/directadmin/data/task.queue, 'pushOnTaskQueue') : finished
Dynamic(api=0, error=0):
    text='request created'
    result='Old 0-bit key has been backed up to /home/anows/backup-tonstudio.at-0-bit.key<br>
Newly installed key is 4096-bit<br>
This domain will now temporarily use the Shared Server Certificate, unless you restore the backup key (but backup the new key first or it will become lost)<br>
'
 0: request=&#45;&#45;&#45;&#45;&#45;BEGIN CERTIFICATE REQUEST&#45;&#45;&#45;&#45;&#45;
MIIEyjCCArICAQAwgYQxCzAJBgNVBAYTAkFUMQ&#48;wCwYDVQQIDARXaWVuMQ&#48;wCwYD
VQQHDARXaWVuMQ&#48;wCwYDVQQKDARNT&#48;pPMQ&#56;wDQYDVQQLDAZzZXJ&#50;ZXIxHDAaBgNV
BAMME&#51;RvbnN&#48;dWRpb&#51;dpZW&#52;uY&#50;&#56;uYXQxGTAXBgkqhkiG&#57;w&#48;BCQEWCmNyQG&#49;vam&#56;u
Y&#50;MwggIiMA&#48;GCSqGSIb&#51;DQEBAQUAA&#52;ICDwAwggIKAoICAQCsH&#53;c&#51;YxBdrqjqb&#51;qO
cbobTpeUOT&#48;fZwGdYIr/HsOhHBmQ&#55;oYjP/zS/sjVviyg&#48;Of&#54;&#57;iaNVtkl&#56;T&#56;&#55;jCbJ
V&#57;aagcFWe&#52;uOKnFPVHpCVyrCu&#52;/tZgEmndQbD&#51;tfR&#48;&#54;SPNm&#57;j&#50;f&#56;&#55;siVgbfGy&#50;aC
b&#52;hUR&#49;&#52;XYeuq&#56;&#50;Anyo&#48;KKJeajQKWgKkr&#48;&#50;HjsXy&#48;ys&#52;i&#49;LWJsXTbEtdHGBrea&#49;gc
BCXeDsYx&#52;xtKSh&#43;y/Yfy&#56;&#52;&#49;W&#43;&#43;q&#53;Mjl&#52;n&#55;xSSC&#53;kuFOAv&#48;PywZ&#48;pUlCx&#53;qcn&#54;rhM
UDrJtKpzmn/yAlSjCE&#52;HW&#53;KuKKpsWSDuroEVmdEyRiX&#53;/B&#55;uaMtpN&#53;/l&#43;&#51;KjCqFs
zSeY&#57;&#55;fQ&#56;kkgdzgA/NpBK&#52;E&#52;PNU&#53;LyrSFeI&#55;AsG&#43;gS&#55;T&#55;ytRFdXYbRbwikWd&#50;V&#52;X
eOGG&#57;dsMCKXDEqpi&#49;XmWfC&#56;gWEZqxUV&#56;RzboLx&#55;bdeCM&#55;ite&#56;TbbP&#54;US&#54;OMGA&#57;sq
BCC&#48;/cHtlWCql&#56;b&#57;ueYfwtucnwvAWtY&#52;ehzELQ&#50;E&#49;DbjCzSwyXz&#53;xSXt&#53;sprqjH&#56;
yDulcjUhwk&#50;pDiYMVyAXZR&#57;/om&#57;hMVpPK&#57;&#55;H&#54;OMqXrQPkKPlYEbPSYUljH/v&#49;sj&#51;
jf&#52;&#55;HbOUmR&#54;&#55;z/evuKoDwFXee&#43;I&#54;f&#54;&#55;n&#49;GfoSYFhcjXNFKICI&#50;&#53;P&#53;&#49;d&#50;wGB&#50;OjxC
oDLORK&#56;aR&#49;dFs/&#49;ltAsLSMD&#52;kQIDAQABoAAwDQYJKoZIhvcNAQELBQADggIBAAbE
&#49;mSJNS&#52;&#50;Msq&#50;cHpsEqV&#48;slkuE&#57;QuX&#51;NrqlvlfYhA&#56;x&#55;&#52;Oz&#56;LDMA&#57;JnM&#55;N&#50;gr&#53;veo
ZEFL&#49;tYSW/fBMqHPa&#57;J&#48;FShATsF&#55;/e&#54;fpUYt&#57;RSeuxhLTz&#43;cm&#55;tFXVrRc&#49;z&#48;&#50;vFv
&#48;wvAUqCM&#53;ZRbaPaYyCRo&#52;M&#56;NnGI&#54;L&#51;zUUWBt&#54;&#54;Il/Xi/xC&#50;hsVF&#57;aj&#57;PDgIKqosL
YcJGuh/PfbpMDEcbe&#49;m&#50;&#55;&#56;Y&#51;Rmur/Sm&#56;&#43;VwxaMsKbNKGrDZhHmaIbG/kddLzfNzc
b&#52;xVeXLUeBe&#55;UfqBkghvaaWA&#49;vBWPA&#43;X&#56;E&#52;Q&#50;csJ&#52;FaR&#50;UvvDHxnkuKYHPnP/T&#57;B
DKcL&#55;FCROQuC&#56;jQ&#43;AnkpaP&#49;nLT&#52;NDc&#50;&#52;vuPvhgAh/qpFqSdu&#50;EFknD&#56;inOJQvf&#43;B
lBZ&#52;&#55;gH/Jz&#53;gFhvUArKrNjIgIYsxGfU&#53;ATROhJuq/w&#53;&#50;b&#52;WyxKMEevK&#50;Lk&#43;&#53;e&#53;Kv
qajMKBA&#54;pXM/kWJlNEzjhbpmTMY&#49;E&#43;oC/UWmd&#54;&#49;DDsqEeLTFzq&#57;&#55;bmaVj&#50;B&#51;yc&#53;&#54;
QdGAdUUmAIMvOW&#43;Xk&#43;&#48;q&#57;qVNH&#53;&#52;R&#57;cFaGk&#55;w&#48;Yjp&#51;&#53;sJKqUeoq&#57;miB&#55;aZLmDNJMA
aHa/ROGF&#51;/TJ&#48;oUJzoxuDHB&#43;&#52;u&#55;MnrXuszQyCzlqTJTlQ&#43;rRBLF&#52;&#43;&#48;ebo&#50;Qo/RxJ
SWkVOvR&#43;mvGEluxNc&#53;YK&#57;u&#56;TqiIW&#50;Hny&#53;&#51;cTMDWF
&#45;&#45;&#45;&#45;&#45;END CERTIFICATE REQUEST&#45;&#45;&#45;&#45;&#45;

Send::json_out:all_in_one_snd: creation_json_string: start
Send::json_out:all_in_one_snd: supportsGzip=1 header_sent=0
HTTP/1.1 200 OK
type=application/json; charset=utf-8
extra_header='(null)'
Cookies:
 0: session=LQEDM3rDEd9xNc2oUpPJhto7GNDExZUIxiTHkKUywetHEw3ijTzQMmVc9io4FGKB
Set-Cookie: session=LQEDM3rDEd9xNc2oUpPJhto7GNDExZUIxiTHkKUywetHEw3ijTzQMmVc9io4FGKB; path=/; expires=Fri, 02 Oct 2020 23:40:10 GMT; secure; HttpOnly

but in the end only presents the cert-request .. missing the key out .. around there are no suspicious lines ..

odd

shanti · Oct 2, 2020

it already made me wonder no reply happened .. so i went after it from scratch.

Turns out:
1) in the past there definitly WAS a RSA-KEY delivered aside the CSR-DATA.
2) my user (and at least me too) were strongly irritated by the support-text at the end of the popup-message:

Be sure to copy and backup the "RSA PRIVATE KEY" along with the request. You will need it when installing the certificate. Because you're an admin, you will be saving to the "shared server certificate" and the key is not saved anywhere until you paste it with the certificate.

de:

Achten Sie darauf, den "RSA PRIVATE KEY" zusammen mit der Anfrage zu kopieren und zu sichern. Sie benötigen es, wenn Sie das Zertifikat installieren. Da Sie ein Administrator sind, werden Sie auf dem "freigegebenen Server-Zertifikat" gespeichert und der Schlüssel wird nirgendwo gespeichert, bis Sie ihn mit dem Zertifikat einfügen.

this implied the RSA-KEY would be shown in the current view .. well it isnt .. but found out the accordingly assosiated key was to be found in the section "Paste a pre-generated certificate and key".

so at least I have a workaround by procedure.

FYI
br
-c-

apogee · Oct 2, 2020

Hast du die korrekten DNS bei nic.at eingetragen? Zeigen die auf deine DA Kiste?

shanti · Oct 8, 2020

apogee said:
Hast du die korrekten DNS bei nic.at eingetragen? Zeigen die auf deine DA Kiste?

ja, durchaus.

no key with CSR-request

shanti

Verified User

shanti

Verified User

shanti

Verified User

apogee

Verified User

shanti

Verified User