Not possible to import custom certificate key using elliptic curve instead of rsa #663
Description
Checklist
- Have you pulled and found the error with
jc21/nginx-proxy-manager:latestdocker image?
Yes
- Are you sure you're not using someone else's docker image?
Yes
- If having problems with Lets Encrypt, have you made absolutely sure your site is accessible from outside of your network?
I'm not using Lets Encrypt. This is for network internal usage.
Describe the bug
I used Nginx Proxy Manager v2.6.1.
I tried to add a custom certificate. I gave it a name and added its key and the certificate itself. After clicking "Save" the an error message is displayed:
Upload failed: Certificate Key is not valid (Command failed: openssl rsa -in /tmp/9c58b1f7-db1a-4806-bc91-fb6ee547fb32/tmp -check -noout 140620246457672:error:0607907F:digital envelope routines:EVP_PKEY_get0_RSA:expecting an rsa key:crypto/evp/p_lib.c:469: )
This is understandable is the key uses an elliptic curve instead of rsa. The problem is in backend/internal/certificate.js in the checkPrivateKey method. There an external command is executed with "openssl rsa -in ....".
Executing the same command locally on the key shows the same error. Exchanging "rsa" with "ec" solves the problem locally.
Somehow NPM should detect if an RSA or an EC key is used an use the proper command. Or just check EC if RSA failed before.