Problem with Let's Encrypt SSL: openssl:Error: 'pkey' is an invalid command.

[DJIronic]

Operating System (OS/VERSION):

Debian 8 64-bit

VestaCP Version:

0.9.8

Installed Software (what you got with the installer):

PHP-FPM, apache, NGINX. Ioncube, Softacolous

Steps to Reproduce:

I Tried to add the Let's Encrypt certificate to a freshly added domain (with automatic LE). I got an error. Then I tried the CLI in SSH and I got the same error, but with more details.

This is what I got in the webGUI: Error: LetsEncrypt account registration 400

An here is what I got in CLI (censored domain name and user):

root@admin:~# v-add-letsencrypt-domain te*****va te*****va.cz
openssl:Error: 'pkey' is an invalid command.

Standard commands
asn1parse      ca             ciphers        crl            crl2pkcs7
dgst           dh             dhparam        dsa            dsaparam
ec             ecparam        enc            engine         errstr
gendh          gendsa         genrsa         nseq           ocsp
passwd         pkcs12         pkcs7          pkcs8          prime
rand           req            rsa            rsautl         s_client
s_server       s_time         sess_id        smime          speed
spkac          verify         version        x509

Message Digest commands (see the `dgst' command for more details)
md2            md4            md5            rmd160         sha
sha1

Cipher commands (see the `enc' command for more details)
aes-128-cbc    aes-128-ecb    aes-192-cbc    aes-192-ecb    aes-256-cbc
aes-256-ecb    base64         bf             bf-cbc         bf-cfb
bf-ecb         bf-ofb         cast           cast-cbc       cast5-cbc
cast5-cfb      cast5-ecb      cast5-ofb      des            des-cbc
des-cfb        des-ecb        des-ede        des-ede-cbc    des-ede-cfb
des-ede-ofb    des-ede3       des-ede3-cbc   des-ede3-cfb   des-ede3-ofb
des-ofb        des3           desx           idea           idea-cbc
idea-cfb       idea-ecb       idea-ofb       rc2            rc2-40-cbc
rc2-64-cbc     rc2-cbc        rc2-cfb        rc2-ecb        rc2-ofb
rc4            rc4-40

Error: LetsEncrypt account registration

Related Issues/Forum Threads:

Yes, I found several posts talking about error 400, but they are outdated or inactive for months.

Other Notes:

Yes, I checked that domain has a valid email address and I update the whole system via apt-get and then even tried v-update-sys-vesta-all

This issue is here for about a month now and there is no public solution for hat.

[mghadam]

same error on centos 7

[mghadam]

I was getting the following error and resolved it by removing '/usr/local/vesta/data/users/$USER/ssl/user.key' file where $USER was the username having the $DOMAIN. The problem was the generated user.key file was blank for some reason, so by removing it vestacp generated it again and it worked

[root@host ~]# v-add-letsencrypt-domain $USER $DOMAIN


unable to load key
140331863979920:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:707:Expecting: ANY PRIVATE KEY
unable to load Private Key
140162426619792:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:707:Expecting: ANY PRIVATE KEY
unable to load key file
140522184501136:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:707:Expecting: ANY PRIVATE KEY
Error: LetsEncrypt account registration 400


[root@host ~]#```

[mtacore]

The problem is that LetsEncrypt have changed their API. VestaCP doesn't support at the moment the new API.

Make yourself a favor and give HestiaCP (a VestaCP fork) a try. It is being developed by several VestaCP members as the continuation of Vesta which has been updated for ages.

Just look for it at GitHub.

[DJIronic]

Is there any option to migrate clients from Vesta to Hestia? I will give it a try, but I need to migrate all the stuff there including IP settings.

[mtacore]

Vesta’s backups are fully compatible with Hestia. That means that you should backup your Vesta users through the v-backup-users script (or through Vesta Panel) and then restore them with the v-restore-user script in Hestia.

[anton-reutov]

In the next release will be support for LE api 2.

[DJIronic]

When the update will be published @anton-reutov ?

[justbittin]

When will this be released? I have numerous domains expired now?