Při importu Let's Encrypt certifikátu končí příkaz typu:
curl -X PUT -u $flexibee_name:$flexibee_pass -k -L -T le-flexibee.pem https://localhost:5434/certificate.json
následující chybou:
{"winstrom":{"@version":"1.0","success":"false","message":"Bad signature length: got 512 but was expecting 256"}}
Příčinou pravděpodobně bude, že nahrávaný certifikát nebyl End-entity certificate ← R3 ← ISRG Root X1, ale End-entity certificate ← R3 ← ISRG Root X1 ← DST Root CA X3.
Pokud se změní na End-entity certificate ← R3 ← ISRG Root X1, měl by certifikát být validní a jeho import projít. Po importu restartujte aplikaci.
Vzorový kompletní postup:
#set this to name of your certificate, used as part of path to your Let's Encrypt certificate
certificate_name="example.com"
#flexibee settings for automatic certificate upload to server
flexibee_name="xxx"
flexibee_pass="yyy"
if [ -f /etc/letsencrypt/live/$certificate_name/privkey.pem ] ; then
cd /etc/letsencrypt/live/$certificate_name
# convert key to PKCS#1 format
openssl rsa -in
/etc/letsencrypt/live/$certificate_name/privkey.pem -out le-rsaprivkey.pem 2> /dev/null
# combine all the certificates into final le-flexibee.pem
cat
/etc/letsencrypt/live/$certificate_name/fullchain.pem
/etc/ssl/certs/ISRG_Root_X1.pem le-rsaprivkey.pem > le-flexibee.pem
#now we have Let's Encrypt certificate suitable for Flexi, we can upload this certificate to server
curl -s -X PUT -u $flexibee_name:$flexibee_pass -k -L -T le-flexibee.pem https://localhost:5434/certificate.json
#restart Flexi
service flexibee restart