Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ERROR certificate data does not contain a certificate, when private key is stored before certifcate data in a PEM #541

Open
sabixx opened this issue Dec 31, 2024 · 0 comments
Open

ERROR certificate data does not contain a certificate, when private key is stored before certifcate data in a PEM #541

sabixx opened this issue Dec 31, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@sabixx
Copy link
Contributor

sabixx commented Dec 31, 2024

PROBLEM SUMMARY
certificate data does not contain a certificate error when the key is stored before the certificate in a file. When the certificate is stored before the

STEPS TO REPRODUCE
Create a certificate or use this example data (self- signed, but reproducible.
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCLPbOLyL/Sc0V9
48oABC+V0wR75LhtanDRIGmBDfZ/yPg72zs0BtIyQn+m95cKcRQl5WS6SCCi8t4+
A3DaXU+vsqqLlS3FNwaFwPF+VFxJQYgJrJ++ZDRAMhjYvZAp5EfHxOokw1Pb/9ZQ
6J9kHYguivjkxiyVT1QNhjRRVVrUgBEtsrSNQAEN9C5sgNCapa8IfchTwZRRSx2q
urx09t1BB1dZl6k0VrQWBvGVk69y3z5VHyoZZHcSAlq99Ix4lPOMN5ccSSz7LLXz
yO5xxTUCBq/MktBeI7LDnG65ptJqK3RITP+DleLQx2XyGcZe4DxJZ37LWvHOsKmM
i1dZ3Vj7AgMBAAECggEAMdFpo+G3f/xuKJSPeWIGBHzzZcB3m+4xXyFRnjL4ts+Y
wRG3JO4r1n+kXIDJMZszsjtYxq13v9VVXqqsffRUxnAORNKjBaSiWMinnqNgQXWI
zq1MmjoP18gUy7dHFTXv2LHDdFPOdTAb5ebU4GUQjFZ8pp2g5er0D8KshU0cqlqA
rv8J0a92j0oSPYkCk8eREFKX1OYO9/JhZxfLoJ8o2MmPf0LyHs5wTSO2xsS9So2K
jz8NPtfcoxoQz/VALm4hDEz2n40XtiKbci/T1ObIVfMWdh6R5xzPQvyaB7XuX1QL
+tzoQR64iF7bVS+rulBECzYweCOGwYt54Ukzev8+gQKBgQC+2fWC4a5YUtzw6i9f
PI3enZUqoAqVNDZHPNVeJpCyxp8ZQkgueHzkYH9FuPfVXOZ3hQ0nqEWgA43ixE8A
C/RuEoiR4AerdYvAqrFCW1UQQ4+JLOBjD067E2OHGJFXabyoZJyMKG/fDy5bUGNX
be5VsRoLfpU2jKCfcpGpe0SVuQKBgQC6xaLlJohl7Xr35tBDMtXRYSx6ru8dh8yA
57mq5psqp0ZZxQHniwU67R+ERMUIeOZKpbEZFiQ3n+TV2JCsFuAcuborF7TOQrMF
TdxNGFS/jNFTxD0J8BRlThhFeZsMMcE2HAPqbM2E26Ho9fcOfmVMOSmZkvOvf7Ou
bXDZaE4+UwKBgAJ/pAE0py2s2AunZTtf9ZOGiJ9oPPs7FcLU/w4efyJ4CzkvbvZ8
yVXMFZ56D3SRpMrHySZNw6uWoFLpswcTIP4X7AXM4wzRmyTIl02BGJn/6G8pUT66
wpMca98m6TA1yCyENLB5Dw3iiv7TDJnmbIpeqTKhU57FNI0h2NpZLMqxAoGANXjd
4TM9+8iY2x6W45ZLRw3GGT26Mb8uWn19V6N8KyMG7i6MFAlmLu+yhUDXFEzgyeBU
KrV/GvnJHzxIdyx5b1/xH+NCnYbVECCxgNUFdm3PhGb7frvgavyH0GQ3cq9P/Lja
miQaVv42habd26VuRPtcoJ5E7Croe3jTxTqqpAcCgYEAuyhUW6ueA+HzkiVlJueP
pWIq6QNutHt+dUFj2w3T2WLorKzBOOJcQL9n6HOXR4ooB/mLCsxy3gpJzblr7QsQ
BuO6Z6fuA6DUmP1uKRDNdCDlE11U3loyOUxS4ITBLUCUAlD0l2oP0qSSN/u5Talb
601zH5k/pc1zMZYDjLU4UhU=
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIDwjCCAqqgAwIBAgIUOsB71bN4x3uzDkZXGlqXMyz7FKgwDQYJKoZIhvcNAQEL
BQAwaTELMAkGA1UEBhMCVVMxDzANBgNVBAgMBkRlbmlhbDEUMBIGA1UEBwwLU3By
aW5nZmllbGQxDDAKBgNVBAoMA0RpczElMCMGA1UEAwwcdmNlcnQtaGFwcm94eS1q
c2FiLnRsc3AuZGVtbzAeFw0yNDEyMzExNDI3MDVaFw0yNTAxMTAxNDI3MDVaMGkx
CzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZEZW5pYWwxFDASBgNVBAcMC1NwcmluZ2Zp
ZWxkMQwwCgYDVQQKDANEaXMxJTAjBgNVBAMMHHZjZXJ0LWhhcHJveHktanNhYi50
bHNwLmRlbW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCLPbOLyL/S
c0V948oABC+V0wR75LhtanDRIGmBDfZ/yPg72zs0BtIyQn+m95cKcRQl5WS6SCCi
8t4+A3DaXU+vsqqLlS3FNwaFwPF+VFxJQYgJrJ++ZDRAMhjYvZAp5EfHxOokw1Pb
/9ZQ6J9kHYguivjkxiyVT1QNhjRRVVrUgBEtsrSNQAEN9C5sgNCapa8IfchTwZRR
Sx2qurx09t1BB1dZl6k0VrQWBvGVk69y3z5VHyoZZHcSAlq99Ix4lPOMN5ccSSz7
LLXzyO5xxTUCBq/MktBeI7LDnG65ptJqK3RITP+DleLQx2XyGcZe4DxJZ37LWvHO
sKmMi1dZ3Vj7AgMBAAGjYjBgMB0GA1UdDgQWBBS5k2K0dMoyeuSw7oNE2JZVXlr7
jjAfBgNVHSMEGDAWgBS5k2K0dMoyeuSw7oNE2JZVXlr7jjAJBgNVHRMEAjAAMBMG
A1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQA3IBrVVrDhgZO/
gcPQWeBfNa+XDHghuII+Gtp7I6f/eStFMoABFVEkCGxTqg9oElVu8iYq2EWvCcpP
ux5d5XW8vJA21t/oKDLRMUaWF4qn/TNpionEEZpMTr45Zd7xzRaSwYkC7ZnvVsUN
fwU3TSH3VHvFMrr5w5GgBSsaQNdvDPzGkRWnrJ0VffReSjJdXfk/p6aRfzSqRwnd
VQKhDZmkA8lzspZJri/1pBBQ6cSkRKgzzZEIMBzuuQcPXV9y0VVtp7MUiq5wlpTr
IrUcFxfIpFkYgd5pBFgSVA/KSHUSn2gpJt93bJ42+BnOrWYLrHMC+YNJNij9pJnp
ynydVGM6
-----END CERTIFICATE-----

Installtion part of the playbook:
installations:
- format: PEM
file: "/etc/haproxy/certs/haproxy_443.pem"
chainFile: "/etc/haproxy/certs/haproxy_443.chain"
keyFile: "/etc/haproxy/certs/haproxy_443.key"
afterInstallAction: "cat /etc/haproxy/certs/haproxy_443.chain >> /etc/haproxy/certs/haproxy_443.pem && cat /etc/haproxy/certs/haproxy_443.key >> /etc/haproxy/certs/haproxy_443.pem && systemctl restart haproxy"

EXPECTED RESULTS
find the certificate in the file, even if it's "behind" the private key (or chain(?)) and renew the certificate

ACTUAL RESULTS
When running vcert with a playbook that points to the above certificate in haproxy_443.pem. instead of renewing the certificate it error: "task": "haproxy", "error": "error checking for certificate haproxy: certificate data does not contain a certificate"} occurs.

    screenshot contains the same a example key as above. Key is not used anywhere, it was just created to repro the issue.

image

ENVIRONMENT DETAILS
vcert + TLS PC

COMMENTS/WORKAROUNDS
@sabixx sabixx added the bug Something isn't working label Dec 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sabixx