acme-client memory setup failure

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

acme-client memory setup failure

?? ??
콸釗?樟昌?????殺?銳諦彧??灑?奄瓆??愴鹹蹟??寨??墮侄殮?張獐朕?暢逮??聯雩瑃罌?婆蘖業奄???滯??剃?鎭赤??予稶聽蹟?愼蛭迂芋受掩?禎???寥彩??ⓤ臣耶腎彧淹??搖替亞?穽蘖詢??땠낑?屢愼塼稔???蓮??薪跡遇瑃受旭塡?矮墮?橓蘖?燼灑銳亞?彧腎丑彧??赤體綎臾?翟張?暢跌奄差?淹升??逗??橓逸??稶?刷????銳??婆蘖???滯??率張?腎虞塼??拓?予殺鏃若薪者???埃奬彧?音????率薪軸??音????愼蛭????闇姮?靭厭???昻鎭辛綎????켑啖?昱????昱빌壬索禎赤辛敍淀音擅?率張?側괼鎖饒靭締蘖訊陜斥綎煐搖替변?率張?側괼鎖饒靭締蘖訊陜斥綎獰??寨??墮侄殮?張獐朕?暢逮??聯雩瑃????恂??薪牆?恂??予郁????췹蹙??蒼張禎??靭??張?依鄭?婆受?薪蹙??信出??淸??寨??墮侄殮?張獐朕?暢逮??聯雩瑃爺?綎?迂?淸??張獐朕?暢逮??聯雩瑃??薪蹙??橓???蒼蛭?湞?薪牆禎?奄瓆枳?採燼?修?蒼張淸彧??淀辰窒抑?戌?張獐朕?薪跡遇瑃受旭災?採燼?修?逸五裁薪跡??폄??闔??彧烈帙受旭裁?逗艇??派姪抑?橓烈鎭??寥特墮池?屢愼塼稔?淸彧邑蹟?飡諪??矮進投鎭?稶採掩??掩釣申刷稔?怒鷄??즙???信材??漲釗??鴨疊雩抑?薪跡遇瑃受旭災?翟張??淹升?薪蹙??蒼張禎??五墮?灑?宋拖愼?禎?淸??飡貞??彧烈帙受旭災?鏃齬暢??즈??猥鎰?派蹙??橓?墺齬靑??鎖倧憶紆輒兒??
Reply | Threaded
Open this post in threaded view
|

acme-client memory setup failure

?? ??
콸釗?樟昌?????殺?銳諦彧??灑?奄瓆??愴鹹蹟??寨??墮侄殮?張獐朕?暢逮??聯雩瑃罌?婆蘖業奄???滯??剃?鎭赤??予稶聽蹟?愼蛭迂芋受掩?禎???寥彩??ⓤ臣耶腎彧淹??搖替亞?穽蘖詢??땠낑?屢愼塼稔???蓮??薪跡遇瑃受旭塡?矮墮?橓蘖?燼灑銳亞?彧腎丑彧??赤體綎臾?翟張?暢跌奄差?淹升??逗??橓逸??稶?刷????銳??婆蘖???滯??率張?腎虞塼??拓?予殺鏃若薪者????埃奬彧?音????率薪軸??音????愼蛭????闇姮?靭厭???昻鎭辛綎????켑啖?昱????昱빌壬索禎赤辛敍淀音擅?率張?側괼鎖饒靭締蘖訊陜斥綎寧?寨??墮侄殮?張獐朕?暢逮??聯雩瑃????恂??薪牆?恂??予郁????췹蹙??蒼張禎??靭??張?依鄭?婆受?薪蹙??信出??淸??寨??墮侄殮?張獐朕?暢逮??聯雩瑃爺?綎?迂?淸??張獐朕?暢逮??聯雩瑃??薪蹙??橓???蒼蛭?湞?薪牆禎?奄瓆枳?採燼?修?蒼張淸彧??淀辰窒抑?戌?張獐朕?薪跡遇瑃受旭災?採燼?修?逸五裁薪跡???폄??闔??彧烈帙受旭裁?逗艇??派姪抑?橓烈鎭??寥特墮池?屢愼塼稔?淸彧邑蹟?飡諪??矮進投鎭?稶採掩??掩釣申刷稔?怒鷄??즙???信材??漲釗??鴨疊雩抑?薪跡遇瑃受旭災?翟張??淹升?薪蹙??蒼張禎??五墮?灑?宋拖愼?禎?淸??飡貞??彧烈帙受旭災?鏃齬暢???즈??猥鎰?派蹙??橓?墺齬靑??鎖倧憶紆輒兒??逗灑??闔??彧鴨抑?烈??灑??猥鎰??

Reply | Threaded
Open this post in threaded view
|

acme-client memory setup failure

?? ??
In reply to this post by ?? ??
Dear misc,

I am getting an error saying "ssl verify memory setup failure" whenever
I try to renew existing certificates on a host -- Openbsd 6.3, httpd,
acme-client.
Recently there were changes in a few configurations, including network,
name servers, etc.

The below is all I get when I try command acme-clilent -vv example.com:

...domain key
...account key
...cert ...days left
...directory
...DNS: (some ip)
(some ip):tls_connect_socket: acme-v01.api.letsencrypt.org, ssl verify
memory setup failure
...bad comm
bad exit...

Could someone let me know what could cause the ssl verify memory setup
failure, or if the memory setup failure could be some kind of common
error, such as something occurred by memory configuration, such as in
login.conf?

For your information, those worked before. Recently thinking about
hardware issues, especially for RAM.
Because I can't share detailed configurations, names, etc., I am
wondering if someone could kindly give some advice on the above information.

Any help and your time would be greatly appreciated indeed.

Reply | Threaded
Open this post in threaded view
|

Re: acme-client memory setup failure

trondd-2
On Sat, October 27, 2018 6:19 am, ì*°ë*½ ì*°ë*½ wrote:

> Dear misc,
>
> I am getting an error saying "ssl verify memory setup failure" whenever
> I try to renew existing certificates on a host -- Openbsd 6.3, httpd,
> acme-client.
> Recently there were changes in a few configurations, including network,
> name servers, etc.
>
> The below is all I get when I try command acme-clilent -vv example.com:
>
> ..domain key
> ..account key
> ..cert ...days left
> ..directory
> ..DNS: (some ip)
> (some ip):tls_connect_socket: acme-v01.api.letsencrypt.org, ssl verify
> memory setup failure
> ..bad comm
> bad exit...
>
> Could someone let me know what could cause the ssl verify memory setup
> failure, or if the memory setup failure could be some kind of common
> error, such as something occurred by memory configuration, such as in
> login.conf?
>
> For your information, those worked before. Recently thinking about
> hardware issues, especially for RAM.
> Because I can't share detailed configurations, names, etc., I am
> wondering if someone could kindly give some advice on the above
> information.
>
> Any help and your time would be greatly appreciated indeed.
>

Did you modify certs.pem?  I've run into this when accidentally adding
certs multiple times growing the file too big or writing a DOS formatted
cert to it.

Reply | Threaded
Open this post in threaded view
|

Re: acme-client memory setup failure

?? ??
Thank you indeed for your reply, trondd.
Yes, I added certificate(s) to cert.pem, probably more than one time so far.
But the size looks not much bigger than normal one that I see from
another host.
size of the cert.pem modified(?): 357***
size of cert.pem I see from another host where I didn't add anything to
the cert.pem: 349***

Do you think 357*** is too big?
How did you solve the issue?
What can I do if something went wrong when I added certificates or when
upgrading openbsd and adding the certificates again?

If the router/gateway before the host has been changed so the cert.pem
of the gateway is not the same of the previous one, can it be also a
matter?


On 28/10/2018 04:54, trondd wrote:

> On Sat, October 27, 2018 6:19 am, ì*°ë*½ ì*°ë*½ wrote:
>> Dear misc,
>>
>> I am getting an error saying "ssl verify memory setup failure" whenever
>> I try to renew existing certificates on a host -- Openbsd 6.3, httpd,
>> acme-client.
>> Recently there were changes in a few configurations, including network,
>> name servers, etc.
>>
>> The below is all I get when I try command acme-clilent -vv example.com:
>>
>> ..domain key
>> ..account key
>> ..cert ...days left
>> ..directory
>> ..DNS: (some ip)
>> (some ip):tls_connect_socket: acme-v01.api.letsencrypt.org, ssl verify
>> memory setup failure
>> ..bad comm
>> bad exit...
>>
>> Could someone let me know what could cause the ssl verify memory setup
>> failure, or if the memory setup failure could be some kind of common
>> error, such as something occurred by memory configuration, such as in
>> login.conf?
>>
>> For your information, those worked before. Recently thinking about
>> hardware issues, especially for RAM.
>> Because I can't share detailed configurations, names, etc., I am
>> wondering if someone could kindly give some advice on the above
>> information.
>>
>> Any help and your time would be greatly appreciated indeed.
>>
>
> Did you modify certs.pem?  I've run into this when accidentally adding
> certs multiple times growing the file too big or writing a DOS formatted
> cert to it.
>

Reply | Threaded
Open this post in threaded view
|

Re: acme-client memory setup failure

trondd-2


On October 28, 2018 12:09:02 AM EDT, "연락 연락" <[hidden email]> wrote:

>Thank you indeed for your reply, trondd.
>Yes, I added certificate(s) to cert.pem, probably more than one time so
>far.
>But the size looks not much bigger than normal one that I see from
>another host.
>size of the cert.pem modified(?): 357***
>size of cert.pem I see from another host where I didn't add anything to
>
>the cert.pem: 349***
>
>Do you think 357*** is too big?
>How did you solve the issue?
>What can I do if something went wrong when I added certificates or when
>
>upgrading openbsd and adding the certificates again?
>

Put the original cert.pem back and see if it solves the issue first.


>If the router/gateway before the host has been changed so the cert.pem
>of the gateway is not the same of the previous one, can it be also a
>matter?
>
>

The cert.pem only matters on the machine making the SSL connection.


>On 28/10/2018 04:54, trondd wrote:
>> On Sat, October 27, 2018 6:19 am, ì*°ë*½ ì*°ë*½ wrote:
>>> Dear misc,
>>>
>>> I am getting an error saying "ssl verify memory setup failure"
>whenever
>>> I try to renew existing certificates on a host -- Openbsd 6.3,
>httpd,
>>> acme-client.
>>> Recently there were changes in a few configurations, including
>network,
>>> name servers, etc.
>>>
>>> The below is all I get when I try command acme-clilent -vv
>example.com:
>>>
>>> ..domain key
>>> ..account key
>>> ..cert ...days left
>>> ..directory
>>> ..DNS: (some ip)
>>> (some ip):tls_connect_socket: acme-v01.api.letsencrypt.org, ssl
>verify
>>> memory setup failure
>>> ..bad comm
>>> bad exit...
>>>
>>> Could someone let me know what could cause the ssl verify memory
>setup
>>> failure, or if the memory setup failure could be some kind of common
>>> error, such as something occurred by memory configuration, such as
>in
>>> login.conf?
>>>
>>> For your information, those worked before. Recently thinking about
>>> hardware issues, especially for RAM.
>>> Because I can't share detailed configurations, names, etc., I am
>>> wondering if someone could kindly give some advice on the above
>>> information.
>>>
>>> Any help and your time would be greatly appreciated indeed.
>>>
>>
>> Did you modify certs.pem?  I've run into this when accidentally
>adding
>> certs multiple times growing the file too big or writing a DOS
>formatted
>> cert to it.
>>

Reply | Threaded
Open this post in threaded view
|

Re: acme-client memory setup failure

?? ??
Unfortunately, I don't have any backup of the original cert.pem file. So
I wonder if I'm correct with this:
I will get a new cert.pem if I upgrade the os (current version is 6.3)
to 6.4, and then, before merging the new one, I could test similar to
what you told me.

====================

I am just now suddenly wondering:
- when I upgrade the os, I get a new cert.pem -- correct?
- Therefore I have to add again other certificates to the "new"
cert.pem. -- correct?
- And the old cert.pem is no longer needed so there's no need to "merge"
the old cert.pem or any other. -- correct?

=====================

So could the merging wrong one have caused the issue?

Thank you, TronDD.


On 29/10/2018 00:20, TronDD wrote:

>
>
> On October 28, 2018 12:09:02 AM EDT, "연락 연락" <[hidden email]> wrote:
>> Thank you indeed for your reply, trondd.
>> Yes, I added certificate(s) to cert.pem, probably more than one time so
>> far.
>> But the size looks not much bigger than normal one that I see from
>> another host.
>> size of the cert.pem modified(?): 357***
>> size of cert.pem I see from another host where I didn't add anything to
>>
>> the cert.pem: 349***
>>
>> Do you think 357*** is too big?
>> How did you solve the issue?
>> What can I do if something went wrong when I added certificates or when
>>
>> upgrading openbsd and adding the certificates again?
>>
>
> Put the original cert.pem back and see if it solves the issue first.
>
>
>> If the router/gateway before the host has been changed so the cert.pem
>> of the gateway is not the same of the previous one, can it be also a
>> matter?
>>
>>
>
> The cert.pem only matters on the machine making the SSL connection.
>
>
>> On 28/10/2018 04:54, trondd wrote:
>>> On Sat, October 27, 2018 6:19 am, ì*°ë*½ ì*°ë*½ wrote:
>>>> Dear misc,
>>>>
>>>> I am getting an error saying "ssl verify memory setup failure"
>> whenever
>>>> I try to renew existing certificates on a host -- Openbsd 6.3,
>> httpd,
>>>> acme-client.
>>>> Recently there were changes in a few configurations, including
>> network,
>>>> name servers, etc.
>>>>
>>>> The below is all I get when I try command acme-clilent -vv
>> example.com:
>>>>
>>>> ..domain key
>>>> ..account key
>>>> ..cert ...days left
>>>> ..directory
>>>> ..DNS: (some ip)
>>>> (some ip):tls_connect_socket: acme-v01.api.letsencrypt.org, ssl
>> verify
>>>> memory setup failure
>>>> ..bad comm
>>>> bad exit...
>>>>
>>>> Could someone let me know what could cause the ssl verify memory
>> setup
>>>> failure, or if the memory setup failure could be some kind of common
>>>> error, such as something occurred by memory configuration, such as
>> in
>>>> login.conf?
>>>>
>>>> For your information, those worked before. Recently thinking about
>>>> hardware issues, especially for RAM.
>>>> Because I can't share detailed configurations, names, etc., I am
>>>> wondering if someone could kindly give some advice on the above
>>>> information.
>>>>
>>>> Any help and your time would be greatly appreciated indeed.
>>>>
>>>
>>> Did you modify certs.pem?  I've run into this when accidentally
>> adding
>>> certs multiple times growing the file too big or writing a DOS
>> formatted
>>> cert to it.
>>>

Reply | Threaded
Open this post in threaded view
|

Re: acme-client memory setup failure

Stuart Henderson
On 2018-10-30, user . <[hidden email]> wrote:
> - when I upgrade the os, I get a new cert.pem -- correct?

No. It is in the "etc" file set, which is handled specially. Upgrades
are handled by sysmerge, which allows maintaining your local changes to
the file (added or removed certs).

You can fetch a clean updated file with this command:

ftp -o cert.pem http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/lib/libcrypto/cert.pem?content-type=text/plain


Reply | Threaded
Open this post in threaded view
|

Re: acme-client memory setup failure

Stuart Henderson
On 2018-10-30, Stuart Henderson <[hidden email]> wrote:

> On 2018-10-30, user . <[hidden email]> wrote:
>> - when I upgrade the os, I get a new cert.pem -- correct?
>
> No. It is in the "etc" file set, which is handled specially. Upgrades
> are handled by sysmerge, which allows maintaining your local changes to
> the file (added or removed certs).
>
> You can fetch a clean updated file with this command:
>
> ftp -o cert.pem http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/lib/libcrypto/cert.pem?content-type=text/plain

Oh - before you replace this, please save a copy of the old cert.pem file
and send it to me (gzip it and then send it as an email attachment to me
directly, not on the mailing list). I'll see if I can spot the problem with it.