To: [email protected] Subject: relayd falis to start after adding a zerossl Certificate with an EC PRIVATE KEY From: [email protected] Cc: [email protected] Reply-To: root Message-ID: <[email protected]> Status: RO
>Synopsis: relayd fails to start when using an EC PRIVATEKEY >Category: user: relayd can't use zerossl cetificate's private EC key >Environment: System : OpenBSD 7.7 Details : OpenBSD 7.7 (GENERIC.MP) #625: Sun Apr 13 08:30:20 MDT 2025 [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP Architecture: OpenBSD.amd64 Machine : amd64 >Description: precise description of the problem (multiple lines) relayd fails to start when using a EC PRIVATE KEY genarted by zerossl with acme.sh version v3.1.2. logs Jun 20 16:57:23 openbsd77 relayd[10724]: ssl_load_pkey: failed to extract RSA Jun 20 16:57:23 openbsd77 relayd[30875]: adding 1 hosts from table service3:8000 Jun 20 16:57:23 openbsd77 relayd[30875]: adding 1 hosts from table service4:8000 Jun 20 16:57:23 openbsd77 relayd[10724]: relay: relay_launch: failed to create TLS context Jun 20 16:57:23 openbsd77 relayd[18317]: ssl_load_pkey: failed to extract RSA Jun 20 16:57:23 openbsd77 relayd[78679]: hce exiting, pid 78679 Jun 20 16:57:23 openbsd77 relayd[29969]: pfe exiting, pid 29969 Jun 20 16:57:23 openbsd77 relayd[45192]: ca exiting, pid 45192 Jun 20 16:57:23 openbsd77 relayd[50578]: ca exiting, pid 50578 Jun 20 16:57:23 openbsd77 relayd[30875]: ssl_load_pkey: failed to extract RSA Jun 20 16:57:23 openbsd77 relayd[16546]: lost child: pid 10724 exited abnormally Jun 20 16:57:23 openbsd77 relayd[30875]: relay: relay_launch: failed to create TLS context Jun 20 16:57:23 openbsd77 relayd[63200]: ca exiting, pid 63200 Jun 20 16:57:23 openbsd77 relayd[16546]: lost child: pid 30875 exited abnormally Jun 20 16:57:23 openbsd77 relayd[18317]: relay: relay_launch: failed to create TLS context Jun 20 16:57:23 openbsd77 relayd[16546]: lost child: pid 18317 exited abnormally Jun 20 16:57:23 openbsd77 relayd[16546]: parent terminating, pid 16546 Private key ----BEGIN EC PRIVATE KEY----- MHcCAQEEIDWkQ84BBF3JzB3v7S3ADVW+KXFkRFdUqZB1ocHHXT5XoAoGCCqGSM49 AwEHoUQDQgAEkOTFxhA9R01AoG83wIC9LKiqR9SYegmiIQAkKJWJSB5TqrY9WYXH FKYg5+vzH/erc7AlIK9V+Sw512N06ZePrA== -----END EC PRIVATE KEY------- >How-To-Repeat: Install zerossl certificate with an EC private key while some services use an Lets encrypt certtificate >Fix: how to correct or work around the problem, if known (multiple lines) Only use Lets Encrypt certficates with relayd dmesg: OpenBSD 7.7 (GENERIC.MP) #625: Sun Apr 13 08:30:20 MDT 2025 [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8571977728 (8174MB) avail mem = 8285679616 (7901MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe0010 (242 entries) bios0: vendor Phoenix Technologies LTD version "6.00" date 05/19/2017 bios0: VMware, Inc. VMware Virtual Platform acpi0 at bios0: ACPI 4.0 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP BOOT APIC MCFG SRAT HPET WAET DMAR acpi0: wakeup devices PCI0(S3) USB_(S1) P2P0(S3) S1F0(S3) S2F0(S3) S8F0(S3) S16F(S3) S18F(S3) S22F(S3) S23F(S3) S24F(S3) S25F(S3) PE40(S3) S1F0(S3) PE50(S3) S1F0(S3) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz, 2594.76 MHz, 06-3a-09 cpu0: cpuid 1 edx=f8bfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS> ecx=f7ba2223<SSE3,PCLMUL,VMX,SSSE3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV> cpu0: cpuid 6 eax=4<ARAT> cpu0: cpuid 7.0 ebx=283<FSGSBASE,TSC_ADJUST,SMEP,ERMS> edx=ac000000<IBRS,IBPB,STIBP,SSBD> cpu0: cpuid a vers=1, gp=4, gpwidth=48 cpu0: cpuid 80000001 edx=28100800<NXE,RDTSCP,LONG> ecx=1<LAHF> cpu0: cpuid 80000007 edx=100<ITSC> cpu0: msr 10a=4<RSBA> cpu0: MELTDOWN cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 8-way L2 cache, 3MB 64b/line 12-way L3 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 66MHz cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz, 2594.78 MHz, 06-3a-09 cpu1: smt 0, core 0, package 2 ioapic0 at mainbus0: apid 1 pa 0xfec00000, version 20, 24 pins acpimcfg0 at acpi0 acpimcfg0: addr 0xf0000000, bus 0-127 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpipci0 at acpi0 PCI0: 0x00000000 0x00000011 0x00000001 acpicmos0 at acpi0 "PNP0303" at acpi0 not configured "VMW0003" at acpi0 not configured "PNP0A05" at acpi0 not configured acpiac0 at acpi0: AC unit online acpicpu0 at acpi0: C1(@1 halt!) acpicpu1 at acpi0: C1(@1 halt!) cpu0: using IvyBridge MDS workaround pvbus0 at mainbus0: VMware vmt0 at pvbus0 pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x01 ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP" rev 0x01 pci1 at ppb0 bus 1 pcib0 at pci0 dev 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x08 pciide0 at pci0 dev 7 function 1 "Intel 82371AB IDE" rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility pciide0: channel 0 disabled (no drives) atapiscsi0 at pciide0 channel 1 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: <NECVMWar, VMware IDE CDR10, 1.00> removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 piixpm0 at pci0 dev 7 function 3 "Intel 82371AB Power" rev 0x08: SMBus disabled "VMware VMCI" rev 0x10 at pci0 dev 7 function 7 not configured vga1 at pci0 dev 15 function 0 "VMware SVGA II" rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb1 at pci0 dev 17 function 0 "VMware PCI" rev 0x02 pci2 at ppb1 bus 2 uhci0 at pci2 dev 0 function 0 "VMware UHCI" rev 0x00: apic 1 int 18 eap0 at pci2 dev 2 function 0 "Ensoniq AudioPCI97" rev 0x02: apic 1 int 16 ac97: codec id 0x43525913 (Cirrus Logic CS4297A rev 3) audio0 at eap0 midi0 at eap0: <AudioPCI MIDI UART> ehci0 at pci2 dev 3 function 0 "VMware EHCI" rev 0x00: apic 1 int 17 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 configuration 1 interface 0 "VMware EHCI root hub" rev 2.00/1.00 addr 1 usb1 at uhci0: USB revision 1.0 uhub1 at usb1 configuration 1 interface 0 "VMware UHCI root hub" rev 1.00/1.00 addr 1 ppb2 at pci0 dev 21 function 0 "VMware PCIE" rev 0x01: msi pci3 at ppb2 bus 3 vmx0 at pci3 dev 0 function 0 "VMware VMXNET3" rev 0x01: msix, 2 queues, address 00:0c:29:29:b1:fb ppb3 at pci0 dev 21 function 1 "VMware PCIE" rev 0x01: msi pci4 at ppb3 bus 4 ppb4 at pci0 dev 21 function 2 "VMware PCIE" rev 0x01: msi pci5 at ppb4 bus 5 ppb5 at pci0 dev 21 function 3 "VMware PCIE" rev 0x01: msi pci6 at ppb5 bus 6 ppb6 at pci0 dev 21 function 4 "VMware PCIE" rev 0x01: msi pci7 at ppb6 bus 7 ppb7 at pci0 dev 21 function 5 "VMware PCIE" rev 0x01: msi pci8 at ppb7 bus 8 =============================================== Ronald F. Wekker Tel: +31 6 520 522 41
