Re: acme-client memory setup failure
On 2018-10-30, Stuart Henderson wrote: > On 2018-10-30, user . wrote: >> - when I upgrade the os, I get a new cert.pem -- correct? > > No. It is in the "etc" file set, which is handled specially. Upgrades > are handled by sysmerge, which allows maintaining your local changes to > the file (added or removed certs). > > You can fetch a clean updated file with this command: > > ftp -o cert.pem > http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/lib/libcrypto/cert.pem?content-type=text/plain Oh - before you replace this, please save a copy of the old cert.pem file and send it to me (gzip it and then send it as an email attachment to me directly, not on the mailing list). I'll see if I can spot the problem with it.
Re: acme-client memory setup failure
On 2018-10-30, user . wrote: > - when I upgrade the os, I get a new cert.pem -- correct? No. It is in the "etc" file set, which is handled specially. Upgrades are handled by sysmerge, which allows maintaining your local changes to the file (added or removed certs). You can fetch a clean updated file with this command: ftp -o cert.pem http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/lib/libcrypto/cert.pem?content-type=text/plain
Re: acme-client memory setup failure
Unfortunately, I don't have any backup of the original cert.pem file. So I wonder if I'm correct with this: I will get a new cert.pem if I upgrade the os (current version is 6.3) to 6.4, and then, before merging the new one, I could test similar to what you told me. I am just now suddenly wondering: - when I upgrade the os, I get a new cert.pem -- correct? - Therefore I have to add again other certificates to the "new" cert.pem. -- correct? - And the old cert.pem is no longer needed so there's no need to "merge" the old cert.pem or any other. -- correct? = So could the merging wrong one have caused the issue? Thank you, TronDD. On 29/10/2018 00:20, TronDD wrote: > > > On October 28, 2018 12:09:02 AM EDT, "연락 연락" wrote: >> Thank you indeed for your reply, trondd. >> Yes, I added certificate(s) to cert.pem, probably more than one time so >> far. >> But the size looks not much bigger than normal one that I see from >> another host. >> size of the cert.pem modified(?): 357*** >> size of cert.pem I see from another host where I didn't add anything to >> >> the cert.pem: 349*** >> >> Do you think 357*** is too big? >> How did you solve the issue? >> What can I do if something went wrong when I added certificates or when >> >> upgrading openbsd and adding the certificates again? >> > > Put the original cert.pem back and see if it solves the issue first. > > >> If the router/gateway before the host has been changed so the cert.pem >> of the gateway is not the same of the previous one, can it be also a >> matter? >> >> > > The cert.pem only matters on the machine making the SSL connection. > > >> On 28/10/2018 04:54, trondd wrote: >>> On Sat, October 27, 2018 6:19 am, ì*°ë*½ ì*°ë*½ wrote: Dear misc, I am getting an error saying "ssl verify memory setup failure" >> whenever I try to renew existing certificates on a host -- Openbsd 6.3, >> httpd, acme-client. Recently there were changes in a few configurations, including >> network, name servers, etc. The below is all I get when I try command acme-clilent -vv >> example.com: ..domain key ..account key ..cert ...days left ..directory ..DNS: (some ip) (some ip):tls_connect_socket: acme-v01.api.letsencrypt.org, ssl >> verify memory setup failure ..bad comm bad exit... Could someone let me know what could cause the ssl verify memory >> setup failure, or if the memory setup failure could be some kind of common error, such as something occurred by memory configuration, such as >> in login.conf? For your information, those worked before. Recently thinking about hardware issues, especially for RAM. Because I can't share detailed configurations, names, etc., I am wondering if someone could kindly give some advice on the above information. Any help and your time would be greatly appreciated indeed. >>> >>> Did you modify certs.pem? I've run into this when accidentally >> adding >>> certs multiple times growing the file too big or writing a DOS >> formatted >>> cert to it. >>>
Re: acme-client memory setup failure
On October 28, 2018 12:09:02 AM EDT, "연락 연락" wrote: >Thank you indeed for your reply, trondd. >Yes, I added certificate(s) to cert.pem, probably more than one time so >far. >But the size looks not much bigger than normal one that I see from >another host. >size of the cert.pem modified(?): 357*** >size of cert.pem I see from another host where I didn't add anything to > >the cert.pem: 349*** > >Do you think 357*** is too big? >How did you solve the issue? >What can I do if something went wrong when I added certificates or when > >upgrading openbsd and adding the certificates again? > Put the original cert.pem back and see if it solves the issue first. >If the router/gateway before the host has been changed so the cert.pem >of the gateway is not the same of the previous one, can it be also a >matter? > > The cert.pem only matters on the machine making the SSL connection. >On 28/10/2018 04:54, trondd wrote: >> On Sat, October 27, 2018 6:19 am, ì*°ë*½ ì*°ë*½ wrote: >>> Dear misc, >>> >>> I am getting an error saying "ssl verify memory setup failure" >whenever >>> I try to renew existing certificates on a host -- Openbsd 6.3, >httpd, >>> acme-client. >>> Recently there were changes in a few configurations, including >network, >>> name servers, etc. >>> >>> The below is all I get when I try command acme-clilent -vv >example.com: >>> >>> ..domain key >>> ..account key >>> ..cert ...days left >>> ..directory >>> ..DNS: (some ip) >>> (some ip):tls_connect_socket: acme-v01.api.letsencrypt.org, ssl >verify >>> memory setup failure >>> ..bad comm >>> bad exit... >>> >>> Could someone let me know what could cause the ssl verify memory >setup >>> failure, or if the memory setup failure could be some kind of common >>> error, such as something occurred by memory configuration, such as >in >>> login.conf? >>> >>> For your information, those worked before. Recently thinking about >>> hardware issues, especially for RAM. >>> Because I can't share detailed configurations, names, etc., I am >>> wondering if someone could kindly give some advice on the above >>> information. >>> >>> Any help and your time would be greatly appreciated indeed. >>> >> >> Did you modify certs.pem? I've run into this when accidentally >adding >> certs multiple times growing the file too big or writing a DOS >formatted >> cert to it. >>
Re: acme-client memory setup failure
Thank you indeed for your reply, trondd. Yes, I added certificate(s) to cert.pem, probably more than one time so far. But the size looks not much bigger than normal one that I see from another host. size of the cert.pem modified(?): 357*** size of cert.pem I see from another host where I didn't add anything to the cert.pem: 349*** Do you think 357*** is too big? How did you solve the issue? What can I do if something went wrong when I added certificates or when upgrading openbsd and adding the certificates again? If the router/gateway before the host has been changed so the cert.pem of the gateway is not the same of the previous one, can it be also a matter? On 28/10/2018 04:54, trondd wrote: > On Sat, October 27, 2018 6:19 am, ì*°ë*½ ì*°ë*½ wrote: >> Dear misc, >> >> I am getting an error saying "ssl verify memory setup failure" whenever >> I try to renew existing certificates on a host -- Openbsd 6.3, httpd, >> acme-client. >> Recently there were changes in a few configurations, including network, >> name servers, etc. >> >> The below is all I get when I try command acme-clilent -vv example.com: >> >> ..domain key >> ..account key >> ..cert ...days left >> ..directory >> ..DNS: (some ip) >> (some ip):tls_connect_socket: acme-v01.api.letsencrypt.org, ssl verify >> memory setup failure >> ..bad comm >> bad exit... >> >> Could someone let me know what could cause the ssl verify memory setup >> failure, or if the memory setup failure could be some kind of common >> error, such as something occurred by memory configuration, such as in >> login.conf? >> >> For your information, those worked before. Recently thinking about >> hardware issues, especially for RAM. >> Because I can't share detailed configurations, names, etc., I am >> wondering if someone could kindly give some advice on the above >> information. >> >> Any help and your time would be greatly appreciated indeed. >> > > Did you modify certs.pem? I've run into this when accidentally adding > certs multiple times growing the file too big or writing a DOS formatted > cert to it. >
Re: acme-client memory setup failure
On Sat, October 27, 2018 6:19 am, ì*°ë*½ ì*°ë*½ wrote: > Dear misc, > > I am getting an error saying "ssl verify memory setup failure" whenever > I try to renew existing certificates on a host -- Openbsd 6.3, httpd, > acme-client. > Recently there were changes in a few configurations, including network, > name servers, etc. > > The below is all I get when I try command acme-clilent -vv example.com: > > ..domain key > ..account key > ..cert ...days left > ..directory > ..DNS: (some ip) > (some ip):tls_connect_socket: acme-v01.api.letsencrypt.org, ssl verify > memory setup failure > ..bad comm > bad exit... > > Could someone let me know what could cause the ssl verify memory setup > failure, or if the memory setup failure could be some kind of common > error, such as something occurred by memory configuration, such as in > login.conf? > > For your information, those worked before. Recently thinking about > hardware issues, especially for RAM. > Because I can't share detailed configurations, names, etc., I am > wondering if someone could kindly give some advice on the above > information. > > Any help and your time would be greatly appreciated indeed. > Did you modify certs.pem? I've run into this when accidentally adding certs multiple times growing the file too big or writing a DOS formatted cert to it.
acme-client memory setup failure
Dear misc, I am getting an error saying "ssl verify memory setup failure" whenever I try to renew existing certificates on a host -- Openbsd 6.3, httpd, acme-client. Recently there were changes in a few configurations, including network, name servers, etc. The below is all I get when I try command acme-clilent -vv example.com: ...domain key ...account key ...cert ...days left ...directory ...DNS: (some ip) (some ip):tls_connect_socket: acme-v01.api.letsencrypt.org, ssl verify memory setup failure ...bad comm bad exit... Could someone let me know what could cause the ssl verify memory setup failure, or if the memory setup failure could be some kind of common error, such as something occurred by memory configuration, such as in login.conf? For your information, those worked before. Recently thinking about hardware issues, especially for RAM. Because I can't share detailed configurations, names, etc., I am wondering if someone could kindly give some advice on the above information. Any help and your time would be greatly appreciated indeed.
