Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Can not find issuer for staging server
See original GitHub issueDescribe the bug A clear and concise description of what the bug is.
When setting "UseStagingServer": true, the following output is given when my server runs:
fail: LettuceEncrypt.Internal.AcmeCertificateLoader[0]
Failed to automatically create a certificate for [url removed]
Certes.AcmeException: Can not find issuer 'C=US,O=(STAGING) Internet Security Research Group,CN=(STAGING) Pretend Pear X1' for certificate 'C=US,O=(STAGING) Internet Security Research Group,CN=(STAGING) Bogus Broccoli X2'.
at Certes.Pkcs.CertificateStore.GetIssuers(Byte[] der)
at Certes.Pkcs.PfxBuilder.FindIssuers()
at Certes.Pkcs.PfxBuilder.Build(String friendlyName, String password)
at LettuceEncrypt.Internal.CertificateFactory.CompleteCertificateRequestAsync(IOrderContext order, CancellationToken cancellationToken)
at LettuceEncrypt.Internal.CertificateFactory.CreateCertificateAsync(CancellationToken cancellationToken)
at LettuceEncrypt.Internal.AcmeCertificateLoader.CreateCertificateAsync(String[] domainNames, CancellationToken cancellationToken)
fail: LettuceEncrypt.Internal.AcmeCertificateLoader[0]
Failed to create certificate
Certes.AcmeException: Can not find issuer 'C=US,O=(STAGING) Internet Security Research Group,CN=(STAGING) Pretend Pear X1' for certificate 'C=US,O=(STAGING) Internet Security Research Group,CN=(STAGING) Bogus Broccoli X2'.
at Certes.Pkcs.CertificateStore.GetIssuers(Byte[] der)
at Certes.Pkcs.PfxBuilder.FindIssuers()
at Certes.Pkcs.PfxBuilder.Build(String friendlyName, String password)
at LettuceEncrypt.Internal.CertificateFactory.CompleteCertificateRequestAsync(IOrderContext order, CancellationToken cancellationToken)
at LettuceEncrypt.Internal.CertificateFactory.CreateCertificateAsync(CancellationToken cancellationToken)
at LettuceEncrypt.Internal.AcmeCertificateLoader.CreateCertificateAsync(String[] domainNames, CancellationToken cancellationToken)
at LettuceEncrypt.Internal.AcmeCertificateLoader.LoadCerts(CancellationToken cancellationToken)
at LettuceEncrypt.Internal.AcmeCertificateLoader.<>c__DisplayClass15_0.<<ExecuteAsync>b__0>d.MoveNext()
Failed to automatically create a certificate for [url removed]
Certes.AcmeException: Can not find issuer 'C=US,O=(STAGING) Internet Security Research Group,CN=(STAGING) Pretend Pear X1' for certificate 'C=US,O=(STAGING) Internet Security Research Group,CN=(STAGING) Bogus Broccoli X2'.
To Reproduce Steps to reproduce the behavior:
- Using this version of the library ‘v1.0.1’
- Run this code ‘…’
- With these arguments ‘…’
- See error
Expected behavior A clear and concise description of what you expected to happen.
A staging cert will be generated
Screenshots If applicable, add screenshots to help explain your problem.
Additional context Add any other context about the problem here.
Issue Analytics
- State:
- Created 2 years ago
- Comments:15 (7 by maintainers)
Top Results From Across the Web
Can not find issuer 'C=US,O=(STAGING) Internet Security ...
I am about to create a new wildcard certificate by fszlin.certes(https://github.com/fszlin/certes). Here is my code: var context = await ...
Read more >Error building certificate as PFX - Cannot find issuer
Hey all, Great product this :slight_smile: I've recently had an issue trying to generate a test certificate. Now I've read online there was ......
Read more >certificate fails for staging.mydomain.com
Are certificates valid for subdomains? This depends on the certificate. A wildcard certificate with a subject alternative names of ...
Read more >Troubleshooting Problems with ACME / Let's Encrypt ...
First of all check if the (Cluster)Issuer you're using is in a ready state: $ kubectl get issuer. $ kubectl get clusterissuer. NAME...
Read more >Using ACME to issue certificates
The following Issuer example uses a staging server that is provided by Let's Encrypt. The important details are the server name and the...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@orkylish @netclectic alternatively you can use
ICertificateAuthorityConfiguration’s new propertyIssuerCertificates. Internally, it is passed into certes the same way theAdditionalIssuersare, as shown by nate. You will have to manually pass the staging root certificate (what certificate exactly can be learned here: https://letsencrypt.org/docs/staging-environment/). For example, just read the text and add it to the options (or the property). LettuceEncrypt does not automatically register a staging certificate when you setUseStagingServertotrue- it has be done manually (unlike Certbot, when you pass--test-cert).Everything else should be clear if you read the xml documentation of
AdditionalIssuersthat nate included in his comment! I can also help if needed, you can just reply to me, here.Have you tried using the
AdditionalIssuersoption?https://github.com/natemcmaster/LettuceEncrypt/blob/4dfcf037ba0ebde9109c7ba503be39c094bc5e0d/src/LettuceEncrypt/LettuceEncryptOptions.cs#L51-L65