Certificates load by load_pem not working

1. Caddy version (caddy version):

v2.1.1

2. How I run Caddy:

caddy cli

a. System environment:

Mac

b. Command:

caddy run -config caddy.json

d. My complete Caddyfile or JSON config:

For a specific domain I would like to disable caddy’s automatic certificate retrieval and use my custom certificates.

Therefore I would like register the certificates using the caddy api (JSON Config Structure - Caddy Documentation 3).

Unfortunately caddy does not recognize the certificates:

{
"load_pem": [{
"certificate": "-----BEGIN CERTIFICATE----MIIGfzCCBWegAwIBAgISA8A1M8hcnrtS0B9BnyoZpvlHMA0GCSqGSIb3DQEBCwUAMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBFbmNyeXB0IEF1dG[...]-----END CERTIFICATE-----", 
"key":"-----BEGIN RSA PRIVATE KEY-----
MIIJNBFTBAAKCAgEA/y7t3GTcrWHJ+lsWGEvhUtAo7/S9l7DHw/A6DW7F88+wO[...]-----END RSA PRIVATE KEY-----"
}
]
}'

3. The problem I’m having:

“error”:“loading new config: loading http app module: provision http: getting tls app: loading tls app module: provision tls: loading certificates: PEM pair 0: tls: failed to find any PEM data in certificate input”}
I already tried to base64 encode both the certificate and the key, but this does not work either (same error message).

4. Error messages and/or full log output:

run: loading initial config: loading new config: loading http app module: provision http: getting tls app: loading tls app module: provision tls: loading certificates: PEM pair 0: tls: failed to find any PEM data in certificate input

I haven’t played around with that feature, but I think you might need to omit the ASCII armor (the ----- stuff) and only have the base64 contents of the PEM. Have you tried that?

Also, v2.1.1 is outdated at this point, please upgrade to v2.2.1

hi @francislavoie,

i have upgraded caddy to v2.2.1 and have tried updated caddy config after omiting ASCII armor.

           "certificates": {
               "load_pem": [ 
                   {
   					"@id":"local",
                       "key": "MHcCAQEEIMITGzUi9r3IAldcLRgTavTj/dWRokqt/msBupjZWg+OoAoGCCqGSM49AwEHoUQDQgAEf3nbqHqnVm[...]Lg==",
                       "certificate":"MIICgzCCAimgAwIBAgIUU63ZBpRAwDgYDVQQHEwdSZWxlaWdoMQ0wCwYDVQQKEwRFREpYMRQwEgYDVQQLEwtFbm[...]A0IABH=", 
                       "tags": [
                           ""
                       ]
                   }
               ]
           }
       }

Still giving same error :
run: loading initial config: loading new config: loading tls app module: provision tls: loading certificates: PEM pair 0: tls: failed to find any PEM data in certificate input

Hmm okay. So next, I recommend trying it with the ASCII armor, and also with the \n newlines in the value. PEM typically has a \n every 64th character of the contents.

Yes, Worked this time with ASCII armor. version was the issue.

Thanks !

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.