code-server: [Bug]: error RSA PRIVATE KEY not found from openssl output

Is there an existing issue for this?

  • I have searched the existing issues

OS/Web Information

  • Web Browser: Firefox
  • Local OS: Windows 10
  • Remote OS: Ubuntu 22.04 LTS Server
  • Remote Architecture: arm64
  • code-server --version: 4.3.0

Steps to Reproduce

  1. Install using installer script
  2. Modify config to:
bind-addr: 0.0.0.0:443
auth: password
password: ...
cert: true
  1. Read logs of service

Expected

code-server should start up normally.

Actual

code-server fails to start-up with error message in logs as seen below.

Logs

May 05 11:25:56 ubuntu code-server[17012]: [2022-05-05T11:25:56.314Z] error RSA PRIVATE KEY not found from openssl output: May 05 11:25:56 ubuntu code-server[17012]: —stdout— May 05 11:25:56 ubuntu code-server[17012]: -----BEGIN PRIVATE KEY----- May 05 11:25:56 ubuntu code-server[17012]: MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDBtlEnZLssezit May 05 11:25:56 ubuntu code-server[17012]: … May 05 11:25:56 ubuntu code-server[17012]: 85ApfDxbNKRPXB24sszXjhWI3A== May 05 11:25:56 ubuntu code-server[17012]: -----END PRIVATE KEY----- May 05 11:25:56 ubuntu code-server[17012]: —stderr— May 05 11:25:56 ubuntu code-server[17012]: code: 0

Screenshot/Video

No response

Does this issue happen in VS Code?

  • I cannot reproduce this in VS Code.

Are you accessing code-server over HTTPS?

  • I am using HTTPS.

Notes

This could be related: https://githubhot.com/repo/Chocobozzz/PeerTube/issues/4901, Ubuntu 22.04 LTS Server was running OpenSSL Version 3.0.2.

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 23 (10 by maintainers)

Most upvoted comments

Any clue on when this will be fixed? Doesn’t seem like there is much progress on pem side. The workaround I’m currently using is manually generating valid keys with mkcert , and passing those in code-server config.yaml . It works very well and it’s probably the easiest thing to do until this gets fixed

Hi @Newtoniano could you please explain how I can do this in simple steps? I apologize but I’m fairly new to this any assistance is greatly appreciated.

Sure @DNAMcKnight , I’m not a super expert myself but after many attempts I managed to get it to work for me.

  1. Read mkcert 's install instructions and install it on the machine that’s supposed to run code-server. Choose the method you prefer from the instructions, in my case on linux I first installed certutil with my package manager and then used the instructions for the precompiled binaries (didn’t really want to install another package manager like homebrew just for mkcert).
  2. Install the CA Authority by typing mkcert -install
  3. Navigate to a folder where you’d like to store the certificates you’re gonna generate, and then once inside type mkcert your_machine_ip 127.0.0.1 . You can type more addresses after that, any domain names you might want to use to reach the machine from your local network, if you need for example to access code-server from other devices. If what I suggested doesn’t work, just experiment withmkcert inside that folder and insert any IP’s and hostnames afterwards with spaces between each other, until you generate some certificates that work for your use case.
  4. Mkcert has now generated two .pem files inside that folder. Now edit the code-server config file with nano ~/.config/code-server/config.yaml (or whatever the path to the code-server file is on your machine) and add the following two lines (customized for your specific case)cert: path_to_your_cert_folder/cert_name.pem and cert-key: path_to_your_cert_folder/cert_name-key.pem . Save and close.
  5. Restart code server.

My configuration is slightly different from this, so what I told you might not work for you because that’s not exactly how mine is set up and I can’t really check if everything I said is 100% correct right now (probably not, this stuff is complicated if you haven’t much experience with it), so you’d have to experiment a little bit especially with what addresses you pass exactly to mkcert when generating the certificates. But you should be able to get it to work, in general this is the correct workflow. Tagging @GuilhermeSCLima in case he is still stuck on this step.

+9
Newtoniano on Aug 13, 2022

Any clue on when this will be fixed? Doesn’t seem like there is much progress on pem side.

The workaround I’m currently using is manually generating valid keys with mkcert , and passing those in code-server config.yaml . It works very well and it’s probably the easiest thing to do until this gets fixed

+4
Newtoniano on Jun 25, 2022

Ah got it! No worries. I am a noob when it comes to working with openssl, etc too. I’ve added this as high priority so hoping we can get to it soon!

+2
jsjoeio on Jun 28, 2022

Please mark this issue as closed. Latest release fixed the issue.

+1
brynne8 on Nov 6, 2023

But GitHub releases only has up to 1.14.4 and NPM has 1.14.6 but not 1.14.5 even though the package.json in the repo says 1.14.5 so I am not sure what is going on haha

+1
code-asher on May 10, 2022

Maybe we just need to update pem?

+1
code-asher on May 9, 2022
Read more comments on GitHub
← code-server: [Bug]: error Forbidden HttpError: Forbidden
code-server: [Bug]: 'Error: WebSocket close with status code 1006' behind nginx proxy →