LettuceEncrypt: Can not find issuer for staging server
Describe the bug A clear and concise description of what the bug is.
When setting "UseStagingServer": true, the following output is given when my server runs:
fail: LettuceEncrypt.Internal.AcmeCertificateLoader[0]
Failed to automatically create a certificate for [url removed]
Certes.AcmeException: Can not find issuer 'C=US,O=(STAGING) Internet Security Research Group,CN=(STAGING) Pretend Pear X1' for certificate 'C=US,O=(STAGING) Internet Security Research Group,CN=(STAGING) Bogus Broccoli X2'.
at Certes.Pkcs.CertificateStore.GetIssuers(Byte[] der)
at Certes.Pkcs.PfxBuilder.FindIssuers()
at Certes.Pkcs.PfxBuilder.Build(String friendlyName, String password)
at LettuceEncrypt.Internal.CertificateFactory.CompleteCertificateRequestAsync(IOrderContext order, CancellationToken cancellationToken)
at LettuceEncrypt.Internal.CertificateFactory.CreateCertificateAsync(CancellationToken cancellationToken)
at LettuceEncrypt.Internal.AcmeCertificateLoader.CreateCertificateAsync(String[] domainNames, CancellationToken cancellationToken)
fail: LettuceEncrypt.Internal.AcmeCertificateLoader[0]
Failed to create certificate
Certes.AcmeException: Can not find issuer 'C=US,O=(STAGING) Internet Security Research Group,CN=(STAGING) Pretend Pear X1' for certificate 'C=US,O=(STAGING) Internet Security Research Group,CN=(STAGING) Bogus Broccoli X2'.
at Certes.Pkcs.CertificateStore.GetIssuers(Byte[] der)
at Certes.Pkcs.PfxBuilder.FindIssuers()
at Certes.Pkcs.PfxBuilder.Build(String friendlyName, String password)
at LettuceEncrypt.Internal.CertificateFactory.CompleteCertificateRequestAsync(IOrderContext order, CancellationToken cancellationToken)
at LettuceEncrypt.Internal.CertificateFactory.CreateCertificateAsync(CancellationToken cancellationToken)
at LettuceEncrypt.Internal.AcmeCertificateLoader.CreateCertificateAsync(String[] domainNames, CancellationToken cancellationToken)
at LettuceEncrypt.Internal.AcmeCertificateLoader.LoadCerts(CancellationToken cancellationToken)
at LettuceEncrypt.Internal.AcmeCertificateLoader.<>c__DisplayClass15_0.<<ExecuteAsync>b__0>d.MoveNext()
Failed to automatically create a certificate for [url removed]
Certes.AcmeException: Can not find issuer 'C=US,O=(STAGING) Internet Security Research Group,CN=(STAGING) Pretend Pear X1' for certificate 'C=US,O=(STAGING) Internet Security Research Group,CN=(STAGING) Bogus Broccoli X2'.
To Reproduce Steps to reproduce the behavior:
- Using this version of the library ‘v1.0.1’
- Run this code ‘…’
- With these arguments ‘…’
- See error
Expected behavior A clear and concise description of what you expected to happen.
A staging cert will be generated
Screenshots If applicable, add screenshots to help explain your problem.
Additional context Add any other context about the problem here.
About this issue
- Original URL
- State: open
- Created 3 years ago
- Comments: 15 (7 by maintainers)
@orkylish @netclectic alternatively you can use
ICertificateAuthorityConfiguration’s new propertyIssuerCertificates. Internally, it is passed into certes the same way theAdditionalIssuersare, as shown by nate. You will have to manually pass the staging root certificate (what certificate exactly can be learned here: https://letsencrypt.org/docs/staging-environment/). For example, just read the text and add it to the options (or the property). LettuceEncrypt does not automatically register a staging certificate when you setUseStagingServertotrue- it has be done manually (unlike Certbot, when you pass--test-cert).Everything else should be clear if you read the xml documentation of
AdditionalIssuersthat nate included in his comment! I can also help if needed, you can just reply to me, here.Have you tried using the
AdditionalIssuersoption?https://github.com/natemcmaster/LettuceEncrypt/blob/4dfcf037ba0ebde9109c7ba503be39c094bc5e0d/src/LettuceEncrypt/LettuceEncryptOptions.cs#L51-L65