pivpn: creating ovpn profile file error: client public key certificate not found: luk:crt
when doing pivpn -a to create ovpn profile i receive error: client public key certificate not found: luk:crt
terminal output
pi@raspberrypi:~ $ pivpn -a
Enter a Name for the Client: luk
How many days should the certificate last? 1080
Enter the password for the client:
Enter the password again to verify:
spawn ./easyrsa build-client-full luk
* Notice:
Using Easy-RSA configuration from: /etc/openvpn/easy-rsa/pki/vars
* Notice:
Using SSL: openssl OpenSSL 1.1.1n 15 Mar 2022
Generating an EC private key
writing new private key to '/etc/openvpn/easy-rsa/pki/cec563f8/temp.d06e5a30'
Enter PEM pass phrase:
1996427328:error:28078065:UI routines:UI_set_result_ex:result too small:../crypto/ui/ui_lib.c:905:You must type in 4 to 1024 characters
1996427328:error:2807106B:UI routines:UI_process:processing error:../crypto/ui/ui_lib.c:545:while reading strings
1996427328:error:0906406D:PEM routines:PEM_def_callback:problems getting password:../crypto/pem/pem_lib.c:59:
1996427328:error:0907E06F:PEM routines:do_pk8pkey:read key:../crypto/pem/pem_pk8.c:83:
Easy-RSA error:
Failed to generate request
Host: nix | Linux | /bin/bash
expect: spawn id exp4 not open
while executing
"expect eof"
[2022-08-24T09:19:31+0100]: [ERROR]: Client Public Key Certificate not found: luk.crt
In raising this issue, I confirm the following:
{please fill the checkboxes, e.g: [X]}
- I have read the documentation
- Is it a feature request? please consider opening a [Discussion] (https://github.com/pivpn/pivpn/discussions/new)
- I have read and understood the contributors guide.
- The issue I am reporting can be replicated.
- The issue I am reporting is directly related to the pivpn installer script.
- [?] The issue I am reporting isn’t a duplicate (see FAQs, closed issues, and open issues).
Has your install failed?
no
Describe the issue
when doing pivpn -a to create ovpn profile i receive error: client public key certificate not found: luk:crt
Expected behavior ovpns file gets created Screenshots If applicable, add screenshots to help explain your problem.
Can you replicate the issue? Describe the steps below
Steps to reproduce the behavior:
- Go to ‘terminal’
- Click on ‘type pivpn -c’
- Scroll down to 'error ’
Have you searched for similar issues and solutions?
(yes/no / which issues?)
Yes
Additional context Add any other context about the problem here.
Have you taken any steps towards solving your issue?
spoken to many people
Please provide your system information
What type of hardware are you running PiVPN at?
Raspberrypi 2 Quad core starter
Output of uname -a
Linux raspberrypi 5.15.56-v7+ #1575 SMP Fri Jul 22 20:28:11 BST 2022 armv7l GNU/Linux
Output of cat /etc/os-release
PRETTY_NAME="Raspbian GNU/Linux 11 (bullseye)"
NAME="Raspbian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=raspbian
ID_LIKE=debian
HOME_URL="http://www.raspbian.org/"
SUPPORT_URL="http://www.raspbian.org/RaspbianForums"
BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"eans
If install failed Please provide the console output of curl -L https://install.pivpn.io | bash
n/a
Console output of curl -L install.pivpn.io | bash
n/a
Console output of pivpn add or pivpn add nopass
pi@raspberrypi:~ $ pivpn -a
Enter a Name for the Client: pi
How many days should the certificate last? 1080
Enter the password for the client:
Enter the password again to verify:
spawn ./easyrsa build-client-full pi
* Notice:
Using Easy-RSA configuration from: /etc/openvpn/easy-rsa/pki/vars
* Notice:
Using SSL: openssl OpenSSL 1.1.1n 15 Mar 2022
Generating an EC private key
writing new private key to '/etc/openvpn/easy-rsa/pki/78e1fa0f/temp.4c8ba8c2'
Enter PEM pass phrase:
1995579456:error:28078065:UI routines:UI_set_result_ex:result too small:../crypto/ui/ui_lib.c:905:You must type in 4 to 1024 characters
1995579456:error:2807106B:UI routines:UI_process:processing error:../crypto/ui/ui_lib.c:545:while reading strings
1995579456:error:0906406D:PEM routines:PEM_def_callback:problems getting password:../crypto/pem/pem_lib.c:59:
1995579456:error:0907E06F:PEM routines:do_pk8pkey:read key:../crypto/pem/pem_pk8.c:83:
Easy-RSA error:
Failed to generate request
Host: nix | Linux | /bin/bash
expect: spawn id exp4 not open
while executing
"expect eof"
[2022-08-24T12:41:35+0100]: [ERROR]: Client Public Key Certificate not found: pi.crt
Console output of pivpn debug
pi@raspberrypi:~ $ pivpn debug
::: Generating Debug Output
:::: PiVPN debug ::::
=============================================
:::: Latest commit ::::
Branch: master
Commit: 60f83d2d3f3b01568c251767a61f4d3ad01e532c
Author: 4s3ti
Date: Mon Aug 22 22:47:39 2022 +0200
Summary: docs: README
=============================================
:::: Installation settings ::::
PLAT=Raspbian
OSCN=bullseye
USING_UFW=0
pivpnforceipv6route=1
IPv4dev=wlan0
IPv4addr=192.168.1***
IPv4gw=192.***
install_user=pi
install_home=/home/pi
VPN=openvpn
pivpnPROTO=udp
pivpnPORT=1194
pivpnDNS1=8.8.8.8
pivpnDNS2=8.8.4.4
pivpnSEARCHDOMAIN=
pivpnHOST=REDACTED
TWO_POINT_FOUR=1
pivpnENCRYPT=256
USE_PREDEFINED_DH_PARAM=
INPUT_CHAIN_EDITED=0
FORWARD_CHAIN_EDITED=0
INPUT_CHAIN_EDITEDv6=
FORWARD_CHAIN_EDITEDv6=
pivpnDEV=tun0
pivpnNET=10.160.166.0
subnetClass=24
pivpnenableipv6=0
ALLOWED_IPS=""
UNATTUPG=1
INSTALLED_PACKAGES=(unattended-upgrades)
HELP_SHOWN=1
=============================================
:::: Server configuration shown below ::::
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/raspberrypi_3415367d-55ff-4e44-bd8f-f32804630511.crt
key /etc/openvpn/easy-rsa/pki/private/raspberrypi_3415367d-55ff-4e44-bd8f-f32804630511.key
dh none
ecdh-curve prime256v1
topology subnet
server 10.160.166.0 255.255.255.0
# Set your primary domain name server address for clients
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
# Prevent DNS leaks on Windows
push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
client-config-dir /etc/openvpn/ccd
keepalive 15 120
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
user openvpn
group openvpn
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 3
#DuplicateCNs allow access control on a less-granular, per user basis.
#Remove # if you will manage access by user instead of device.
#duplicate-cn
# Generated for use by PiVPN.io
=============================================
:::: Client template file shown below ::::
client
dev tun
proto udp
remote REDACTED 1194
resolv-retry infinite
nobind
remote-cert-tls server
tls-version-min 1.2
verify-x509-name raspberrypi_3415367d-55ff-4e44-bd8f-f32804630511 name
cipher AES-256-CBC
auth SHA256
auth-nocache
verb 3
=============================================
:::: Recursive list of files in ::::
::: /etc/openvpn/easy-rsa/pki shows below :::
/etc/openvpn/easy-rsa/pki/:
ca.crt
crl.pem
Default.txt
index.txt
index.txt.attr
index.txt.attr.old
index.txt.old
issued
openssl-easyrsa.cnf
private
revoked
safessl-easyrsa.cnf
serial
serial.old
ta.key
vars
vars.example
/etc/openvpn/easy-rsa/pki/issued:
raspberrypi_3415367d-55ff-4e44-bd8f-f32804630511.crt
/etc/openvpn/easy-rsa/pki/private:
ca.key
raspberrypi_3415367d-55ff-4e44-bd8f-f32804630511.key
/etc/openvpn/easy-rsa/pki/revoked:
private_by_serial
reqs_by_serial
/etc/openvpn/easy-rsa/pki/revoked/private_by_serial:
/etc/openvpn/easy-rsa/pki/revoked/reqs_by_serial:
=============================================
:::: Self check ::::
:: [OK] IP forwarding is enabled
:: [OK] Iptables MASQUERADE rule set
:: [OK] OpenVPN is running
:: [OK] OpenVPN is enabled
(it will automatically start on reboot)
:: [OK] OpenVPN is listening on port 1194/udp
=============================================
:::: Having trouble connecting? Take a look at the FAQ:
:::: https://docs.pivpn.io/faq
=============================================
:::: Snippet of the server log ::::
Aug 24 09:30:05 raspberrypi ovpn-server[464]: net_route_v4_best_gw result: via REDACTED dev
Aug 24 09:30:05 raspberrypi ovpn-server[464]: CRL: loaded 1 CRLs from file /etc/openvpn/crl.pem
Aug 24 09:30:05 raspberrypi ovpn-server[464]: ECDH curve prime256v1 added
Aug 24 09:30:05 raspberrypi ovpn-server[464]: Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Aug 24 09:30:05 raspberrypi ovpn-server[464]: Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Aug 24 09:30:05 raspberrypi ovpn-server[464]: Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Aug 24 09:30:05 raspberrypi ovpn-server[464]: Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Aug 24 09:30:06 raspberrypi ovpn-server[464]: TUN/TAP device tun0 opened
Aug 24 09:30:06 raspberrypi ovpn-server[464]: net_iface_mtu_set: mtu 1500 for tun0
Aug 24 09:30:06 raspberrypi ovpn-server[464]: net_iface_up: set tun0 up
Aug 24 09:30:06 raspberrypi ovpn-server[464]: net_addr_v4_add: 10.160.166.1/24 dev tun0
Aug 24 09:30:06 raspberrypi ovpn-server[464]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Aug 24 09:30:06 raspberrypi ovpn-server[464]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Aug 24 09:30:06 raspberrypi ovpn-server[464]: UDPv4 link local (bound): [AF_INET][undef]:1194
Aug 24 09:30:06 raspberrypi ovpn-server[464]: UDPv4 link remote: [AF_UNSPEC]
Aug 24 09:30:06 raspberrypi ovpn-server[464]: GID set to openvpn
Aug 24 09:30:06 raspberrypi ovpn-server[464]: UID set to openvpn
Aug 24 09:30:06 raspberrypi ovpn-server[464]: MULTI: multi_init called, r=256 v=256
Aug 24 09:30:06 raspberrypi ovpn-server[464]: IFCONFIG POOL IPv4: base=10.160.166.2 size=252
Aug 24 09:30:06 raspberrypi ovpn-server[464]: Initialization Sequence Completed
=============================================
:::: Debug complete ::::
:::
::: Debug output completed above.
::: Copy saved to /tmp/debug.log
:::
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Comments: 23 (6 by maintainers)
Commits related to this issue
- fix(makeovpn): Remove expect dependency Remove dependency on expect Fix issue #1600 and #1601 — committed to pivpn/pivpn by coolapso 2 years ago
thank you @luk113 for filling the template. No need @yonsaber thanks a lot.
I can now confirm that this is most likely a bug introduced with the last update to the script, and its actually showing up on our tests, however for some reason its not causing them to fail.
https://app.travis-ci.com/github/pivpn/pivpn/jobs/580632499#L519
I will look into it and hopefully push a fix today or latest tomorrow. Will let you know when its fixed.
No its fine git pull should work fine as well, considering you have not change branch.
however, but note the difference on my command from the one you have (which was mistakenly the one i Gave before)!
git pull origin/masteris wrong … the correct isgit pull origin master(without the blackslash and a space instead). it was my fault that wrote it in the wrong way in the first time.@4s3ti is the update that @luk113 provided in the top post of the issue, does that align with the template and provide enough information ? Happy to provide my own data if needed
Also having this issue on a fresh install, not adding a duplicate ticket. Fresh install from today