Re: No Private Key found in '/etc/letsencrypt/live/www.mydomain.org/fullchain.pem.key

[Christoph Kukulies]

William, Shawn, 

excuses for responding with delay. I've been offline for the past 24 hours.
Here more infomation:

root@mail:/etc/haproxy# /usr/sbin/haproxy --version
HAProxy version 2.4.22-0ubuntu0.22.04.2 2023/08/14 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2 2026.
Known bugs: http://www.haproxy.org/bugs/bugs-2.4.22.html
Running on: Linux 5.15.0-87-generic #97-Ubuntu SMP Mon Oct 2 21:09:21 UTC 2023 
x86_64


Here is my haproxy.cfg.

global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        pidfile /var/run/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin
        stats timeout 30s
        maxconn 4000
        user haproxy
        group haproxy
        daemon

        # Default SSL material locations
        ca-base /etc/ssl/apache2/certs
        crt-base /etc/ssl/apache2/private

        # Default ciphers to use on SSL-enabled listening sockets.
        # For more information, see ciphers(1SSL). This list is from:
        #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
        ssl-default-bind-ciphers 
ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
        ssl-dh-param-file /etc/haproxy/dhparams.pem
        ssl-default-bind-options no-sslv3

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http
    log global
    mode http
    compression algo gzip
    compression type text/html text/css text/plain text/vcard 
text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy 
application/atom+xml application/javascript application/x-javascript 
application/json application/ld+json application/manifest+json 
application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject 
application/x-font-ttf application/x-web-app-manifest+json 
application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml 
image/x-icon text/cache-manifest
    balance roundrobin
    option dontlog-normal
    option dontlognull
    option httpclose
    option forwardfor

frontend http-in
    bind *:80
    bind *:443 ssl crt /etc/letsencrypt/live/www.mydomain.org/fullchain.pem

    # Redirect if HTTPS is *not* used
    redirect scheme https code 301 if !{ ssl_fc }

    acl letsencrypt-acl path_beg /.well-known/acme-challenge/

    use_backend letsencrypt-backend if letsencrypt-acl
    default_backend website

    log /dev/log local2 debug

    acl is_static       path_beg /export/ /opencms/ /resources/ /javadoc/ 
/VAADIN/ /workplace /opencms-login/
    acl is_website      hdr_beg(host) -i www.mydomain.org
    use_backend website-static if is_website is_static
    use_backend website if is_website

backend letsencrypt-backend
    server letsencrypt 127.0.0.1:8888

backend website-static
    server www.mydomain.org 127.0.0.1:8080

backend website
    reqirep ^([^\ :]*)\ /(.*) \1\ /opencms/\2
    server www.mydomain.org 127.0.0.1:8080

> Am 01.11.2023 um 23:14 schrieb William Lallemand <wlallem...@haproxy.com>:
> 
In /etc/letsencrypt/live/www.mydomain.org <http://www.mydomain.org/> I have:

lrwxrwxrwx 1 root root  41 Oct 23 17:22 cert.pem -> 
../../archive/www.mydomain.org/cert12.pem
lrwxrwxrwx 1 root root  42 Oct 23 17:22 chain.pem -> 
../../archive/www.mydomain.org/chain12.pem
lrwxrwxrwx 1 root root  46 Oct 23 17:22 fullchain.pem -> 
../../archive/www.mydomain.org/fullchain12.pem
lrwxrwxrwx 1 root root  13 Nov  1 12:12 fullchain.pem.key -> fullchain.pem
lrwxrwxrwx 1 root root  44 Oct 23 17:22 privkey.pem -> 
../../archive/www.mydomain.org/privkey12.pem
lrwxrwxrwx 1 root root  11 Nov  1 12:11 privkey.pem.key -> privkey.pem
-rw-r--r-- 1 root root 692 Nov 13  2021 README

But note, that the file ending on .key are put there on an expermental basis, 
because I read somewhere in the haproxy docs that one could a file with 
extension .key
there and haproxy then adds interprets that as the private key. Location for 
this hint escaped me for the moment.

--
Christoph



> On Wed, Nov 01, 2023 at 03:48:56PM -0600, Shawn Heisey wrote:
>> The LE fullchain file does not contain the key.  It contains 3 
>> certificates. ... the server cert, the issuing cert, and the root cert 
>> ... which is not what you want.  For letsencrypt, the file that you give 
>> to haproxy must contain the server cert, the issuing cert, and the 
>> private key.
> 
> Actually you can separate the key from the chain with haproxy, but
> without the configuration it's difficult to know what it's trying to
> load.
> 
> http://docs.haproxy.org/2.8/configuration.html#ssl-load-extra-files
> 
> With the 'key' option it's able to load a 'file.pem.key' if you
> specified 'crt file.pem' in your configuration
> 
> 
>> You do not want to include the root certificate.  It will be ignored
>> by the browser even if it is included, but it will probably slow down
>> TLS negotiation by a small amount.  The presence of the root
>> certificate in the TLS handshake should not actually break anything in
>> most cases, but it could result in a lower score on the Qualys Labs
>> SSL test.
>> 
> 
> You can also ask haproxy to ignore the root CA in the configuration:
> 
> http://docs.haproxy.org/2.8/configuration.html#ssl-skip-self-issued-ca
> 
> 
>> When my renewal script finishes, I have a file containing four things: 
>> The server cert, the issuing cert, the private key, and a unique 4096 
>> bit DHPARAM.  This combination is ideal for haproxy.
>> 
>> The version of certbot that I am using generates 256-bit ECDSA keys by 
>> default.  You might be thinking that a 256 bit ECDSA key cannot be as 
>> secure as a 2048 bit RSA key, but that is incorrect:
>> 
>> https://www.baeldung.com/cs/encryption-asymmetric-algorithms#3-key-length
>> 
>> Some of the equipment I use will not work with ECDSA keys, so I have a 
>> second cert with a subset of names that I build using 4096 bit RSA.
>> 
> 
> There is a lot of possibility to configure this, we are trying to move
> forward to a configuration where we can specifiy files separately so
> there would be nothing to do in the future, but unfortunately there is
> still development to do.
> 
> -- 
> William Lallemand
> 

smime.p7s
Description: S/MIME cryptographic signature