Buypass Company Site
Search

Welcome to the Community!
Search the community
HomeGO SSL ACMEQuestions
2

Chain/fullchain file contains unexpected characters

Chain file contains unexpected characters also partially in DOS format (with CRLF)

While obtaining a certificate using certbot 0.28.0 the saved chain file contains additional characters at the beginnig (the last 35 bytes from the cert file, including the string -----END CERTIFICATE-----)
Also the chain file is in DOS/Windows line ending format compared to he certificate which is in the normal Linux line ending format.

The resulted fullchain file also contain the surplus lines between the certificate and the intermediate chain certificate. Also the resulted fullchain file has a mixture of lineendings (the certificate part with Linux line ending, and the chain part with dos/windows line ending).

however this is not a critical bug, usually every software can handle this malformed file, but would be nice to have a fix for this.

Otherwise a great service. Congratulations for it !

3replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular

  • Hi Jozsef Szilagyi

     

    Thanks for raising this question and feedback! We have verified our implementation

    and  the chain, as returned from API and didn’t find any divergences from

    https://tools.ietf.org/html/rfc8555#section-9.1 that refers to the

    https://tools.ietf.org/html/rfc7468

     

    Chain has following format: 

    -----BEGIN CERTIFICATE-----CRLF
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXCRLF
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXCRLF
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXCRLF
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXCRLF
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXCRLF
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXCRLF
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXCRLF
XXXXXXXXXXXXXXXXXXCRLF
-----END CERTIFICATE-----CRLF
-----BEGIN CERTIFICATE-----CRLF
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXCRLF
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXCRLF
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXCRLF
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXCRLF
XXXXXXXXXXXXXXXXXXCRLF
-----END CERTIFICATE-----CRLF

     

    Please let us know if you see we are missing something.

     

    Regards,

    Andriy

    Like

  • Hello Andriy,

    than maybe this is a certbot issue,

    let me upload a sample chain file obtained by certbot:
     

    chain2.pem
    Like 1

    • Hello Andriy,
      After verifying the certbot's debug log, is seems that you are sending the certificate chain as you described, and it seems there is a certbot issue when this chain has line ending with CRLF

      Like 1
Replies are closed
Like2
  • Status Answered
  • 2 Likes
  • 4 yrs agoLast active
  • 3Replies closed
  • 156Views
  • 2 Following

Powered by Forumbee

Home

 View all topics

Buypass Official Community

This is the official community of Buypass.  A Root CA located in Norway.

Sign-up using free email domains have been blocked due to increased spam. https://community.forumbee.com/t/63zsyt/blocked-email-domains

Buypass Company Site