Third party SSL not working: No sets found

Problem Description

I’ve been trying to get third party SSL certificates to work, but sympl-ssl doesn’t seem to be able to see them. I’ve written up my steps in here, but in short I’m using Dehydrated to generate DNS-verified SSL certificates (which generate fine) then trying to load them on a sympl site.

I’ve copied the certificates as an SSL set directory, but when I use sympl-ssl to select them (as per the wiki), it just errors out with the message No sets found and I haven’t been able to get any further.

cat > /etc/dehydrated/hooks/deploy-cert/sympl <<EOF
echo 'false' > /srv/\$DOMAIN/config/ssl-provider
mkdir -p /srv/\$DOMAIN/config/ssl/sets/dehydrated
cat "\${CERTFILE}" > /srv/\$DOMAIN/config/ssl/sets/dehydrated/ssl.crt
cat "\${CHAINFILE}" > /srv/\$DOMAIN/config/ssl/sets/dehydrated/ssl.bundle
cat "\${KEYFILE}" > /srv/\$DOMAIN/config/ssl/sets/dehydrated/ssl.key
cat "\${FULLCHAINFILE}" "\${KEYFILE}" > /srv/\$DOMAIN/config/ssl/sets/dehydrated/ssl.combined
sympl-ssl \$DOMAIN --verbose --select dehydrated

Full reproduction steps

Any Error Messages

sympl@[hostname]:/srv/[]/config$ ls -la ssl/sets/dehydrated/
total 24
drwxr-sr-x 2 root sympl 4096 May  1 19:41 .
drwxr-sr-x 3 root sympl 4096 May  1 19:36 ..
-rw-r--r-- 1 root sympl 1827 May  1 19:41 ssl.bundle
-rw-r--r-- 1 root sympl 3748 May  1 19:41 ssl.combined
-rw-r--r-- 1 root sympl 1562 May  1 19:41 ssl.crt
-rw-r--r-- 1 root sympl  359 May  1 19:41 ssl.key

sympl@[hostname]:/srv/[]/config$ sudo sympl-ssl [] --verbose --select dehydrated
[sudo] password for sympl: 
Certificate sets for []:
	** No sets found


  • Sympl Version 12:
  • Sympl Testing Version? No
  • Debian Version: Bookworm
  • Hardware Type? Virtual
  • Hosted On? DNS on Mythic, VPS on Proxmox locally

Ok, so it looks like the first of the issues is that Dehydrated generated an ECC private key, which sympl-ssl doesn’t support (though the error messages don’t make this clear at all). Changing KEY_ALGO from secp384r1 to rsa in the Dehydrated config gets things one step closer.

However, I now hit an actual bug in sympl-ssl. While I’m no Ruby developer, it looks to me like it could be a alphabetical sorting algorithm not handling a single item list properly.

sympl@[hostname]:$ sudo sympl-ssl [] --verbose --select dehydrated
Certificate sets for []:
	SSL set dehydrated: signed by /C=US/O=Let's Encrypt/CN=R3, expires 2024-08-02 19:10:52 UTC
/usr/lib/ruby/vendor_ruby/symbiosis/ssl/certificate_set.rb:82:in `<=>': undefined method `name' for nil:NilClass (NoMethodError) <=>
	from /usr/sbin/sympl-ssl.rb:225:in `=='
	from /usr/sbin/sympl-ssl.rb:225:in `block in <main>'
	from /usr/sbin/sympl-ssl.rb:196:in `each'
	from /usr/sbin/sympl-ssl.rb:196:in `<main>'

@techwilk Awesome work on this, and your merge request has been accepted, and the changes are now in Sympl!

Great, thank you!
Glad to see it fixed

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.