Error tls: failed to find certificate PEM data in certificate input, but did find a private key; PEM inputs may have been switched (code: 2)


#1

Hi!
I’ve just installed LoraServer, and downloaded the loraserver-certificates script to build the certificates.
That runs without any problem, but when I try to load them on the web interface (to create a network-server), I get this error:

Error tls: failed to find certificate PEM data in certificate input, but did find a private key; PEM inputs may have been switched (code: 2)

I’ve tried to re-create several times all the certificates, but no joy.
Anyone have seen the same problem?


#2

As the error indicates, you might have switched the private-key with the public key.


#3

I’m following the procedure at

I’ve even recreated again the entire server, just to be sure that I’m not doing something wrong. Is there any chance that there is a typo there on the instructions? Or should I go to buy a beer and try again after that? :slight_smile:


#4

Stop buying beers :wink: I’ve been able to reproduce the issue. Let me check!

Update: I’m able to reproduce this issue when starting from scratch. I think I might have introduced this typo after testing and just before committing. This will be fixed in 0.17.1 which I’ll release shortly. See:


#5

This has been released, this should fix your issue. Could you confirm?


#6

I’ve updated (from the repo) and now I’m getting another error:

Error context deadline exceeded (code: 2)

Using:
root@altue# lora-app-server -v
lora-app-server version 0.17.1
root@altue# loraserver -v
loraserver version 0.23.3

should I post the configuration and the certificates being used? or should I take another beer?? lol :slight_smile:


#7

That error usually appears at the appserver side when it is not able to connect to loraserver. You’d have to check the logs to be sure, but anything preventing loraserver from starting (another instance running, another program using that port, etc.) would result in this error.

Edit: I’ve just checked killing loraserver and didn’t get that error, so maybe I was misremembering. If you could show your logs that’d be great.


#8

Now I see on the logs:

Jan 25 21:16:55 altue lora-app-server[1301]: time=“2018-01-25T21:16:55-03:00” level=info msg=“creating network-server client” server=“localhost:8000"
Jan 25 21:16:55 altue loraserver[1198]: time=“2018-01-25T21:16:55-03:00” level=warning msg=“grpc: Server.Serve failed to create ServerTransport: connection error: desc = “transport: http2Server.HandleStreams received bogus greeting from client: \”\\x16\\x03\\x01\\x00\\xa4\\x01\\x00\\x00\\xa0\\x03\\x03{\\xf8\\x89\\\”\\xe82\\xceH\\xdc\\xdcMS\\xcf\”""
Jan 25 21:16:55 altue lora-app-server[1301]: time=“2018-01-25T21:16:55-03:00” level=warning msg=“Failed to dial localhost:8000: connection error: desc = “transport: authentication handshake failed: tls: first record does not look like a TLS handshake”; please retry.“
Jan 25 21:16:56 altue lora-app-server[1301]: time=“2018-01-25T21:16:56-03:00” level=error msg=“finished unary call with code Unknown” error=“rpc error: code = Unknown desc = context deadline exceeded” grpc.code=Unknown grpc.method=Create grpc.service=api.NetworkServer grpc.start_time=“2018-01-25T21:16:55-03:00” grpc.time_ms=537.572 peer.address=”[::1]:40216” span.kind=server system=grpc

related running processes:
root@altue:~# ps -ef | grep lora
gateway+ 1191 1 0 Jan25 ? 00:00:00 /usr/bin/lora-gateway-bridge
loraser+ 1195 1 0 Jan25 ? 00:00:38 /usr/bin/loraserver
postgres 1271 1254 0 Jan25 ? 00:01:51 postgres: loraserver_ns loraserver_ns ::1(54852) idle
appserv+ 1292 1 0 Jan25 ? 00:00:03 /usr/bin/lora-app-server
postgres 1302 1254 0 Jan25 ? 00:00:00 postgres: loraserver_as loraserver_as ::1(54856) idle

The relevant part of the configuration (all the certs are in /etc/default/lora-certs/, and the directory tree below that is generated automatically from loraserver-certificates):

/etc/default/lora-app-server:

ca certificate used by the api server (optional)

CA_CERT=/etc/default/lora-certs/ca/ca.pem

tls certificate used by the api server (optional)

TLS_CERT=/etc/default/lora-certs/lora-app-server/api/server/lora-app-server-api-server.pem

tls key used by the api server (optional)

TLS_KEY=/etc/default/lora-certs/lora-app-server/api/server/lora-app-server-api-server-key.pem

ca certificate used by the join-server api server

JS_CA_CERT=/etc/default/lora-certs/ca/ca.pem

tls certificate used by the join-server api server (optional)

JS_TLS_CERT=/etc/default/lora-certs/lora-app-server/join-api/server/lora-app-server-join-api-server.pem

tls key used by the join-server api server (optional)

JS_TLS_KEY=/etc/default/lora-certs/lora-app-server/join-api/server/lora-app-server-join-api-server-key.pem

/etc/default/loraserver:

JS_SERVER=https://localhost:8003

ca certificate used by the default join-server client

JS_CA_CERT=/etc/default/lora-certs/ca/ca.pem

tls certificate used by the default join-server client (optional)

JS_TLS_CERT=/etc/default/lora-certs/lora-app-server/join-api/client/lora-app-server-join-api-client.pem

tls key used by the default join-server client (optional)

JS_TLS_KEY=/etc/default/lora-certs/lora-app-server/join-api/client/lora-app-server-join-api-client-key.pem

any ideas???


Error context deadline exceeded
#9

Did you also update /etc/default/lora-app-server with:

CA_CERT=.../ca/ca.pem
TLS_CERT=.../loraserver/api/server/loraserver-api-server.pem
TLS_KEY=.../loraserver/api/server/loraserver-api-server-key.pem

You might have missed this section: https://github.com/brocaar/loraserver-certificates#certsloraserverapi


#10

@brocaar you are right :slight_smile:
These lines on the lora-app-server were commented out, so I’ve fixed that and now it’s working as expected!!! at least, I could create the network server with certificates!!!
Now I’m going to try the link from the Draguino 433mhz GW (one channel) that I’ve got, to the server. Also, I’ve got a RAK 433 Mhz gateway (with a Raspberry 3, full 8 channels), but I’m still looking at the frequencies that I should put on the configuration for that.

I’ll report back when I’ve got more info, but for now the certificate part is working great!!!
thanks a lot!


#11

Great, I’ll close this topic as the error you got was related to a bug which is has been fixed :slight_smile: Thanks for reporting!


closed #12