0

I am having with an App that is not serving the intermediate certificate to the clients.

As a workaround I wanted to add the intermediate certificate (Let's Encrypt X3) to the ca-certificates and followed the steps described over here: How do I install a root certificate?

Unfortunately, I am getting this error:

syntax error at /usr/local/bin/c_rehash line 15, near “= ;”

syntax error at /usr/local/bin/c_rehash line 16, near “= ;”

Execution of /usr/local/bin/c_rehash aborted due to compilation errors.

What am I doing wrong?

Community
  • 1
neik
  • 11

2 Answers2

0

To install a Let's Encrypt certificate, use certbot utility. It is well documented.

You simple have to do:

sudo add-apt-repository ppa:certbot/certbot
sudo apt install python-certbot-apache 
sudo certbot
estibordo
  • 1,294
  • I already have certbot installed and a Let's Encrypt certificate successfully created.

    The problem I have is that when I do curl https://domain:port -v I get this output: https://paste.ubuntu.com/p/sRKzpFP4yn/

    I can solve this issue by pointing to the lets-encrypt-x3-cross-signed.pem that is provided by Let’s Encrypt over here: https://letsencrypt.org/certificates/

    The output of curl https://domain:8920/ --cacert /tmp/lets-encrypt-x3-cross-signed.pem -v looks like this: https://paste.ubuntu.com/p/rCDSm5vbvJ/

    What I want to do know is to add the cross signed cert to the root ones.

     – neik May 13 '18 at 10:01
  • You need to verify your certificate installation. The output of curl is not expected for a successful installation. – estibordo May 14 '18 at 22:16
  • don't forget to run sudo apt-get update before sudo apt install python-certbot-apache or it might give you a couldn't locate error – Barney Chambers Feb 27 '19 at 07:06
0

You are not doing anything wrong. The c_rehash perl script which is being executed was not built correctly during the openssl installation.

If you open c_rehash, you can see the lines with the errors. The built script does not have any values set, the "= ;" code. This causes the error.

man c_rehash to see what it does. In short, it hashes the .crt/.pem files in the default directory and generates symlinks which point to the .crt/.pem files. Why? Some programs use these hashes rather than the actual name.

You can find the default directory that openssl has configured (installation directory) using the 'openssl version -a' command and look at the OPENSSLDIR. Use this value in the c_rehash perl script (make sure to surround with double quotes) for both $dir and $prefix.

I don't know why the build script did not work correctly during the installation; probably a bug fixed in a later release. I was on 1.0.2o.

user840699
  • 1