SSL Issues - Enter PEM pass phrase

My Installation is container. It isn’t exposed to the internet. I use VPN via OpenVPN to connect in remotely. The SSL is just for the mobile app to work and a few other things (iFrame into Grafana for example). I have a domain, which i’ve created an external DNS A-record to point to a 192.x.x.x IP address and i use an SSL cert on that address. It worked really well previously, but my SSL cert expired and I decided to go with a renew via a cheaper cert from cheapnames.

I created the CSR via a terminal from another container on the same host. I sent it through to cheapnames, and it generated some files (once i’d validated via DNS CNAME):

image
(the bit in the files I’ve hidden is just my domain name)

Previously, when it was working the files were .cer and .key which i used in my http config to get it all working (i.e. no NGINX proxy or anything - just yet) :slight_smile:

Clearly, i don’t know much about SSL certificates, i tried using the new files in their place, and that didn’t work. Then i read i need to convert the files to CER using openssl via terminal:

openssl pkcs7 -print_certs -in domain-name.p7b  -out domain-name.cer

image

Here’s my log output, created after reboot.

Note the line “Enter PEM pass phrase”.

Any ideas?

Sorry, the bit i missed off was how i generated the CSR and the KEY, so just for clarity - on another container i ran:

openssl genrsa -des3 -out domain-name.key 2048

Then i entered a passphrase when prompted. Then i ran:

openssl req -new -key domain-name.key -out domain-name.csr

and i entered the pass phrase again and filled in all the details (country name, etc etc)

I then copied the key file into my home assistant config folder, and used the CSR to generate the certificates via cheapnames

I removed the passphrase from my KEY file as follows, which resolved it for me. Hope it helps someone else.

openssl rsa -in [original.key] -out [new.key]

Remove passphrase from certificate key (cloud66.com)