无法将LetsEncrypt证书与自定义域一起使用 [英] Can't use LetsEncrypt certificate with custom domain
问题描述
我有一个带有自定义域的CDN端点(Microsoft的Azure CDN Standard)。我从LetsEncrypt获得了自定义域的证书,并已将证书上传到keyvault。现在我正在尝试让CDN端点使用它。
所以我转到门户网站的自定义域页面 - >设置"自定义域HTTPS"到"开" - >设置"证书管理类型" "使用我自己的证书" - >选择keyvault,证书和版本。
当我保存时,需要几秒钟,然后给我这个错误:
>服务器(叶子)证书不包含私钥或私钥的大小小于最低要求。"
我已经确认证书有一个私钥,公钥是4096位RSA,所以这个错误没有意义。我也不知道这些"最低要求"在哪里。记录在案。我能找到的最近的是https://docs.microsoft.com/en-us/azure/cdn/cdn-troubleshoot-allowed-ca
,它列出了LetsEncrypt的父CA(DST根CA X3),所以这是也不是问题。
我通过直接调用`enableCustomHttps` REST API调用来检查它不仅仅是一个Portal问题,而且我得到了同样的错误那里。
I have a CDN endpoint (Azure CDN Standard from Microsoft) with a custom domain. I have a certificate for the custom domain from LetsEncrypt and have uploaded the cert to a keyvault. Now I'm trying to get the CDN endpoint to use it.
So I go to the custom domain page in the portal -> set "Custom domain HTTPS" to "On" -> set "Certificate management type" to"Use my own certificate" -> select the keyvault, certificate and version.
When I save, it takes a few seconds, then gives me this error:
>The server (leaf) certificate doesn't include a private key or the size of the private key is smaller than the minimum requirement."
I've confirmed the cert has a private key, and the public key is 4096-bit RSA, so this error does not make sense. Also I don't know where these "minimum requirements" are documented. The closest I can find is https://docs.microsoft.com/en-us/azure/cdn/cdn-troubleshoot-allowed-ca
which does list LetsEncrypt's parent CA (DST Root CA X3), so that's not a problem either.
I double-checked that it's not just a Portal issue by making the `enableCustomHttps` REST API call directly, and indeed I get the same error there.
推荐答案
嗨Arnav,
Hi Arnav,
根据您提供的信息,似乎从后端抛出异常并且它不是门户问题。是的,正如您所建议的那样,最低要求应该在某个地方发布,但是当我检查异常时,您的私钥大小似乎是
。无论您发布的是公钥,它都是4096位RSA。
With the information you have provided, it seems like the exception is thrown from the backend and it is not an portal issue. Yes, as you suggested minimum requirement should have been published somewhere, but when I checked the exception, it seems like your Private Key size is smaller. Whatever you have posted is for the Public key which is 4096 bit RSA.
您能查看私钥的大小是多少吗?你的证书?
Can you check what is the size of Private Key for your cert?
问候,
Msrini
这篇关于无法将LetsEncrypt证书与自定义域一起使用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
