#1 2020-05-22 12:29:11

TomTheOne
Member
Registered: 2020-05-22
Posts: 2

Error: "unable to load client certificate private key file"

Hi all


XSIBACKUP-FREE 11.0.1
************************

I used this command line to generate backups:

# ./xsibackup --backup-point=/vmfs/volumes/datastoreNFS --backup-type=running --mail-from=esxi@kalaitzides.ch --mail-to=notify@thuinformatik.ch --smtp-srv=mail.netcult.ch --smtp-port=25 --smtp-usr=notify --smtp
-pwd=xxxxxxxx --smtp-sec=TLS --backup-room=2048 --date-dir=yes --exec=yes

Everything worked fine for many months, but after an update from vmWare ESXi 6.5 Update 2 to Update 3 the command above did not work anymore.

The error message was:

./xsibackup: line 490: syntax error: unexpected "&"

I've updated to the latest version then (11.2.8).


XSIBACKUP-FREE 11.2.8
************************

I use the same command as above, backup is working again, but sending the mailreport does not work. There is an error message, see the log:

2020-05-22T04:20:51|  No errors detected in backup
---------------------------------------------------------------------------------------------------------------------------------
Open firewall: 2020-05-22T04:20:54|  Opening port 25 for SMTPout-25 service...
unable to load client certificate private key file
793603765928:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:697:Expecting: ANY PRIVATE KEY
sh: write error: Broken pipe
sh: write error: Broken pipe
sh: write error: Broken pipe
sh: write error: Broken pipe
sh: write error: Broken pipe
sh: write error: Broken pipe
sh: write error: Broken pipe
sh: write error: Broken pipe
sh: write error: Broken pipe
sh: write error: Broken pipe
sh: write error: Broken pipe
sh: write error: Broken pipe
sh: write error: Broken pipe
sh: write error: Broken pipe
sh: write error: Broken pipe
sh: write error: Broken pipe
sh: write error: Broken pipe
sh: write error: Broken pipe
2020-05-22T04:21:11|  Firewall rule SMTPout-25 closed.
2020-05-22T04:21:11|  Backup finished
2020-05-22T04:21:11|  Tip: no chained backups scheduled, set --on-success and/or --on-error arguments to chain a backup

Any ideas what is wrong here?

Offline

#2 2020-05-22 15:10:58

admin
Administrator
Registered: 2017-04-21
Posts: 1,302

Re: Error: "unable to load client certificate private key file"

The simplest solution is to use a different SMTP server. If you still want to dedicate time to solve that, read this post.

https://33hops.com/forum/viewtopic.php?id=543

Offline

#3 2020-05-26 16:54:49

TomTheOne
Member
Registered: 2020-05-22
Posts: 2

Re: Error: "unable to load client certificate private key file"

Hi all

I had a backup of the previous installation folder of verison 11.0.1. In the root-directory of 11.0.1 i found those files

-rw-r--r--    1 root     root         408 Oct 19  2018 xsibackup_id_rsa.pub
-rw-------    1 root     root        1.6K Oct 19  2018 xsibackup_id_rsa
-rw-r--r--    1 root     root         426 Oct 19  2018 xsibackup_id_rsa.pem

I backed up the same files in the root-directory of 11.2.8 and took over the files from the previous version 11.0.1.

# ls -ltrah *rsa*
-rw-r--r--    1 root     root         408 Oct 19  2018 xsibackup_id_rsa.pub
-rw-------    1 root     root        1.6K Oct 19  2018 xsibackup_id_rsa
-rw-r--r--    1 root     root         408 May 21 15:05 old.xsibackup_id_rsa.pub
-rw-------    1 root     root        1.8K May 21 15:05 old.xsibackup_id_rsa
-rw-r--r--    1 root     root         426 May 25 03:47 old.xsibackup_id_rsa.pem
-rw-r--r--    1 root     root         426 May 26 03:58 xsibackup_id_rsa.pem

I ran a fresh backup job and oh wow, the mail report has been sent again.

Interesting is

- after a freh installation of 11.2.8 the key files where not there, they has been created after the first backup job ran (but did not work either)
- the smtp server is using a generally trusted wildcard certificate of Certum CA.

I don't know why this happend.

In the post referenced above, the "Administrator" wrote:

> For those of you experiencing problems, please do make sure that you are not trying to use some older generated keys. Discard them and let XSIBackup generate new keys.

In our case it was the opposite way around, the freshly generated keys didn't work - we had to use the old/previous ones from version 11.0.1.

Offline

#4 2020-05-27 00:02:59

admin
Administrator
Registered: 2017-04-21
Posts: 1,302

Re: Error: "unable to load client certificate private key file"

There are different formats for the certificates. (c)XSIBackup-Pro uses the latest standards. Each mailmaster configures his server at will, we have no control on that neither can keep different certificates to try to match what is on the other end. The simplest thing to do is to use some GMail account if you don't want to bother working that kind of troubles around.

Offline

Board footer