Can't register a new security cert: The private key you've selected does not appear to be valid.

Google Cloud Serverless Applications
1

Twice a year a buy a security certificate from gandi.net, one for each of my two domains.

Last month I bought one and had no problem registering it with GAE’s SSL Certificates (just as I’ve done for years now).

This month I bought the other one and went through exactly the same procedure (I have it written down) but this time get an error message “The private key you’ve selected does not appear to be valid.” Unsurprisingly, that’s it: no more information, no help, so I have no idea what to do.

Here’s the procedure I use:

  1. Run: openssl req -nodes -newkey rsa:2048 -sha256 -keyout mydomain.key -out mydomain.csr
    This gives me a new private key.

  2. Buy & download the .csr certificate file from gandi.net using the above generated private key.

  3. Generate and upload the x509 PEM key and RSA PEM key that GAE requests. These files are generated like this:
    openssl x509 -in www.mydomain.com.crt -out www.mydomain.com.pem -outform PEM
    openssl rsa -in mydomain.key -out mydomain.pem -outform PEM

This has worked for many years with both my domains so I have no idea why it has stopped working this time.

1 Like
2

Hello @mark4 ,

Your private key might be missing the RSA keyword. Simply add the “RSA” keyword to the “BEGIN PRIVATE KEY” and "“END PRIVATE KEY” tags. this will result to:

-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

Also, take a look at this Stackoverflow Post as you might have the same problem.

If the above options don’t work, you can contact Google Cloud Support to further look into your case. Hope it helps, thanks!

3

Hi @mark4 , I got similar issue when i tried with google load balancer. after doing some digging and trying one too many things it worked for me when i converted cert files to some format which i don’t remember, it was long long back. Try the same and see if it works out for you :slightly_smiling_face:

4

That worked, thank you! (And when I checked the one I’d done for my other site, it already had “RSA” in the begin and end lines; I hadn’t noticed the difference until now.)