Hello @LucianoR,

Which kind of file the certificate you have? JKS/PFX/PEM?

LucianoR wrote

I stumbled upon some issues with the key, as certbot does not by default generates a RSA encrypted key as required by the Omada controller.

Do you think the key generated by certbot is incompatible with Controller?

Hi @LucianoR，

LucianoR wrote

I can see the certificate is correctly applied to the controller, I don't get any alerts, and I can see the certificate in the browser is matching what I have uploaded. For those interested on making the same, you need DNS access for editing records: in my case, localmydomain is a A record to a local IP 192.168.0.x. You also need certbot installed, and acme-dns-auth.py (Google it). The --key-type rsa is required by Omada.

Depending on your description, they should be compatible.

LucianoR wrote

However, before I got it to work, I stumbled upon some issues with the key, as certbot does not by default generates a RSA encrypted key as required by the Omada controller. Now I keep getting these errors filling my logs:

 

11-07-2023 10:23:08.061 ERROR [https-jsse-nio-8043-exec-6] [] c.t.s.o.c.u.b.b(): Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
--- stack trace

11-07-2023 10:23:08.061 WARN [https-jsse-nio-8043-exec-6] [] c.t.s.o.i.p.m.t.TenantPO(): decrypt Aes of email error
--- stack trace

It is suggested that you convert the PEM certificates to PFX and JKS, or regenerate the PFX and JKS files, and then re-import them to see if the same problem occurs.
If you don't have the same problem, it may mean that there is wrong in the key during the process of generating PEM.