“Something bad happened” DevKinsta stuck at Removing SSL Certificate

I’m attempting to remove a site from DevKinsta, but it’s stuck at Removing SSL Certificate.
This is what I found in the log file:

2022-06-10 08:12:02.286] [error] [ipcMainStep] Error in operation DELETE_SITE, step removeCertification: Error: Encountered an error: Error: Command failed: security delete-certificate -c captaincaliente.local -t
security: SecKeychainItemDelete: Write permissions error.

Any help on what to do next would great. Thanks! (Also let me know if more of the log file is needed.)

Hi @emcaleb, welcome to DevKinsta!

So this seems specific to your Mac. Can you try creating a blank site just to see if you run into an error when DevKinsta tries to create the SSL certificate? If not, are you then able to delete the new site without this error?

I believe you can also try manually deleting the ssl certificate by running that command from your terminal: security delete-certificate -c captaincaliente.local -t

I am having the same issue:

[2022-06-23 17:36:08.738] [error] [ipcMainStep] Error in operation DELETE_SITE, step removeCertification: Error: Encountered an error: Error: Command failed: security delete-certificate -c wpcreative.local -t
security: "wpcreative.local" is ambiguous, matches more than one certificate

I haven’t spent the time to figure this one out yet, but I did find this: https://stackoverflow.com/questions/39868578/security-codesign-in-sierra-keychain-ignores-access-control-settings-and-ui-p

I think because I’ve upgraded operating systems since this site was developed locally, there’s a keychain conflict. That’s just my theory so far though.

To add to @emcaleb’s theory, @wpcreative-jw, I think your error is slightly different. It’s saying you have multiple certificates with the same name so DevKinsta can’t delete the certificate it added with that command. This might be helpful: macos - Example for Mac OS X security delete-certificate -c <name>? - Stack Overflow

My only guess is that either DevKinsta created two certificates with the same name or a different app created the other certificate(s).

I’ll also ask our developers for advice here to see if there’s another way around this. I don’t think we’ve seen either error before so we’ll have to see if there’s a better way to handle this step.

Any update on this issue?

@wpcreative-jw, in your case it is an issue you would have to sort in your Mac terminal. Our developers verified that if you manually delete the certificate you shouldn’t run into this issue.

You need to delete the security key with the name “wpcreative.local”. You can try this command again although it will probably fail:
security delete-certificate -c wpcreative.local -t

Once that certificate is deleted, DevKinsta shouldn’t fail with that error.

You should also be able to manually delete that certificate from Keychain Access then searching for the domain Get information about a certificate in Keychain Access on Mac - Apple Support (GU)

Yes it did fail:

security: "wpcreative.local" is ambiguous, matches more than one certificate
Unable to delete certificate matching "wpcreative.local"%      

Can you try doing it with KeyChain Access?

So I removed that and it seemed to work, the site was eventually removed. Now when I try and start devkinsta I get the DK005 error. When looking into docker the devkinsta_nginx container isnt running and has the error below:

2022/07/14 17:03:38 [emerg] 1#1: cannot load certificate "/www/kinsta/ssl/wpcreative.local.crt": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/www/kinsta/ssl/wpcreative.local.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] cannot load certificate "/www/kinsta/ssl/wpcreative.local.crt": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/www/kinsta/ssl/wpcreative.local.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)

So now I can’t use devkinsta at all? Any suggestions?

Huh, so now it want’s the file back? Maybe there is something lingering in the configuration.
Here is how you can manually add a certificate on Mac:

1. cd ~/DevKinsta/ssl
2. openssl genrsa 2048 > wpcreative.local.key
3. openssl req -new -x509 -nodes -sha256 -days 365 -key wpcreative.local.key -out wpcreative.local.crt
4. Answer anything to the prompt questions until you are asked for the “Common Name”. For this you enter wpcreative.local
5. With those files created you should be able to completely close DevKinsta then run it again to get past the error.

Please let me know if that doesn’t work. I also suggest updating to the new release of DevKinsta which might have an effect on this issue.

No luck:

johnwhite@Johns-MacBook-Pro ssl % openssl genrsa 2048 > wpcreative.local.key
Generating RSA private key, 2048 bit long modulus
....+++
...........................+++
e is 65537 (0x10001)
johnwhite@Johns-MacBook-Pro ssl % openssl req -new -x509 -nodes -sha256 -days 365 -key odonna-1.local.key -out wpcreative.local.crt
Error opening Private Key odonna-1.local.key
4515888748:error:02FFF002:system library:func(4095):No such file or directory:/AppleInternal/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-47.140.3/libressl-2.8/crypto/bio/bss_file.c:255:fopen('odonna-1.local.key', 'r')
4515888748:error:20FFF002:BIO routines:CRYPTO_internal:system lib:/AppleInternal/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-47.140.3/libressl-2.8/crypto/bio/bss_file.c:257:
unable to load Private Key

also how can i update devkinsta if i cant open it?

Should I remove devkinsta and download again from website?

Sorry @wpcreative-jw, there was a typo in what I originally gave you. Can you try it again? I edited my original message.

This should work with what you have already done:
openssl req -new -x509 -nodes -sha256 -days 365 -key wpcreative.local.key -out wpcreative.local.crt

And to answer your last question, simply downloading the current version of DevKinsta and installing it will overwrite the application files of the old version (it will leave site data untouched)

It’s working!! Finally! Thank you!