From 5322d4b09688615064b06316c6162f19cf4e7dce Mon Sep 17 00:00:00 2001
From: MrMelon54 <github@mrmelon54.com>
Date: Tue, 11 Jul 2023 13:01:20 +0100
Subject: [PATCH] Decode certificate private key from pem encoding

---
 renewal/service.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/renewal/service.go b/renewal/service.go
index 0e9911d..5193ac0 100644
--- a/renewal/service.go
+++ b/renewal/service.go
@@ -392,11 +392,15 @@ func (s *Service) getDnsProvider(name, token string) (challenge.Provider, error)
 
 // getPrivateKey reads the private key for the specified certificate id
 func (s *Service) getPrivateKey(id uint64) (*rsa.PrivateKey, error) {
-	privKeyBytes, err := os.ReadFile(filepath.Join(s.keyDir, fmt.Sprintf("%d.key.pem", id)))
+	pemBytes, err := os.ReadFile(filepath.Join(s.keyDir, fmt.Sprintf("%d.key.pem", id)))
 	if err != nil {
 		return nil, err
 	}
-	return x509.ParsePKCS1PrivateKey(privKeyBytes)
+	keyBlock, _ := pem.Decode(pemBytes)
+	if keyBlock.Type != "RSA PRIVATE KEY" {
+		return nil, fmt.Errorf("invalid pem block type")
+	}
+	return x509.ParsePKCS1PrivateKey(keyBlock.Bytes)
 }
 
 // renewCert sets the renewing state in the database, calls renewCertInternal,