OpenSSL error: data too large for modulus

[chris0147]

Hi all,

I need some help with setup the DKIM on my server. I have got a problem with the DKIM as it get invalid every time when I tried to generate new DKIM key and sent the email for validation results, but the issue are still the same as I still get the test as fail.

Here is what I get when I sent the test for results:

Message contains this DKIM Signature:
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
   d=mydomain.com; s=default; h=Message-ID:Subject:To:From:Date:
   Content-Transfer-Encoding:Content-Type:MIME-Version:Sender:Reply-To:Cc:
   Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
   Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:
   List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
    bh=eKQde3dilkEJoLbbOiXJ4/w35F2pIwr3fLMV4CdYMhs=; b=uMcgM+aEQXA0Indge5kTia7Sa
   j5oByZNgaB5C85tp+KVUSVXGgOvBWGP3NWmNLuV/HNUdi+oIm+HZnm4s2FR7Pg90urAGqLy8KfqEg
   5vpNKL9B3y2PA7wCRKExrl7S3U71tiGgUENu18H+ETYUbPTIhMk0e/JG+vsc3njPzY5yfWmgBavoL
   9iTgMmQRtT4SOdSylIrPVOkE1XOdnxKI8CDZAkWUN3N0iwwhWMyEbNyfb4ynC1yM6p8rFwSk906YG
   /7SS64o44kLeTp3F/wFWLak53Sja7UHU5qkgLSKcWY6DEXhHBKGM+WYEIOl3JvZnpDAPrED7ldCXD
   N47G7HnnA==;


Signature Information:
v= Version:         1
a= Algorithm:       rsa-sha256
c= Method:          relaxed/relaxed
d= Domain:          mydomain.com
s= Selector:        default
q= Protocol:        dns/txt
bh=                 eKQde3dilkEJoLbbOiXJ4/w35F2pIwr3fLMV4CdYMhs=
h= Signed Headers:  Message-ID:Subject:To:From:Date:
   Content-Transfer-Encoding:Content-Type:MIME-Version:Sender:Reply-To:Cc:
   Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
   Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:
   List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive
b= Data:            uMcgM+aEQXA0Indge5kTia7Sa
   j5oByZNgaB5C85tp+KVUSVXGgOvBWGP3NWmNLuV/HNUdi+oIm+HZnm4s2FR7Pg90urAGqLy8KfqEg
   5vpNKL9B3y2PA7wCRKExrl7S3U71tiGgUENu18H+ETYUbPTIhMk0e/JG+vsc3njPzY5yfWmgBavoL
   9iTgMmQRtT4SOdSylIrPVOkE1XOdnxKI8CDZAkWUN3N0iwwhWMyEbNyfb4ynC1yM6p8rFwSk906YG
   /7SS64o44kLeTp3F/wFWLak53Sja7UHU5qkgLSKcWY6DEXhHBKGM+WYEIOl3JvZnpDAPrED7ldCXD
   N47G7HnnA==
Public Key DNS Lookup
Building DNS Query for default._domainkey.mydomain.com
Retrieved this publickey from DNS: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiOXuexVy0AGduMJzhgkkNP8/dU9B3BgCgwllxwDxkIL0lpfLEXwk6tHX25DmtDqwsDRkaDRiBbOaJlMuKIj8ueCULlJapdHoRwgCn88WeXKUzubUQ8IsevE2hhm2H4NGpn3OntaH1kIfLiBfbp3DTqCLh48RhFa8bsOkYEIzSW0LcvZEn9cwwzl1alkcViJOSumv/AKvklAogWN9mUSob6IgcwaeyZ3ZptTNP8ebXCJ4p61Ce5Knk1q0+XchGo+wMEikIrhA28A6XtZDlg74nC4FBzR6oI+itbm1Vz3rv/RqmA6eohXlTh7keWRE1xUZvy4olL6tWUyrrblpvetI5wIDAQAB;
Validating Signature
result = fail
Details: OpenSSL error: data too large for modulus

I dont really understand why I am getting "OpenSSL error: data too large for modulus".

Do you know why and do you know how I can fix it?

Thanks in advance

Does anyone know??

 

[cPanelLauren]

Hi @chris0147


Where are you sending it for validation and how are you generating the key? Usually that error is only seen when you're sending the standard 2048bit key somewhere that's expecting a 1024bit key.

 

[chris0147]

@cPanelLauren

I am sending it for validation on the site called: dkimvalidator.com.

It will tell me that if my site have pass the test or not.

The DKIM key that I have generated from port25.com. I have changed from 2048bit key to 1024bit key and I am getting this:

Validating Signature

result = fail
Details: OpenSSL error: data too large for key size

Do you know why I am getting the error?

I have checked on my other domain and it works fine so this domain I am using have a bit of problem so I need to get something to be looking at.

 

[cPanelLauren]

Hello,


I don't know why you're receiving the error but it's not something specific to cPanel. You're generating the key using a separate site and checking it using a separate site. You can generate a DKIM key in cPanel by going to cPanel>>Email>>Authentication

 

[chris0147]

@cPanelLauren: Thank you for your advice. When I generated the DKIM key in cPanel, I can see the warnings I am getting:

In order to ensure that SPF or DKIM takes effect, you must confirm that this server is an authoritative nameserver for “mydomain.com”. If you need help, contact your hosting provider.

Warning: cPanel is unable to verify that this server is an authoritative nameserver for “mydomain.com”.


Do you know why I am getting the warnings and how I can fix it??

 

[cPanelLauren]

Hi @chris0147

If the DNS for the domain isn't managed by your server (meaning the nameservers aren't pointed to the server) then you can generate the DKIM through cPanel but you'll need to add the record where DNS for the domain is hosted.

 

[chris0147]

@cPanelLauren: Thank you for your reply.

Do you mean GoDaddy where I got my domain from or where I got my VPS from?

Thank you.

 

[cPanelLauren]

Hi @chris0147

I mean essentially wherever the nameservers are pointed to. If you're using GoDaddy's DNS for the nameservers then you'd need to go there to add the record generated for you. Ultimately it sounds like the VPS isn't authoritative for the domain so chances are it's something that's going to need to be added at the registrar.