ateAuthority faileddownload all the federated certificatesGenerating intermediate certificate... certificate not rekeyed: expires in %s
certificate not renewed: expires in %s
Your certificate has been saved in %s.
Your private key has been saved in %s.
Your .p12 bundle has been saved as %s.
certificate marked as revoked in CRL %sPlease enter the password to encrypt %sprint the configured step path and exitsign a SSH certificate using the SSH CAlist public keys known to the ssh agenttags don't match (%d vs %+v) %+v %s @%dasn1: Unmarshal recipient value is nil cipher: incorrect tag size given to GCMcrypto/cipher: incorrect GCM nonce sizeIPv4 field must have at least one digitmultipart: can't write to finished partinvalid indexed representation index %dgo-jose/go-jose: invalid EC private keyfailed to unmarshal x5c header: %v: %#vgo-jose/go-jose: failed to compute hmacssh: unsupported signature algorithm %sssh: invalid openssh private key formatpointer to unknown type in field %d: %Toidc: invalid userinfo jwt signature %vcbor: invalid UnrecognizedTagToAnyMode cbor: invalid ByteStringExpectedFormat  is too large, causing integer overflowhandle for parent is not a valid parentencoding KeyBits, Exponent, Modulus: %vdecoding KeyBits, Exponent, Modulus: %vincompatible public key types: %T != %Tcertification refers to a different keyquote digest didn't match pcrs providedsql: RawBytes isn't allowed on Row.Scanbad signature on embedded certificate: invalid character %q at start of stringgoogle.golang.org/genproto/protobuf/apigoogle.golang.org/protobuf/types/known/Creating new client transport to %q: %vresolver returned an empty address listgrpc: failed to set send compressor: %verror determining key type and size: %wtemplate: pattern matches no files: %#qmlkem: invalid encapsulation key lengthdnsmessage.AAAAResource{AAAA: [16]byte{error connecting to PostgreSQL databasefailed to commit PostgreSQL transactionerror matching %s name %q to constraintwildcard constraint %q is not supportedcannot parse email domain constraint %qxid: cannot generate random number: %v;pkcs7: attribute type not in attributesed25519: bad Ed25519ph context length: rsa: internal error: e*d != 1 mod λ(N)negative minwidth, tabwidth, or paddingmissing argument to repetition operatortrailing backslash at end of expressionhtml: void element <%s> has child nodesprovisioner-password-file,password-fileexec: environment variable contains NULerror generating ACME key authorizationerror writing key authorization file %serror parsing admin certificate requesterror signing admin certificate requesterror parsing %s: no provisioners foundfailed storing AK certificate chain: %wlist all admins in the CA configurationdisable-trust-on-first-use,disable-tofucreateKeyRequest 'name' cannot be emptyinvalid EC key: crv %q is not supported%12sX509v3 Step Registration Authority:%12sX509v3 Key Usage: failed to decode
x509: trailing data after DSA signaturemalformed SCT extension: incomplete SCTinstall is not supported on this system/etc/pki/ca-trust/source/anchors/%s.pem/usr/local/share/ca-certificates/%s.crtfailed to execute "certutil -A": %s

%sgenerate a 32-byte digest for a messagewCertificateType of %d is not supportedcrypto/blake2b: invalid hash state sizepkbdf2: keyLength must be larger than 0%v: MessageSet with no extensions fieldinvalid value: merging into nil messageAddress %q not found address list in %vUnrecognized streamID %d in loopyWritermissing port after port-separator colondecryptionKey is not a crypto.Decrypterfips140: no verification checksum foundKey is using a reserved !badger! prefixWhile forcing compaction on level 0: %vERROR while syncing level directory: %vLOG Compact FAILED with error: %+v: %+vGot error while iterating move keys: %vCannot find MaxFid: %d in filesMap: %+vGRPC_EXPERIMENTAL_XDS_SYSTEM_ROOT_CERTS<span aria-label='Return'>↩︎</span>bytes,1053,rep,name=resource_definitionerror fallback to %s: %v; S2A error: %wimpersonate: unable to parse expiry: %verror getting algorithms capability: %wfailed preparing EK certificate URL: %wfailed persisting key %q to storage: %wfailed deleting key %q from storage: %wfailed initializing command channel: %wcertData contains multiple private keysfailed to create IMDS probe request: %sUsernamePasswordCredential.AuthenticateClient.NewListDeletedKeyPropertiesPagerfailed to unmarshal DigitallySigned: %vtbsCertList.crlExtensions.*.FreshestCRLid-GostR3410-94-CryptoPro-XchA-ParamSetid-GostR3410-94-CryptoPro-XchB-ParamSetid-GostR3410-94-CryptoPro-XchC-ParamSets3.dualstack.ca-central-1.amazonaws.coms3.dualstack.eu-central-1.amazonaws.coms3-website-ap-northeast-1.amazonaws.coms3-website-ap-southeast-1.amazonaws.coms3-website-ap-southeast-2.amazonaws.coms3-website.ap-northeast-2.amazonaws.come_ext_authority_key_identifier_criticalw_ext_cert_policy_explicit_text_not_nfce_ext_subject_key_identifier_missing_cae_sub_cert_certificate_policies_missingdns: TXT record %v missing %v attributeproto: wrong wireType = %d for field Kvproto: wrong wireType = %d for field Idproto: wrong wireType = %d for field Opproto: wrong wireType = %d for field Ivfailed to verify checksum for table: %serror parsing port (%s) from lookup: %w%d is less than minimum value for int16%d is less than minimum value for int32%d is less than minimum value for uint8composite text format must end with ')'invalid multirange, expected '{' got %vinstance/service-accounts/default/tokenhttps://opentelemetry.io/schemas/1.30.0traffic-director-c2p.xds.googleapis.comgrpclb: failed to send init request: %vinvalid map of additional claims %v: %woauth2: response doesn't have JWT tokenOtherName: asn1.UnmarshalWithParams: %vSSH host policy does not support emailsresponse has no www-authenticate headercorruption detected (remaining %d != 1)credentials: unable to parse expiry: %wLoading MTLS MDS credentials failed: %vretry conditions not met, exit the loopIDToken returned from server is invalidaccess token does not have CachedAt setcorrupt input: %d bits remain on streamcorruption detected: short output block/grpc.gcp.HandshakerService/DoHandshakeGobDecoder: length too large for buffergob: cannot encode nil pointer of type can't represent recursive pointer type NewS2aAuthInfo given nil session resultrecord was smaller than the header sizereceived an unrecognized alert type: %vhttp://www.w3.org/2003/05/soap-envelopefound unknown port type in MEX documentoutput size (%d) > DecompressLimit (%d)time: Stop called on uninitialized TimerFailed to marshal the check-host requestfailed loading context configuration: %wx509: malformed extension critical fieldx509: cannot parse IP address of length %s %q is not permitted by any constraintx509: template contains nil Number fieldhttp2: timeout awaiting response headersFrame accessor called on non-owned Frameinternal error: expecting non-nil streamrequest header %q is not valid in HTTP/2http2: Transport encoding header %q = %qprotocol error: headers after END_STREAMwriteData(stream=%d, p=%d, endStream=%v)host contains '{' (missing initial '/'?)bad wildcard segment (must end with '}')alg '%s' is not compatible with kty '%s'The server experienced an internal errorAttestation statement cannot be verifiedA contact URL for an account was invalidunsupported attestation object format %qinvalid pubArea in attestation statementunsupported identifier type in order: %s13877787807814456755295395851135253906256938893903907228377647697925567626953125ryuFtoaFixed32 called with negative prec/linkedca.Majordomo/RevokeSSHCertificate/linkedca.Majordomo/GetCertificateStatuserror reading azure environment responsefailed executing webhook request: %w: %wfailed parsing decrypter certificate: %wssh certificate has an unknown type '%s'ssh certificate certType cannot be emptyssh certificate has an unknown type '%d'Failed to close body of response from %sclient doesn't support certificate curveoversized record received with length %dtls: received empty certificates messagetls: client didn't provide a certificateerrors: target must be a non-nil pointerMapIter.Key called on exhausted iteratorreflect: FieldByName of non-struct type reflect.Value.Call: call of nil functionreflect.Value.Call: wrong argument countattempted to copy pointer to FP registerreflect.Value.SetBytes of non-byte slicereflect.Value.setRunes of non-rune sliceerror marshaling PermanentIdentifier SANerror validating ssh certificate optionscertificate does not have any principalsDatabase does not support CRL generationthe server experienced an internal errorauthority.backdate cannot be less than 0invalid type %s, it must be user or hosterror parsing key: unsupported cipher %saddress family not supported by protocolcrypto/rsa: input must be hashed messageinvalid span in heapArena for user arenabulkBarrierPreWrite: unaligned argumentsruntime: typeBitsBulkBarrier with type  refill of span with free space remaining/cpu/classes/scavenge/assist:cpu-secondsruntime.SetFinalizer: first argument is failed to acquire lock to reset capacitymarkWorkerStop: unknown mark worker modecannot free workbufs when work.full != 0runtime: out of memory: cannot allocate runtime: netpollBreak write failed with stopTheWorld: broken CPU time accountingglobal runq empty with non-zero runqsizemust be able to track idle limiter eventgoroutine stack size is not a power of 2missing positional argument <%s> in '%s'%s is not a valid DNS name or IP addresssoftCAS 'CertificateChain' cannot be nilunrecognized revocation reason code '%s'Verify the certificate against it's CRL.sign a certificate signing request (CSR)unknown profile %s: this is not expectedhttps://github.com/login/oauth/authorizefailed parsing certificate request byteserror parsing x5c key from identity fileprint the contents of an ssh certificateremoves a private key from the ssh-agentrekey a SSH certificate using the SSH CArenew a SSH certificate using the SSH CANumericString contains invalid charactercannot represent time as GeneralizedTimecrypto/cipher: output smaller than inputcipher: the nonce can't have zero lengthcrypto/cipher: message too large for GCMIPv6 zones cannot be present in a prefixmultipart: unexpected line in Next(): %qmalformed MIME header: missing colon: %qevictOldest(%v) on table with %v entriesgo-jose/go-jose: unsupported crit headergo-jose/go-jose: payload is not detachedecdsa-sha2-nistp256-cert-v01@openssh.comecdsa-sha2-nistp384-cert-v01@openssh.comecdsa-sha2-nistp521-cert-v01@openssh.comonly RSA verification keys are supportedrsa public key provided for ec signaturefailed executing OIDC transformation: %wfound wrong type: got %v, want extensiongrpc: server failed to encode response: error unmarshaling admin %s into dbAdminchacha20poly1305: invalid buffer overlapURI domain constraint %q cannot be an IPcalled Uint64 on non-uint64 metric valueMaximum number of open file descriptors.collected metric %s %s should be a Gaugecollected metric %s %s should be Untypedber2der: offset is after end of ber databer2der: BER tag length has leading zeropkcs7: payload is not signedData contented25519: bad Ed25519ctx context length: rsa: prime size must be at least 16 bitsrsa: internal error: inconsistent length-//metrius//dtd metrius presentational//-//w3c//dtd html experimental 19960712//URL where the Smallstep API can be founderror creating admin certificate requestWhat provisioner key do you want to use?failed parsing %q: no certificates foundfailed decoding attestation response: %winvalid jwk: private-key is a public keyfailed reading decrypter key from %q: %wcontains more than one PEM encoded blockhttps://login.partner.microsoftonline.cnkey uri %q is not valid: name is missing%12sX509v3 Subject Directory Attributes:x509: trailing data after RSA public keyx509: trailing data after DSA public keyx509: trailing data after DSA parametersPlease enter the password to decrypt JWKerror authenticating or decrypting inputverify a signed message produced by signhttptest: failed to listen on a port: %vquotedprintable: invalid hex byte 0x%02xedwards25519: use of uninitialized Pointcannot unpack unaddressable leaf type %qnon-pointer value %q passed to UnpackBufunable to write all contents of U16Bytesunable to write all contents of U32Bytesmessage %T is neither a v1 or v2 Messageinvalid type: no encoder for %v %v %v/%vUnexpected error from context packet: %vno error details for status with code OKinvalid method name: should start with /malformed duration %q: too many decimalsnet/trace: Failed executing template: %vnet/trace: couldn't execute template: %vfailed to encrypt string with bcrypt: %smismatched scale ratios, got %d, want %dheap profile: %d: %d [%d: %d] @ heap/%d
Duplicate file found. Please delete one.Cannot have 1 compactor. Need at least 2Error while reading IV for key registry.page %d: multiple references (stack: %v)commit unexpectedly resulted in rollbackselect typelem from pg_type where oid=$1Stmt.Exec deprecated and not implementedtime.Time year outside of range [0,9999]https://oauth2.mtls.googleapis.com/tokenfailed parsing EK certificate URL %q: %whttp request to %q failed with status %dAuthenticationRecord must have a versionfailed to read certificate file "%s": %v%s.GetToken() requires exactly one scopeClient.NewListKeyPropertiesVersionsPager/keys/{key-name}/{key-version}/unwrapkeyid-Gost28147-89-CryptoPro-RIC-1-ParamSetGOST R 3410-2001 Parameter Set Cryptocomw_distribution_point_missing_ldap_or_uriDNSNames should not have an empty label.w_dnsname_wildcard_left_of_public_suffixw_ext_cert_policy_explicit_text_not_utf8e_ext_cert_policy_explicit_text_too_longe_issuer_dn_country_not_printable_stringe_old_sub_ca_rsa_mod_less_than_1024_bitsRSA public key exponent MUST be positivee_sub_ca_crl_distribution_points_missingn_sub_ca_eku_not_technically_constrainede_sub_cert_aia_does_not_contain_ocsp_urle_sub_cert_locality_name_must_not_appearfailure to read PE32 optional header: %vinvalid Unicode escape code %q in stringmismatched message type: got %q, want %qbcrypt: password length exceeds 72 bytescan't convert %s to decimal: too many .sunable to cast %#v of type %T to float64proto: KV: illegal tag %d (wire type %d)proto: wrong wireType = %d for field KeyTable size does not match the read bytesproto: wrong wireType = %d for field Lenproto: wrong wireType = %d for field Sumboth "sslcert" and "sslkey" are requiredwrite to connection for cancellation: %w'2006-01-02 15:04:05.999999999Z07:00:00'unknown boolean string representation %q%d is less than minimum value for uint16%d is less than minimum value for uint32%d is less than minimum value for uint64Received an invalid size for an inet: %dfailed to scan multirange element %d: %wgrpclb: failed to recv init response: %vAccess token manager not initialized: %vview current certificate issuance policymanage SSH certificate issuance policieshttps://login.microsoftonline.com/commonhttps://management.core.chinacloudapi.cninvalid input: window size was too smallframe size does not match size on streamxml: trailing '>' in field %s of type %sfailed to read leaf certificate file: %wfailed to load MTLS MDS root certificatefailed to retrieve certificate chain: %wexit retry loop due to context error: %vexit the for loop after too many retriesnopClosingBytesReader: negative positioncannot unmarshal ID from string '%s': %wwrong type (%s) for received field %s.%sS2Av2 provided invalid MinTlsVersion: %vS2Av2 provided invalid MaxTlsVersion: %vWS Trust 2005 support is not implementedEd25519 verify expects ed25519.PublicKey; check your $STEPPATH/contexts.json fileand send the output to info@smallstep.comx509: cannot parse URI %q: invalid domainwriteEndsStream called on nil writeFramerinvariant; can't close stream in state %vhttp2: server ignoring unknown setting %vCloseNotify called after Handler finishedWriteHeader called after Handler finishedhttp2: no cached connection was availablehttp2: Transport health check failure: %vtransport got GOAWAY with error code = %vkey Ed25519 cannot be used for encryptionThe client lacks sufficient authorizationDPoP token has wrong number of headers %dDPoP contains invalid challenge 'chal' %qinvalid display 'name' in Wire DPoP tokeninvalid certInfo in attestation statementunsupported identifier value in order: %sbytes.Buffer.WriteTo: invalid Write countbytes.Reader.WriteTo: invalid Write countnet/url: invalid control character in URL34694469519536141888238489627838134765625strconv: illegal AppendInt/FormatInt basetime: Reset called on uninitialized Timertime: missing Location in call to Time.InTime.UnmarshalBinary: unsupported versionerror parsing %s, oneof %v is already setprovisioner.AuthorizeSign not implementedtls: internal error: unsupported key (%T)tls: handshake has not yet been performedinvalid value length: expected %d, got %dtls: unsupported decryption key type (%T)tls: failed to parse client certificate: tls: internal error: failed to clone hashtls: internal error: unknown cipher suitetls: no supported elliptic curves offeredtls: internal error: empty verified chaincan't call pointer on a non-pointer ValueMapIter.Next called on exhausted iteratorreflect: FieldByIndex of non-struct type reflect: OverflowFloat of non-float type reflect.Value.Addr of unaddressable valueerror unmarshaling HardwareModuleName SANx509: trailing data after X.509 extensionrenewSSH: error storing certificate in dbrekeySSH; error storing certificate in dbinvalid key type, it must be a public keyerror marshaling certificate id extensionerror marshaling revoked certificate infounexpected call to os.Exit(0) during testclone(CLONE_PIDFD) failed to return pidfd closed, unable to open /dev/null, errno=runtime: typeBitsBulkBarrier without typeWARNING: LIKELY CLEANUP/FINALIZER ISSUES
/memory/classes/metadata/mspan/free:bytesruntime.SetFinalizer: second argument is gcSweep being done but phase is not GCoffobjects added out of order or overlappingmheap.freeSpanLocked - invalid stack freemheap.freeSpanLocked - invalid span stateattempted to add zero-sized address rangeruntime: blocked read on closing polldescstopTheWorld: not stopped (stopwait != 0) received on thread with no signal stack
invalid timer: fake time but no syncgroupone of flag %s is required with flag --%sThe export <directory> for Markdown docs.cloudCAS 'caPoolTier' is not a valid tierstepCAS 'certificateIssuer' cannot be nilThe base url of the Attestation CA to useunknown flow type: this should not happenWhat would you like to name your new PKI?error converting %s to integer process idgenerate an OTT granting access to the CAVerify the certificate against it's OCSP.The destination <file> of the public key.certificate request has invalid signaturehttps://oauth2.googleapis.com/device/codeoauth command timed out, please try againReturn "true" or "false" in the terminal.List public keys instead of fingerprints.**step ssh list** [<subject>] [**--raw**]revoke a SSH certificate using the SSH CAasn1: internal error in parseTagAndLength%s slice too big: %d elements of %d bytescrypto/md5: invalid hash state identifiercolon must be followed by more characterssync/atomic: swap of nil value into Valuebinary: varint overflows a 64-bit integeridna: internal error in punycode encoding{"crv":"%s","kty":"EC","x":"%s","y":"%s"}oidc: token is expired (Token Expiry: %v)cbor: error calling MarshalCBOR for type cbor.RawTag: UnmarshalCBOR on nil pointerreserved bits not set to zero as requiredthe TPM was not able to start the commandprovided PCR %d was not included in quotefailed creationg OIDC provider config: %wgoogle.golang.org/genproto/protobuf/ptypegrpc: unmarshalling service config %s: %vwrong type for value; expected %s; got %sA sampling of all past memory allocationsseconds and debug params are incompatibleUnclosed iterator at time of Txn.Discard.fips140: unknown GODEBUG setting fips140=RSASSA-PKCS-v1.5 2048-bit sign and verifyfailed creating attestation statement: %wfailed marshaling attestation request: %wGive administrator SuperAdmin privileges.remove an admin from the CA configurationkey uri %q is not valid: vault is missingX.509v3 %s Certificate (%s) [Serial: %s]
X.509v3 Certificate Signing Request (%s)
%12sRFC6962 Certificate Transparency SCT:valid && !wasValid should not be possiblex509: trailing data after ECDSA signaturefailed to execute "keytool -list": %s

%salg %s does not match the alg on JWS (%s)alg %s does not match the alg on JWT (%s)authenticate a message using a secret keygenerate a key for use with seal and open**step crypto nacl sign open** <pub-file>error parsing TOTP Key URI in secret filehash/crc32: invalid hash state identifierjson: error calling MarshalJSON for type cannot call TPMUnmarshal on a nil pointermismatching message name: got %v, want %vinvalid Message.WhichOneof descriptor on no supported policies found in config: %vReceived error from the name resolver: %vReceived new config %s, resolver state %stransport: timeout string is too long: %qagent: unsupported RSA key with %d primescloudresourcemanager.folders.getOrgPolicycloudresourcemanager.folders.setOrgPolicycloudresourcemanager.organizations.searchcloudresourcemanager.projects.getAncestryv1/projects/{resource}:testIamPermissionsdecryptorKeyPEM is not a crypto.DecrypterGODEBUG sys/cpu: no value specified for "Read-only mode is not supported on Plan 9Looking for: [%q, %q, %v] in this level.
Looking for: [%q, %q, %v] in next level.
Table file %d not referenced in MANIFEST
While running compact def: %+v. Error: %vfailure while running merge operation: %s%s with size %d exceeded %d limit. %s:
%sNum total move keys: %d. Num pointers: %dfailed to delete empty value log file: %qstarting readwrite transaction failed: %vStarting a new transaction [writable: %t]spilling data onto dirty pages failed: %vinvalid max_allowed_packet value (%q): %winvalid timeTruncate value: %v, error: %winvalid value for server pub key name: %vprotocol error, illegal decimals value %dcannot parse statement_cache_capacity: %wselect typrelid from pg_type where oid=$1Stmt.Query deprecated and not implementedGRPC_EXPERIMENTAL_XDS_DUALSTACK_ENDPOINTS%w: couldn't parse %q (procs_running): %w%w: couldn't parse %q (procs_blocked): %werror details: name = Unknown  desc = %s
auth: cannot fetch token: %v
Response: %shttps://accounts.google.com/o/oauth2/authimpersonate: unable to create request: %vimpersonate: unable to parse response: %vfailed getting keys attested by AK %q: %wfailed transforming public blob bytes: %wfailed encoding EK certificate to PEM: %w%s.GetToken() requires at least one scopex509: failed to parse CertificateList: %vx509: trailing data after CertificateListtbsCertList.crlExtensions.*.IssuerAltNametbsCertList.crlExtensions.*.BaseCRLNumberid-GostR3410-2001-CryptoPro-XchA-ParamSetid-GostR3410-2001-CryptoPro-XchB-ParamSets3.dualstack.ap-northeast-1.amazonaws.coms3.dualstack.ap-northeast-2.amazonaws.coms3.dualstack.ap-southeast-1.amazonaws.coms3.dualstack.ap-southeast-2.amazonaws.comDNSName should not have underscore in SLDThe keyUsage extension SHOULD be criticalDNSName MUST NOT include a null charactere_old_root_ca_rsa_mod_less_than_2048_bitse_path_len_constraint_improperly_includede_subject_contains_noninformational_valuee_subject_dn_country_not_printable_stringfailure to read optional header magic: %vfailure to read PE32+ optional header: %vinvalid target address %v, error info: %vhtml/template: cannot Parse after Execute%s does not have same major version as %s%s does not have same minor version as %sproto: wrong wireType = %d for field Metaproto: wrong wireType = %d for field Algoproto: wrong wireType = %d for field DataError while encrypting in Builder.encryptfailed to initialize biggest for table %sthe source and target are the same bucketID: %d, Type: %s, count: %d, overflow: %dfailed to parse certificate from server: invalid array, expected '[' or '=' got %v%d is greater than maximum value for int8composite text format must start with '('expected '%c' ('%#v'); found '%c' ('%#v')%d is greater than maximum value for Int2%d is greater than maximum value for int2%d is greater than maximum value for Int4%d is greater than maximum value for int4urn:ietf:params:oauth:token-type:id_tokenGOOGLE_EXTERNAL_ACCOUNT_ALLOW_EXECUTABLESoauth2/google: unable to parse expiry: %v**step ca policy <scope> x509 wildcards**Authority(%s) did not start with https://https://management.core.usgovcloudapi.netcorrupted input (position=%d, expected 0)invalid length for ReadyForQuery.TxStatusserviceAccounts/(.+?):generateAccessTokencredentials: unable to parse response: %wmismatched OAuth state, req(%s), resp(%s)gob: attempt to decode into a non-pointerjson decode error: %w
raw message was: %sbug: resp argument must a *struct, was %TUnmarshal expected opening {, received %vUnmarshal expected opening [, received %vnonce size must be %d bytes. received: %dcannot set '%s' attribute in config files
x509: %q cannot be encoded as an IA5Stringx509: RSA modulus is not a positive numberx509: invalid policy constraints extensionx509: invalid inhibit any policy extensionall candidate chains have invalid policieslooking for beginning of object key stringmix of request and response pseudo headersPRIORITY frame payload size was %d; want 5Failed to parse goroutine ID out of %q: %vhttp2: server connection error from %v: %vpromised request headers cannot include %qbad wildcard segment (must start with '{')http: multipart handled by MultipartReaderhttp: ContentLength=%d with Body length %dThe requested operation is not implementederror looking up TXT records for domain %sfailed extracting OIDC ID token claims: %wcould not find current order by account id173472347597680709441192448139190673828125867361737988403547205962240695953369140625time: Reset called on uninitialized TickerTime.MarshalBinary: unexpected zone offsetinvalid ACME identifier type '%s' providederror decoding identity document signatureprovisioner instanceAge cannot be negativeaws.authorizeToken; error verifying claimserror unmarshaling identity token responsehttps://www.googleapis.com/oauth2/v3/certsnebula provisioner does not support revokeprovisioner.AuthorizeRenew not implementedssh certificate principals cannot be emptytls: malformed ECHConfig, invalid %s fieldtls: private key does not match public keyruntime.AddCleanup: ptr is arena-allocatedMapIter.Value called on exhausted iteratorreflect: negative length passed to ArrayOfreflect: Call with too few input argumentsmismatch between ABI description and typesreflect: cannot convert slice with length error unmarshaling PermanentIdentifier SANcheckSSHHost: isSSHHost is not implementedauthority.Sign; error creating certificateinvalid value for argument crv (crv: '%s')error unmarshaling key: exponent too largeerror unmarshaling key: incorrect exponentinternal error: call to runtimeSource.Seedcrypto/rsa: salt length cannot be negative bytes; incompatible with mutex flag mask persistentalloc: align is not a power of 2/cpu/classes/gc/mark/dedicated:cpu-seconds/memory/classes/metadata/mcache/free:bytes/memory/classes/metadata/mspan/inuse:bytesnon-empty mark queue after concurrent marksweep: tried to preserve a user arena spanruntime: blocked write on closing polldescunexpected state passed to panicrangestateacquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo call
on a locked thread with no template threadunexpected signal during runtime execution received but handler not on signal stack
stop of synctest timer from outside bubbletraceInitReadCPU called with trace enabledtraceStopReadCPU called with trace enabledattempted to trace a bad status for a procout of memory allocating checkmarks bitmapflag '--%s' requires the '--insecure' flag(?m:^[\t ]+\*\*[^\*]+\*\*[^\n]*\s+:[^\n]+)cloudCAS CreateCertificateAuthority failedcloudCAS EnableCertificateAuthority faileddownload and validate the root certificateCheck if a certificate needs to be renewedprint public key embedded in a certificatefailed to parse the issuing CA certificatehttps://www.googleapis.com/oauth2/v4/tokeninvalid value '%s' for flag '--listen-url'error reading %s: unsupported account type**step path** [**--base**] [**--profile**]PrintableString contains invalid charactercrypto/sha1: invalid hash state identifiersync/atomic: store of nil value into Valuessh: public key does not match private keyunknown SSH policy engine type %s providedid token did not have an access token hashcbor: wrong tag number for time.Time, got -18446744073709551616 overflows Go's int64context in TPM2_ContextLoad() is not validinvalid nonce size or nonce value mismatchcould not unpack algorithm description: %vasn1.Unmarshal() failed: %v, wasWrapped=%vsql: unknown driver %q (forgotten import?)addrConn: updateAddrs addrs (%d of %d): %vgrpc: failed to decompress the message: %vgrpc: failed to read decompressed data: %vno codec registered for content-subtype %sgrpc: server failed to compress response: error marshaling admin type: %s, value: %verror generating random id for provisionerinternal error: no fields in evalChainNodefunction name %q is not a valid identifierpoly1305: write to MAC after Sum or Verifyinsufficient data for resource body lengtherror accessing value returned by databaseerror creating database %s (if not exists)internal error: cannot parse constraint %q%q is not a valid label name for metric %qNumber of goroutines that currently exist.called Float64 on non-float64 metric valueencountered MetricFamily with invalid typecollected metric %s %s should be a Countercollected metric %s %s should be a Summaryexemplar label value %q is not valid UTF-8+//silmaril//dtd html pro v0r11 19970101//-//as//dtd html 3.0 aswedit + extensions//-//netscape comm. corp.//dtd strict html//-//o'reilly and associates//dtd html 2.0//The CSR <file> to restrict this token for.%q claim is %T, not map[string]interface{}failed validating ACME Challenge at %q: %wAK certificate (chain) not valid for EK %qsubject: %s, provisioner: %s(%s), type: %sThe <file> containing the JWK private key.error reading %s: no CA certificates foundgetPublicKeyRequest 'name' cannot be emptyinvalid EC key: x or y length is not validx509: trailing data after ECDSA parameters/etc/ca-certificates/trust-source/anchors/only password-protected PFX is implementedpkcs12: error parsing PKCS#8 private key: **step crypto jwk keyset add** <jwks-file>**step crypto jwt inspect**
**--insecure****step crypto key fingerprint** <key-file>print key details in human readable formatVerify using the RSA-PSS signature scheme.invalid key file: key size is not %d bytesIndicates that input is not base64 encodedinvalid key file: key size is not 32 bytesgenerate a pair for use with sign and open**step crypto nacl sign sign** <priv-file>quotedprintable: invalid bytes after =: %qgo-jose/go-jose: missing json web key typeunable to read all contents in to U32BytesNo support for lazy fns for ExtensionFieldcould not switch to new child balancer: %wchannel %d references invalid parent ID %dtransport: unknown control message type %TDraining transport: t.nextID > MaxStreamIDkeepalive ping not acked within timeout %stransport: timeout string is too short: %qAddresses received from proxy resolver: %smalformed duration %q: contains no numberscloudresourcemanager.projects.getIamPolicycloudresourcemanager.projects.getOrgPolicycloudresourcemanager.projects.setIamPolicycloudresourcemanager.projects.setOrgPolicyRead-only mode is not supported on WindowswriteRequests called. Writing to value logAttempting to drop data in read-only mode.Deleted %d value log files. DropAll done.
cannot get absolute path for pid lock fileSkip first %5.2f MB of file of size: %d MBCreating bucket if not exist %q failed: %vargument count mismatch (got: %d; has: %d)not a string and cannot be encoded as textGRPC_XDS_ENDPOINT_HASH_KEY_BACKWARD_COMPATGRPC_EXPERIMENTAL_XDS_BOOTSTRAP_CALL_CREDS(\d+) blocks .*\[(\d+)/(\d+)\] \[([U_]+)\]auth: server response missing access_tokenimpersonate: unable to marshal request: %vfailed transforming private blob bytes: %wThe kind of webhook. Default is ENRICHING.update a webhook attached to a provisionercannot use an authority host without httpserror parsing token expiration time %q: %v/keys/{key-name}/{key-version}/attestationspecified selector value but not field in x509: failed to parse revocation issuer %vextra data (%d bytes) after serialized SCTMS_CTL_for_Software_Publishers_Trusted_CAse_ext_cert_policy_explicit_text_ia5_stringe_old_sub_cert_rsa_mod_less_than_1024_bitse_sub_cert_street_address_should_not_existe_sub_cert_valid_time_longer_than_825_daysfail to seek to %q section relocations: %vdns: error parsing service config json: %vfield %q in NullFields has non-empty valueproto: wrong wireType = %d for field Valueproto: wrong wireType = %d for field LevelEquality can happen only on base level: %dproto: wrong wireType = %d for field KeyIddetected duplicated free ID: %d in ids: %vinvalid freelist page: %d, page type is %sfailed to split host:port in '%s', err: %wunable to load system certificate pool: %wextended protocol limited to %v parameters%d is greater than maximum value for int16%d is greater than maximum value for int32%d is greater than maximum value for uint8%d is greater than maximum value for int64%f is greater than maximum value for int64invalid digitsRead: %d (this can't happen)invalid length for Path with %d points: %vcannot scan into %v from range element: %wgrpctransport: opts required to be non-nilhttptransport: opts required to be non-nilSSH user policy does not support DNS namescertificate issuance policy does not existmanage X.509 certificate issuance policiesAuthority options cannot be URL parsed: %w Rectangle has huge or negative dimensionsSeverity %d out of range (min %d, max %d).decompressed size exceeds configured limitcorrupt stream, did not find end of streamnewState (%d) == oldState (%d) and no bits{deltabits: %08x, findstate:%d outbits:%d}log2 of non-positive number does not existtrustboundary: unknown audience format: %qcredentials: executable command failed: %wcredentials: unable to marshal request: %wREQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFYauthorization code missing in query stringcorrupt input: last value not power of twofailed to send ALTS handshaker request: %wgob: encoded unsigned integer out of rangegob: bad data: field numbers out of boundsfound unknown spec version in mex documentMexDocument cannot have blank URL endpointthe requested hash function is unavailableroot certificate fingerprint does not matchclient.SSHBastion; error marshaling requestx509: failed to parse dnsName constraint %qx509: invalid X25519 private key parameters looking for beginning of object key stringmultiple Read calls return no data or errorhttp2: client conn could not be establishedno multipart boundary param in Content-Typenet/http: timeout awaiting response headerstimeout waiting for SETTINGS frames from %vhttp2: server closing client connection: %vhttp2: unexpected ALPN protocol %q; want %qTransport: unhandled response frame type %TError enabling Transport HTTP/2 support: %verror parsing %s: unsupported key type '%T'flag '--alg' is required with the given keyinvalid Go template registered for 'target'invalid challenge 'chal' in Wire DPoP tokenOnly DNS names and IP addresses are allowedmult64bitPow10: power of 10 is out of range%s: signs of seconds and nanos do not matchTLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256/linkedca.Majordomo/GetSSHCertificateStatusacme attestation format %q is not supportedaws.authorizeToken; error parsing aws tokenprovisioner with Token ID %s already existsgcp.authorizeToken; error parsing gcp tokenjwk.authorizeToken; error parsing jwk tokenssh is disabled for nebula provisioner '%s'token is not valid: subject cannot be emptyprovisioner.AuthorizeRevoke not implementedfailed parsing decrypter key: trailing datassh certificate signature key cannot be nilsshpop.authorizeToken; invalid sshpop tokenx5c.authorizeToken; error parsing x5c tokentls: received unexpected key update messagetls: no supported elliptic curves for ECDHEtls: server did not select an ALPN protocoltls: server sent unrequested session tickettls: received malformed key_share extensiontls: invalid early data for QUIC connectiontls: client's Finished message is incorrectreflect: nil type passed to Type.ImplementsGcSlice can't handle on-demand gcdata typesreflect: CallSlice of non-variadic functionreflect: Call with too many input argumentsfailed parsing SubjectAltName extension: %werror unmarshaling json: ip %s is not validfailed to initialize %s provisioner %q: %v
unable to load provisioner from certificateprovisioner with token ID %s already existssignSSHAddUser: error reading random numbertls minVersion cannot exceed tls maxVersionSCEP provisioner %q does not have decrypterparse challenge password in pkiEnvelope: %werror parsing certificate as DER format: %vfailed to encrypt PEM: unknown algorithm %verror serializing key: unsupported curve %sinterrupted system call should be restartedruntime: opened unexpected file descriptor /memory/classes/metadata/mcache/inuse:bytesruntime.SetFinalizer: first argument is nilruntime.SetFinalizer: finalizer already setgcBgMarkWorker: unexpected gcMarkWorkerModenon in-use span found with specials bit setgrew heap, but no adequate free space foundroot level max pages doesn't fit in summarymeasures of the retained heap are not equalruntime.Pinner: argument is not a pointer: runtime: releaseSudog with non-nil gp.paramunknown runnable goroutine during bootstrapruntime: casfrom_Gscanstatus bad oldval gp=runtime:stoplockedm: lockedg (atomicstatus=methodValueCallFrameObjs is not in a modulereset of synctest timer from outside bubblesynctest timer accessed from outside bubbletraceSnapshotMemory: tracing is not enabledcould not parse %s as value for flag %s: %s%s does not match the regular expression %sstepCAS `certificateAuthority` is not validWhat region or location do you want to use?The root certificate has been saved in %s.
leaf, intermediate-ca, root-ca, self-signedthe given key cannot sign X509 certificateserror reading encrypting password from filefailed to decode the issuing CA certificateerror reading response from OCSP server: %serror parsing response from OCSP server: %sThe following directories will be removed:
https://github.com/login/oauth/access_tokenCallback listener <address> (e.g. ":10000")Cannot open a web browser on your platform.Error exchanging authorization code: %s. %surn:ietf:params:oauth:grant-type:jwt-bearerincompatible certificate: missing host uuidconfigures ssh to be used with certificatesexplicit time type given to non-time memberbufio: tried to rewind past start of bufferchunked encoding contains too much non-datago-jose/go-jose: unsupported enc value '%s'go-jose/go-jose: Error generating nonce: %vsk-ecdsa-sha2-nistp256-cert-v01@openssh.comssh: invalid size %d for Ed25519 public keygo hash algorithm #%d has no TPM2 algorithmdecodeOneTPMLPCRSelection returned error %vcould not unpack fixed properties count: %vattestation isn't a quote, tag of type 0x%xquote was over PCR %d which wasn't providedsql: connection returned that was never outfile %q has a package name conflict over %vgrpc: received unexpected payload format %dconfig selector returned illegal status: %vprovisioner %s is not owned by authority %s%s is an unexported field of struct type %swrong number of args for %s: want %d got %dwrong number of args for %s: got %d want %dSSHAgentKMS doesn't support generating keyscannot add multiple admins with the same idbcrypt_pbkdf: number of rounds is too smallrsa: internal error: modulus size incorrect-//sq//dtd html 2.0 hotmetal + extensions//exec: WaitDelay expired before I/O completeerror setting 'standalone' value in cli ctxfailed storing certificate with TPM key: %whttps://smallstep.com/app/teams/sso/successerror serializing from step-ca API responsecould not load x5c chain certificate %s: %werror loading X5C Root certificates from %sfile %s does not contain a valid public keyx509: unhandled critical extension: %s | %sx509: trailing data after X25519 public keypkcs12: decryption error, incorrect paddingpkcs12: error encoding PKCS#8 private key: **step crypto jwk keyset list** <jwks-file>return the decoded JWS without verificationreturn the decoded JWT without verificationUses OpenSSH as the result encoding format.**step crypto nacl auth digest** <key-file>Error reading certificate table first entryimpl: package name must not contain slashesedwards25519: invalid point encoding lengthpublic key not on same curve as private keyoauth2: cannot fetch token: %v
Response: %sTPMMarhsal on []Handle is not supported yettransport: SendHeader called multiple timesmalformed header: missing HTTP content-typeFailed to marshal rpc status: %s, error: %vAddresses received from target resolver: %vmalformed duration %q: missing seconds unitcloudresourcemanager.folders.clearOrgPolicynon executable command in pipeline stage %dno private key data in PEM block of type %sThis API can not be called in managed mode.WatchBatch.Cancel error while finishing: %vCannot find directory %q for read-only openCannot use GetSequence with managedDB=true.Writes flushed. Stopping compactions now...MANIFEST file has invalid manifestChange opfailed to get datakey in db.handleFlushTaskcannot create stream writer in out DB at %sError while checking checksum for data key.Error while writing buf in WriteKeyRegistry[GOOS: %s, GOARCH: %s] fdatasync failed: %wthis authentication plugin is not supportedcannot parse description_cache_capacity: %w%w: mismatch field count mismatch in %s: %s/google.longrunning.Operations/GetOperation/google.iam.v1.IAMPolicy/TestIamPermissionsauth: state mismatch in 3-legged-OAuth flowfailed decoding EK certificate response: %wlist all ACME External Account Binding KeysNo ACME EAB keys stored for provisioner %s
%s.GetToken() acquired a token for scope %qSignature: HashAlgo=%v SignAlgo=%v Value=%xx509: failed to parse revocation reason: %vxn--correios-e-telecomunicaes-ghc29a.museume_cert_unique_identifier_version_not_2_or_3DSA modulus size must be at least 2048 bitse_generalized_time_does_not_include_secondsDomain SHOULD NOT have a bare public suffixe_sub_cert_valid_time_longer_than_39_monthsoffset %d is beyond the end of string tablehtml/template: %q is an incomplete template'/' could start a division or regexp: %.32qunfinished escape sequence in JS string: %qhash/adler32: invalid hash state identifierproto: KV: wiretype end group for non-groupproto: wrong wireType = %d for field Offsetinvalid SCRAM salt received from server: %wfailed to connect to `user=%s database=%s`:BUG: signalMessage when already in progressfound end before closing double-quote ('"')%d is greater than maximum value for uint16%d is greater than maximum value for uint32unexpected trailing bytes parsing range: %vfailed to encode %v as element of range: %w%d is greater than maximum value for Uint32^([A-Za-z0-9_\.]|%[0-9A-Fa-f][0-9A-Fa-f])+$oauth2/google: unable to parse response: %vinvalid file extension, expected %s, got %srequested skippable frame (%d) > max uint32xml: invalid tag in field %s of type %s: %qcredentials: unable to determine AWS regioncredentials: missing AccessKeyId credentialcredentials: failed to read certificate: %wMeasures the size of HTTP request messages.RSA modulus size is less than 2048 bits: %vCreated client S2Av2 transport credentials.could not retrieve token from auth code: %w{"access_token":{"xms_cc":{"values":[%s]}}}invalid handshake key update message lengthhttp://schemas.xmlsoap.org/ws/2005/02/trustunmarshalSlice called on non-*[]slice valuemust set either name or id in method optionscontext cannot have an empty profile value%spath to the config file to use for CLI flagshttps://github.com/smallstep/step-kms-pluginx509: invalid RDNSequence: invalid attributex509: invalid Ed25519 private key parametersx509: invalid Ed25519 private key length: %dx509: internal error: cannot parse domain %qcrypto/x509: error fetching intermediate: %wx509: failed to unmarshal raw CSR Attributesencoding alphabet contains newline characterencoding alphabet includes duplicate symbolshttp: putIdleConn: too many idle connectionshttp: attempting to traverse a non-directoryconnection exceeded flow control window sizehttp2: could not negotiate protocol mutuallyhttp2: 1xx informational responses too largehttp: Request.ContentLength=%d with nil Bodyfailed to encrypt the data: missing passwordPlease enter the password to decrypt the JWEfailed validating Wire DPoP token claims: %wAK certificate subject must be empty; got %qorder %s csr does not match the attested keymult128bitPow10: power of 10 is out of rangeerror validating identity document signaturejwk.authorizeToken; error parsing jwk claimserror parsing public key in provisioner '%s'token is not valid: signature does not matchprovisioner.AuthorizeSSHSign not implementedcannot force common name, DNS names is emptyx5c.authorizeToken; error parsing x5c claimstls: server's Finished message was incorrecttls: server sent an incorrect legacy versiontls: invalid server X25519MLKEM768 key sharetls: invalid X25519MLKEM768 server key sharetls: invalid X25519MLKEM768 client key shareuse of WriteTo with pre-connected connectionreflect: call of MakeFunc with non-Func typereflect: Value.SetIterKey called before Nextreflect: FieldByNameFunc of non-struct type reflect: funcLayout with interface receiver  using value obtained using unexported fieldreflect: function created by MakeFunc using reflect: slice length out of range in SetLenunsupported subject alternative name type %serror removing admin %s from authority cacheerror getting admins to initialize authorityerror storing provisioner in authority cacheauthority.SignSSH: error signing certificatecertificate does not have only one principalcheckSSHHost: error checking if hosts existsauthority.Sign; invalid extra option type %Tauthority.Revoke; could not get ID for tokenCertificate Revocation Lists are not enablederror marshaling authority.Error for loggingSCEP provisioner expected in request contexterror decrypting encrypted pkcs7 content: %wfailed generating degenerate certificate: %wfailed encrypting degenerate certificate: %werror decoding %s: key is password protectedspan on userArena.faultList has invalid sizesend on synctest channel from outside bubbleout of memory allocating heap arena metadataruntime: cannot remap pages in address space/cpu/classes/scavenge/background:cpu-secondsruntime: unexpected metric registration for gcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbiddenheapInUse and consistent stats are not equaltotalFree and consistent stats are not equalmappedReady and other memstats are not equalcannot trace user goroutine on its own stacktraceStartReadCPU called with trace disabledunsafe.Slice: ptr is nil and len is not zerocloudCAS FetchCertificateAuthorityCsr failedcloudCAS ActivateCertificateAuthority failedcreateCertificateRequest `csr` cannot be nilEnable Remote Management. Defaults to false.What is the JWK provisioner you want to use?install on the Firefox NSS security databaseprivate key does not match issuer public key**step context remove** <name> [**--force**]step crypto kdf compare <phc-hash> [<input>]https://accounts.google.com/o/oauth2/v2/authPath to browser for OAuth flow (macOS only).urn:ietf:params:oauth:grant-type:device_codeFailed exchanging authorization code: %s. %sFailed to authenticate: missing access tokenConfigures a SSH server instead of a client.Include SSH certificate bytes in fingerprintcipher: NewGCM requires 128-bit block ciphermultipart: expecting a new Part; got line %qmime: unexpected content after media subtypeinvalid Transfer-Encoding request header: %qgo-jose/go-jose: unsupported key type/formatgo-jose/go-jose: no recipients to encrypt tossh: hash algorithm for format %q not mappedssh: failed to parse embedded public key: %vunrecognized expected later encoding tag: %d bytes of extraneous data starting at index %s
	previously from: %q
	currently from:  %qSubchannel picks a new address %q to connectccResolverWrapper: reporting error to cc: %vpassword required in non-interactive contextincompatible types for comparison: %v and %vtemplate template must be empty with contentinsufficient data for calculated length typeStack traces of holders of contended mutexeslength of input cannot be greater than 65535requires SecurityLevel %v; connection has %vemail constraint %q cannot start with periodURI domain constraint %q cannot contain port%q is not allowed as label name in summariescollected metric %s %s should be a Histogramcrypto/sha256: invalid hash state identifiered25519: bad Ed25519ph message hash length: <html xmlns="http://www.w3.org/1999/xhtml">
html: bad parser state: unexpected namespaceForce the overwrite of files without asking.Disables usage of $PAGER for paging purposesoffline mode and ACME are mutually exclusivefailed getting AK attestation parameters: %wfailed creating POST http request for %q: %wCreate the JWK key pair for the provisioner.file %s does not contain a valid private keyonly version 0 of EncryptedData is supportederror formatting key: it should not get herePlease enter the password to decrypt the keyinvalid public key: key size is not 32 bytesLength of one-time passwords. Defaults to 6.crypto/sha512: invalid hash state identifiergo-jose/go-jose: unsupported critical headercannot call Close when no connection is openLastInsertId is not supported by this driverEncountered error while encoding headers: %vtransport: failed to write window update: %vfailed to do connect handshake, response: %qconflicting method rules for method %v foundinvalid header/message length config: %q, %vhttps://cloudresourcemanager.googleapis.com/cloudresourcemanager.folders.listOrgPoliciescloudresourcemanager.projects.clearOrgPolicytemplate: multiple definition of template %qlist should be type of slice or array but %smismatch: sample has: %d values vs. %d typesInvalid ValueThreshold, must be less than %dWhile running doCompact with %+v. Error: %v
opt.Prefix should be nil for NewKeyIterator.Dropping prefix at level %d (%d tableGroups)no manifest found, required for read-only dbThis API can only be called in managed mode.Creating bucket if not exist %q successfullynode cannot be written into a not empty pageunexpected page type (flags: %x) for pgId:%dfailed to deallocate cached statement(s): %wInvalid name validation scheme requested: %s/google.longrunning.Operations/WaitOperation/google.cloud.location.Locations/GetLocationerror creating S2A client config factory: %vWithScopes is incompatible with WithAudiencefailed retrieving EK certificate from %q: %wcreate and manage webhooks for a provisionermissing environment variable AZURE_TENANT_IDmissing environment variable AZURE_CLIENT_IDid-Gost28147-89-CryptoPro-Oscar-1-1-ParamSetid-Gost28147-89-CryptoPro-Oscar-1-0-ParamSetGeneral name fields must not be empty in IANPolicy mappings should be marked as criticalGeneralized time values MUST include secondse_generalized_time_includes_fraction_secondsw_sub_ca_aia_does_not_contain_issuing_ca_urloptional header has unexpected Magic of 0x%xoauth2: server response missing access_tokenpredefined escaper %q disallowed in templateunfinished escape sequence in CSS string: %qonly structs, maps, and slices are supportedproto: wrong wireType = %d for field Versionproto: KVList: illegal tag %d (wire type %d)proto: wrong wireType = %d for field ChangesValue exceeded size of block: %d %d %d %d %vproto: wrong wireType = %d for field OffsetsError while generating IV in Builder.encryptfailed to unmarshal bloomfilter for table:%dSyncConn: Ping failed while syncing conn: %warray header too short for %d dimensions: %dunable to scan OID %d in text format into %vReceived an invalid size for an interval: %dcannot scan %s (OID %d) in %v format into %T%d is less than the minimum value for Uint32/envoy.config.cluster.v3.Cluster/google_cfe_oauth2/google: unable to marshal request: %vthe X.509 policy does not support principals%s.%s.%s.log.%s.%04d%02d%02d-%02d%02d%02d.%dlogs at or above this threshold go to stderrliteral output size mismatch want %d, got %dinvalid decoding table, base overflows int32%s body must have length of %d, but it is %dMeasures the size of HTTP response messages.cloud instance name of user realm is missingfederation protocol of user realm is missingfailed to create inbound half connection: %vhttp://schemas.xmlsoap.org/ws/2004/09/policybug: resp argument must be a *struct, was %Terror parsing endpoint: url '%s' is not validx509: IP constraint contained invalid mask %xx509: certificate signed by unknown authorityx509: trailing data after ASN.1 of public-keyjson.RawMessage: UnmarshalJSON on nil pointerhttp: putIdleConn: connection is in bad statehttp: no Client.Transport or DefaultTransportunbuffered done channel passed in for type %Thttp: multipart handled by ParseMultipartFormHTTP/1.1 %d %s%sUnsupported transfer encodingnet/http: internal error: connCount underflowPlease enter the password to encrypt the dataerror verifying x5cInsecure certificate chainerror unmarshaling instance identity documentTLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256reference length %d exceeds the maximum (256)aws.authorizeToken; error unmarshaling claimsgcp.authorizeToken; invalid gcp token payloadnebula provisioner does not support SSH renewnebula provisioner does not support SSH rekeyoidc.AuthorizeToken; error parsing oidc tokenprovisioner.AuthorizeSSHRenew not implementedprovisioner.AuthorizeSSHRekey not implementederror parsing x509 certificate from PEM blockcontext: internal error: missing cancel errortls: internal error: unexpected renegotiationtls: invalid reconstructed inner client hellotls: no server certificates in client sessiontls: failed to find any PEM data in key inputreflect: OverflowComplex of non-complex type reflect: nil type passed to Type.AssignableToreflect: internal error: invalid method indexfailed to initialize the system cert pool: %werror creating provisioner %q while migratingCreated super admin %q for JWK provisioner %qcertificate with fingerprint %s was not foundrenewSSH: unexpected ssh certificate type: %decdsa: curve not supported by PublicKey.ByteshandleTransientAcquire called in invalid modehandleTransientRelease called in invalid modeprivate key type does implement crypto.Signercannot send after transport endpoint shutdowncrypto/rsa: message too long for RSA key sizeclose of synctest channel from outside bubble  may be in the same tiny block as finalizer
transitioning GC to the same state as before?produced a trigger greater than the heap goaltried to run scavenger from another goroutineruntime: failed mSpanList.remove span.npages=totalAlloc and consistent stats are not equalexitsyscall: syscall frame is no longer validunsafe.String: ptr is nil and len is not zeroflag '--%s %s' requires the '--insecure' flagcloudCAS ActivateCertificateAuthority1 failedinitialize and manage a certificate authorityThe <address> that the new CA will listen at.Choose a password for your first provisioner.private key of type %T is not a crypto.Signererror decoding certificate: invalid PEM blockcertificate status is good according OCSP %s
list available certificate authority contextsfailed to get CRL distribution points from %sgenerate a hash digest of a file or directorypositional argument <dir> must be a directoryhttps://www.googleapis.com/oauth2/v3/userinfoflag '--client-id' required with '--provider'Removes all the keys stored in the SSH agent.zero length explicit tag was not an asn1.Flagmath/big: cannot unmarshal %q into a *big.Intbufio.Scanner: Read returned impossible countinvalid request :path %q from URL.Opaque = %qgo-jose/go-jose: Invalid b64 header parametergo-jose/go-jose: invalid P2S: must be presentgo-jose/go-jose: Cannot get unverified claimsssh: this private key is passphrase protectedssh: cannot decode encrypted private keys: %vcannot parse excluded email constraint %q: %woidc: failed to obtain source from claim namecbor.ByteString: UnmarshalCBOR on nil pointercbor: encoding buffer provided by user is nilcbor.RawMessage: UnmarshalCBOR on nil pointercbor: exceeded max number of key-value pairs NV Index or persistent object already definedauthorization failure without DA implicationscannot specify multiple paths to tpm2.OpenTPMno response matching the supplied certificatedetected mutation on the default bytes for %verror from balancer.UpdateClientConnState: %vccb RemoveSubConn(%v) called unexpectedly, sccould not get resolver for default scheme: %qreceived picker error with illegal status: %vauthority policy is not owned by authority %scannot fingerprint SSH key as SSH certificateerror unmarshaling '%s' as a certificate typecertificate expires after signing certificateparsing/packing of this section has completederror retrieving contents from database valueUPDATE failed, unable to rollback transactiontried to hijack resource that is not acquireddomain constraint %q cannot have empty labels%q is not allowed as label name in histogramspkcs7: unsupported hash function for RSA OAEPpkcs7: failed to verify certificate chain: %vWARNING: go-md2man does not handle node type   <link rel="icon" type="image/x-icon" href="-//sun microsystems corp.//dtd hotjava html//html: RemoveChild called for a non-child NodeThe <uri> to configure a Cloud KMS or an HSM.error initializing ACME client with server %sfailed creating new key attested by AK %q: %wUpdate the admin with super-admin privileges.Disable ability to sign SSH user certificatesDisable ability to sign SSH host certificatesinvalid private key: key size is not 32 bytesinvalid private key: key size is not 64 bytes**step crypto otp verify** does TOTP and HTOPcrypto/blake2b: invalid hash state identifierw must be at least 2 by the definition of NAFdecode failure in lazy extension decoding: %vsubchannel %d references invalid parent ID %dgrpc.lb.pick_first.connection_attempts_failedFailed to create a subConn for address %v: %vmalformed binary metadata %q in header %q: %vgrpc.resolver.delegatingresolver.proxyOptionstransport: failed to set TCP_USER_TIMEOUT: %vtransport: failed to write client preface: %vAborting due to connect deadline expiring: %vFailed to decode metadata header (%q, %q): %vtransport: timeout unit is not recognized: %qpassthrough: received empty target in Build()cannot use component logger as grpclog loggerhttps://cloudresourcemanager.UNIVERSE_DOMAIN/cloudresourcemanager.projects.listOrgPoliciesexpected at least %d bytes in the first writeCannot use SetDiscardTs with managedDB=false.ReadTs should not be retrieved for managed DBUpdate can only be used with managedDB=false.Stopping sampling after reaching window size.failed to push discard stats to write channelunable to process discardstats with error: %sWhile reading crc in keyRegistryIterator.nextError while renaming file in WriteKeyRegistry[Compactor: %d] Compaction for level: %d DONEThe page ID (%d) isn't 0 for an inline bucketfailed to get page size from db file (%s): %vTLS requested but server does not support TLSinvalid value / unknown server pub key name: [warn] unexpected seq nr: expected %v, got %vHeap size target for the end of the GC cycle./google.longrunning.Operations/ListOperationsthe admin API must be enabled to use webhooksAuthenticate expected a URL issuer but got %qinvalid SHA256 length, expected 32 but got %dx509: failed to parse CRL issuer alt name: %vPSL version 4f1786 (Sun Jul  3 15:53:00 2022)CA Certificates common name MUST be included.e_ext_san_uniform_resource_identifier_presentw_ext_subject_key_identifier_missing_sub_certw_sub_ca_certificate_policies_marked_criticale_subject_organizational_unit_name_max_lengthoffset %d is before the start of string tabletransform: input and output are not identicaldns: error parsing A record IP address %v: %vcannot compute output context for template %sproto: wrong wireType = %d for field UserMetaproto: wrong wireType = %d for field StreamIdproto: wrong wireType = %d for field Checksumproto: invalid compressed file descriptor: %vUnable to load file in memory. Table file: %sproto: DataKey: illegal tag %d (wire type %d)freelist pgid (%d) above high water mark (%d)invalid length for Polygon with %d points: %vMeasures the number of messages sent per RPC.urn:ietf:params:oauth:token-type:access_tokenGOOGLE_EXTERNAL_ACCOUNT_IMPERSONATED_EMAIL=%vNewTLSClientConfigFactory only supports S2Av2SSH host policy does not support Common NamesSSH user policy does not support Common Namesdon't know how to convert a safe bag of type 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ $%*+-./:match len (%d) bigger than max allowed lengthinvalid sequence "--" not allowed in commentsunable to get token for local identity %v: %vFailed to do client handshake using S2Av2: %vFailed to do server handshake using S2Av2: %vmanage SSH host certificate issuance policiesmanage denied SSH user certificate principalsmanage SSH user certificate issuance policiesproblem getting user realm from authority: %wurn:ietf:params:oauth:grant-type:saml2-bearertenant ID must be a specific tenant, not "%s"ignore decode: corrupted data: negative deltafailed to create outbound half connection: %vincorrect legacy record version in the headerUnable to get token for local identity %v: %vetUnknownetUsernamePasswordetWindowsTransportfailed to parse any certificates from responseerror parsing ca bundle: no certificates foundcontext cannot have an empty authority value%sx509: failed to unmarshal elliptic curve pointx509: failed to parse rfc822Name constraint %qx509: malformed signature algorithm identifierx509: unknown curve while marshaling to PKCS#8x509: invalid elliptic curve private key valuerequest Content-Type isn't multipart/form-dataGOAWAY close timer fired; closing conn from %vinternal error: cannot create stream with id 0http2: Transport creating client conn %p to %vprotocol error: received DATA after END_STREAMclient sent an HTTP request to an HTTPS servernet/http: internal error: misuse of tryDelivercould not retrieve current order by account idUserID name %q does not match DeviceID name %qbytes.Reader.UnreadByte: at beginning of slicebytes.Reader.UnreadRune: at beginning of slicefirst path segment in URL cannot contain colonTime.UnmarshalJSON: input is not a JSON stringnebula provisioner does not support SSH revokeprovisioner.AuthorizeSSHRevoke not implementedextractSSHPOPCert; token missing sshpop headerPSSWithSHA256PSSWithSHA384PSSWithSHA512Ed25519tls: server chose an unconfigured cipher suitetls: failed to parse certificate from server: tls: server did not echo the legacy session IDtls: server accepted 0-RTT with the wrong ALPNtls: received new session ticket from a clientruntime.AddCleanup: ptr not in allocated blockreflect: Value.SetIterValue called before Nextreflect: nil type passed to Type.ConvertibleToreflect.Struct: fields with different PkgPath reflect.StructOf: illegal embedded field type  returned value obtained from unexported fieldreflect: slice capacity out of range in SetCapreflect.Value.Slice: slice index out of boundsprovisioner %s not found when loading admin %sprovisioner not found or invalid audience (%s)getSSHConfig: ssh templates are not configuredauthority.GetSSHBastion; ssh is not configuredecdsa: curve not supported by PrivateKey.Bytescrypto/rand: prime size must be at least 2-biterror parsing key: nonce must be 24 bytes longboth Setctty and Foreground set in SysProcAttrslice bounds out of range [:%x] with length %ypanicwrap: unexpected string after type name: memory reservation exceeds address space limittried to park scavenger from another goroutinereleased less than one physical page of memorysysGrow bounds not aligned to pallocChunkBytesruntime: failed to create new OS thread (have runtime: panic before malloc heap initialized
stopTheWorld: not stopped (status != _Pgcstop)select on synctest channel from outside bubbleruntime: name offset base pointer out of rangeruntime: type offset base pointer out of rangeruntime: text offset base pointer out of rangecould not parse %s as duration for flag %s: %sprovisioner type '%s' requires the '--%s' flagrenewCertificateRequest `lifetime` cannot be 0stepCAS 'certificateAuthority' cannot be emptyerror validating x5c certificate chain and keyWhat is the fingerprint of the CA's root file?unable to load the issuing CA certificate fileerror validating the CRL against the CA issuerThe TCP <address> to listen on (e.g. ":8443").failure decoding device authz response to JSON{{ "%s" | red }} {{ "SSH Agent:" | bold }} %v
math/big: mismatched montgomery number lengthscipher.newCFB: IV length must equal block sizecipher.NewCTR: IV length must equal block sizego-jose/go-jose: unknown/unsupported algorithmgo-jose/go-jose: failed to sanitize header: %vssh: unknown cipher %q, only supports %q or %qssh: unmarshal error for field %s of type %s%scannot parse excluded domain constraint %q: %wcannot parse permitted email constraint %q: %w and cannot be used to match struct field namecbor.SimpleValue: UnmarshalCBOR on nil pointer is too large, it would cause integer overflowcreation attestation was not produced by a TPMtpm2.GetCapability(PT_MANUFACTURER) failed: %vfailed unmarshaling transformed OIDC token: %wx509: cannot sign with hash function requestedOCSP response contains bad number of responsesgoogle.golang.org/genproto/protobuf/field_maskconnect called on shutdown addrConn; ignoring.Server retry pushback specified to abort (%q).error marshaling authority type: %s, value: %vtemplate: no files named in call to ParseFilesinvariant failed: growthLeft is unexpectedly 0bucket names do not match; want %v, but got %vtried to destroy resource that is not acquiredtried to release resource that is not acquiredadmin %s not found in adminsByProvisioner listcredentials: rawConn is dispatched out of gRPC%w: expected %d label values but got %d in %#vprocess metrics not supported on this platformpkcs7: content data is a decryptable data typepkcs7: trailing data after RSA OAEP parametersed25519: internal error: setting scalar failedrsa: generated p == q, random source is broken-//microsoft//dtd internet explorer 2.0 html//-//microsoft//dtd internet explorer 3.0 html//html: open stack of elements exceeds 512 nodeshttps://www.googleapis.com/auth/cloud-platformerror reading kubernetes service account tokenremove a provisioner from the CA configuration%12sX509v3 Name Constraints: failed to decode
certificate installed properly in linux trustsSize of generated TOTP secret. Defaults to 20.Error parsing Certificate Table entry to PKCS7edwards25519: invalid field element input sizeunexpected signature algorithm %q; expected %qsql/driver: couldn't convert %q into type boolsql/driver: couldn't convert %d into type boolinvalid field: %v: unsupported message type %vlazyUnmarshal: can't find field data for %v.%vtransport: authentication handshake failed: %vtransport: received unexpected content-type %qconflicting service rules for service %v foundinvalid method name: suffix /method is missingcrypto/hmac: hash does not support hash.ClonerKey [%x, %d]. Error while fetching value [%v]
Value logs deleted. Creating value log file: 0Error while encrypting datakey in storeDataKeyError while marshaling datakey in storeDataKeyError while decrypting datakey in storeDataKeyError while creating log file in valueLog.openinline bucket non-zero page access(2): %d != 0%w: couldn't parse %q (cpu): 0 elements parsed/google.longrunning.Operations/DeleteOperation/google.longrunning.Operations/CancelOperation/google.cloud.location.Locations/ListLocationserror details: name = Help desc = %s url = %s
GOOGLE_API_GO_EXPERIMENTAL_ENABLE_NEW_AUTH_LIBWithGRPCConn is incompatible with WithConnPoolunexpected type for certificate public key: %T%s: error parsing token expiration time %q: %vtrailing data (%d bytes) after DigitallySignedx509: negative certificate list crl-number: %dGOST R 34.11-94 with GOST R 34.10-94 Cryptocommismatched length (got %d, field specified %d)e_cert_policy_iv_requires_province_or_localitye_cert_policy_ov_requires_province_or_localityw_sub_cert_aia_does_not_contain_issuing_ca_urle_sub_cert_eku_server_auth_client_auth_missingproto: wrong wireType = %d for field ExpiresAtproto: Checksum: illegal tag %d (wire type %d)proto: wrong wireType = %d for field CreatedAtError while encrypting block in table builder.anyArrayArrayReflect: cannot scan NULL into %vunable to encode %v into OID %d in text formatunable to scan OID %d in binary format into %vboth explode and prefix modifiers on same termerror indenting policy JSON representation: %werror deleting certificate issuance policy: %wfailed to get metadata for %s due to error: %sunexpected internal network value provided: %spolicyMap: Could not unmarshal outer sequence.policyMap: Could not unmarshal inner sequence.invalid input: reserved block type encounteredsequenceDecs_decode returned erroneous code %dunquoted or missing attribute value in elementcredentials: unable to parse credential sourceurn:k8s:params:oauth:token-type:serviceaccountFailed to read manufacturer, vmOnGCE=false: %vstarting enterprise cert signer subprocess: %wFailed to get client TLS config from S2Av2: %vFailed to get server TLS config from S2Av2: %vmanage allowed SSH host certificate principalsmanage denied dSSH host certificate principalsmanage allowed SSH user certificate principalsdSTS authority only accepts a single tenant %qfailed to receive ALTS handshaker response: %wlength of string exceeds input size (%d bytes)invalid slice length %d: exceeds input size %dhttp://www.w3.org/2005/08/addressing/anonymous'none' signing method with non-empty signaturelanguage: subtag %q is well-formed but unknownmultiple transport methods have been configuredx509: malformed public key algorithm identifierx509: public key contains large public exponentx509: internal error: IP SAN %x failed to parsehttp: server gave HTTP response to HTTPS clientflow control update exceeds maximum window sizewr.done != nil for write100ContinueHeadersFrame1xx informational response with END_STREAM flagprotocol error: received DATA on a HEAD request[FrameWriteRequest stream=%d, ch=%v, writer=%v]multiple keys with kid %s have been found on %sssh check-host token missing x5cInsecure headererror casting ssh public key to ssh certificate%s challenge for %s resulted in no certificateserror unmarshalling Wire OIDC challenge payloaderror unmarshalling Wire DPoP challenge payloadaccess token challenge 'chal' must not be emptyaws.authorizeToken; invalid aws token signatureazure.authorizeToken; error parsing azure tokenk8ssa.authorizeToken; error parsing k8sSA tokenfailed to parse token: nebula header is missingoidc.AuthorizeToken; cannot validate oidc tokenextractSSHPOPCert; error parsing ssh public keytls: malformed encrypted_client_hello extensionfirst record does not look like a TLS handshaketls: handshake did not verify certificate chaintls: incorrect renegotiation extension contentstls: server selected unadvertised ALPN protocoltls: internal error: pskBinders length mismatchtls: server selected TLS 1.3 in a renegotiationtls: malformed encrypted client hello extensiontls: server sent two HelloRetryRequest messagesreflect.Value.Bytes of unaddressable byte arrayreflect: CallSlice with too few input argumentsregister-based return value has stack componentreflect.Value.Slice3: slice index out of boundsreflect.Value.UnsafeAddr of unaddressable valueerror reading cert pool: not certificates founderror marshaling keyUsage extension to ASN1: %wauthority.Authorize; method %d is not supportedauthority.authorizeRenew: provisioner not founderror removing provisioner from authority cacheauthority.SignSSH: invalid extra option type %TsignSSHAddUser: error storing certificate in dbauthority.Sign; error storing certificate in dberror parsing certificate with serial number %sprovisioner %q does not have a signer availableecdsa: hash length does not match hash functionunexpected error wrapping poll.ErrFileClosing: error parsing certificate: no certificate foundunsupported encrypted PEM: unknown algorithm %vattempting to link in too many shared librariesslice bounds out of range [::%x] with length %yreceive on synctest channel from outside bubbleruntime·lock: sleeping while lock is availableP has cached GC work at end of mark terminationfailed to acquire lock to start a GC transitionfinishGCTransition called without starting one?tried to sleep scavenger from another goroutineheapReleased and consistent stats are not equalracy sudog adjustment due to parking on channelfunction symbol table not sorted by PC offset: attempted to trace a bad status for a goroutinecould not parse %s as int value for flag %s: %sflag '--%s' is incompatible with flag '--%s %s'flag '--%s' must be greater than or equal to %s{{ %q | green }} {{ "%s:" | bold }} {{ .Name }}**step version** prints the version of the cli.unknown or unsupported signature algorithm '%s'cloudCAS 'certificateAuthority' cannot be emptycreateCertificateRequest `lifetime` cannot be 0stepCAS `certificateIssuer.crt` cannot be emptystepCAS `certificateIssuer.key` cannot be emptyrenewCertificateRequest `token` cannot be emptyencodes and decodes using base64 representation(e.g. azurekms:name=my-root-key;vault=my-vault)(e.g. azurekms:name=my-host-key;vault=my-vault)(e.g. azurekms:name=my-user-key;vault=my-vault)package a certificate and keys into a .p12 filecurrent returns the name of the current contextThe path to the <file> to write the process ID.Output OIDC Token instead of OAuth Access TokenCheck if an SSH certificate needs to be renewedasn1: Unmarshal recipient value is non-pointer explicit string type given to non-string membercrypto/ecdh: public key is the identity elementbufio: reader returned negative count from Readinvalid :protocol header in non-CONNECT requestgo-jose/go-jose: invalid key size for algorithmgo-jose/go-jose: unknown json web key type '%s'go-jose/go-jose: invalid EC key (X/Y too large)go-jose/go-jose: missing payload in JWS messagego-jose/go-jose: Error marshalling item %#v: %vcannot parse permitted domain constraint %q: %wcbor: failed to decode hex from byte string: %sauthorization handle is not correct for commandcpHash value already set or not correct for usehash algorithm not supported or not appropriatedecoding PCRDigest, Locality, ParentNameAlg: %vrunning NV_Read command (cursor=%d,size=%d): %veither OIDC discovery or issuer URL must be setfailed parsing OIDC transformation template: %wsql: Scan error on column index %d, name %q: %wbytes contain an unsupported certificate formatinput did not contain a valid PEM encoded blockchacha20poly1305: message authentication failed<li><div class=profile-name>%s: </div> %s</li>
BUG: removeResource could not find res in slicefailed to get parameters for key encryption: %vfailed marshaling key encryption parameters: %vbigmod: modulus for ExpShortVarTime must be odd  <link rel="stylesheet" type="text/css" href="Executes the command without changing any file.retrieve and print a provisioning key in the CA%12sX509v3 Basic Constraints: failed to decode
certificate installed properly in Java keystoreerror decoding token: JWS must have three partserror decoding token: JWT must have three partsUse the SSH marshaling format instead of X.509.authenticate and decrypt a box produced by seal**step crypto otp generate** does TOTP and HTOPError unmarshaling certificate table from ASN.1go-jose/go-jose: invalid ciphertext (too short)map field %v cannot be set with read-only valueUpdateSubConnState(%v, %+v) called unexpectedlyGot unexpected health update for SubConn %p: %vreceived goaway and there are no active streamsfailed to do connect handshake, status code: %sconflicting blacklist rules for method %v foundcloudresourcemanager.organizations.getIamPolicycloudresourcemanager.organizations.getOrgPolicycloudresourcemanager.organizations.setIamPolicycloudresourcemanager.organizations.setOrgPolicyerror retrieving public key from signee key: %sIntra: 
%s
 vs 
%s
: level=%d j=%d numTables=%dError while opening newly created key registry.Error while storing datakey in WriteKeyRegistryTruncate Needed. File %s size: %d Endoffset: %d%w: unexpected format, couldn't extract comm %qGOOGLE_API_GO_EXPERIMENTAL_DISABLE_NEW_AUTH_LIBaz account get-access-token -o json --resource %s.Authenticate() acquired a token for scope %qtbsCertList.crlExtensions.*.AuthorityInfoAccesstbsCertList.revokedCertificates.crlExtensions.*DNSNames should not contain a bare IANA suffix.DNSName must be less than or equal to 253 bytesThe domain SHOULD NOT have a bare public suffixCertificates must have a positive serial numberw_sub_cert_certificate_policies_marked_criticale_subject_dn_serial_number_not_printable_stringinvalid or unsupported hash method with id '%s'%s appears in an ambiguous context within a URLtemplate: %q is an incomplete or empty templateproto: wrong wireType = %d for field StreamDoneproto: KVList: wiretype end group for non-groupunexpected escape in quoted string: found '%#v'credentials: unsupported unidentified file typecredentials: both scopes and audience are emptyurn:ietf:params:oauth:grant-type:token-exchange==> REQUEST/RESPONSE (Try=%d/%v, OpTime=%v) -- If non-empty, write log files in this directoryinvalid length for CopyInResponse.OverallFormatprecis: transformation resulted in empty stringcredentials: unable to retrieve AWS region - %scredentials: missing SecretAccessKey credentialcredentials: %v contains unsupported token typeexternalaccount: Subject token type must be setcredentials: failed to read credential file: %wcredentials: improperly formatted subject tokenurn:ietf:params:oauth:token-type:token-exchangeurn:ietf:params:oauth:grant-type:saml1_1-bearercorrupt input: min elt size, even check failed invalid string length %d: exceeds input size %dinvalid type name length %d: exceeds input sizeSending request to S2Av2 for client TLS config.could not read the body of an HTTP Response: %wreceived pointer to pointer type, not supportedSending request to S2Av2 for signing operation.failed loading current context configuration: %wx509: X25519 key encoded with illegal parametersx509: SAN uniformResourceIdentifier is malformedx509: IP constraint contained value of length %dx509: public key contains zero or negative valuex509: internal error: cannot parse constraint %qx509: internal error: URI SAN %q failed to parsex509: only RSA, ECDSA and Ed25519 keys supportedx509: only CAs are allowed to specify MaxPathLenx509: failed to serialise extensions attribute: net/http: extended connect not supported by peerinternal error: should have a body in this statenet/http: Hijack called after ServeHTTP finishedtoken expiry 'exp' %s is too far into the futurestrconv: illegal AppendFloat/FormatFloat bitSizenot enough significant bits after mult64bitPow10azure.authorizeToken; azure token missing headergcp.AuthorizeSSHSign; invalid requested certTypek8ssa.authorizeToken; invalid k8sSA token claimsfailed parsing decrypter key: no PEM block foundtls: CloseWrite called before handshake completeunable to generate random session ticket key: %vfailed to parse certificate #%d in the chain: %wtls: no FIPS compatible certificate chains foundtls: no supported symmetric ciphersuites for ECHtls: invalid EncryptedClientHelloKeys Config: %stls: CurvePreferences includes unsupported curvereflect: CallSlice with too many input argumentssudo useradd -m <principal>; nc -q0 localhost 22error decoding %s: not a valid PEM encoded blockslice bounds out of range [:%x] with capacity %y  is reachable from cleanup or cleanup argument
runtime: cannot map pages in arena address spaceruntime: malformed profBuf buffer - invalid sizeruntime: taggedPointerPack invalid packing: ptr=attempt to trace invalid or unsupported P statusShows a list of commands or help for one commandcould not parse %s as bool value for flag %s: %scould not parse %s as uint value for flag %s: %sWrites a JSON report to the HTML docs directory.renewCertificateRequest `template` cannot be nilstepCAS `certificateIssuer.type` cannot be emptyThe <name> of the context for the new authority.Then, to connect to your hosted authority, run:
uninstall from the Firefox NSS security databasePlease enter a password to encrypt the .p12 fileselect the default certificate authority contextThe certificate <file> used to validate the CRL.Cannot retrieve a private key from a public one.Failed to authenticate: missing or invalid stateThe key %s is already present in the SSH agent.
division of zero by zero or infinity by infinityInt.GobDecode: encoding version %d not supportedout points to big.Int, but defaultValue does notbufio: writer returned negative count from Writeuncompressed data would be too large (>%d bytes)go-jose/go-jose: unsupported elliptic curve '%s'go-jose/go-jose: invalid Ed key, missing x valueRequested allocation size is larger than allowedNV access authorization fails in command actionsdecoding ExtraData/ClockInfo/FirmwareVersion: %vcould not determine NVRAM read/write buffer sizeparsing public key: missing rsa signature schemeparsing public key: missing ecc signature schemeconverting driver.Value type %T (%q) to a %s: %vthe provided transport is no longer valid to use%v while waiting for connections to become readyunexpected error marshaling simple LB config: %wcan't use %v iterate over more than one variableparsing/packing of this type isn't available yetTotal user and system CPU time spent in seconds.crypto/rsa: input must be hashed with given hash<sup class="footnote-ref" id="fnref:%s">%s</sup>-//microsoft//dtd internet explorer 2.0 tables//-//microsoft//dtd internet explorer 3.0 tables//html: bad parser state: originalIM was set twiceThe team <ID> used to bootstrap the environment.Using Webroot Mode HTTP challenge to validate %sThe profile configuration has been saved in %s.
failed applying option to attestation client: %wkeyVault does not support signature algorithm %qcreateSignerRequest 'signingKey' cannot be emptyunknown key vault cloud environment with name %qfile %s does not contain a valid certificate: %w%12sX509v3 Extended Key Usage: failed to decode
/etc/ca-certificates/trust-source/anchors/%s.crtpkcs12: error decoding PKCS#8 shrouded key bag: pkcs12: error encoding PKCS#8 shrouded key bag: sign and verify data using JSON Web Tokens (JWT)Use the PKIX marshaling format instead of X.509.Uses JSON Web Key as the result encoding format.utfbom: reader returned negative count from Readinvalid Mutable on field with non-composite typefield %v has invalid type: got %v, want map kindlist field %v cannot be set with read-only valuecannot call deleteSelfIfReady on a listen socketgrpc.lb.pick_first.connection_attempts_succeededtransport: per-RPC creds failed due to error: %vno active streams left to process while drainingagent: signer and cert have different public keyv1/{+resource}:listAvailableOrgPolicyConstraintscloudresourcemanager.projects.testIamPermissionserror parsing certificate: decodedCert.Bytes: %sDeleted %d SSTables. Now deleting value logs...
Error while opening tmp file in WriteKeyRegistryError while closing tmp file in WriteKeyRegistrykeys not in sorted order (last key: %s, key: %s)accessing a node with a zero-length cursor stackGRPC_EXPERIMENTAL_RING_HASH_SET_REQUEST_HASH_KEYauth: token expired and refresh token is not setWithHTTPClient is incompatible with WithConnPoolWithHTTPClient is incompatible with WithGRPCConnWithHTTPClient is incompatible with QuotaProjectimpersonate: unable to generate access token: %vgithub.com/Azure/azure-sdk-for-go/sdk/azidentityGOST R 34.11-94 with GOST R 34.10-2001 Cryptocome_ext_authority_key_identifier_no_key_identifierw_ext_cert_policy_explicit_text_includes_controle_sub_ca_crl_distribution_points_marked_criticalfail to read symbol table: %d aux symbols unreadproto: negative length found during unmarshalingArena too small, toWrite:%d newTotal:%d limit:%dproto: wrong wireType = %d for field Compressionproto: TableIndex: illegal tag %d (wire type %d)proto: wrong wireType = %d for field BloomFilterproto: DataKey: wiretype end group for non-grouproot bucket pgid (%d) above high water mark (%d)BUG: bad sslmode should already have been caughtunable to encode %v into OID %d in binary formatRetry-After delay %s exceeds MaxRetryDelay of %stableLiteralLengthstableOffsetstableMatchLengthsinvalid length for CopyOutResponse.OverallFormatxml: EncodeToken of ProcInst with invalid Targetxml: end tag </%s> does not match start tag <%s>CharsetReader returned a nil Reader for charset trustboundary: error getting universe domain: %wcredentials: %v contains unsupported version: %vcredentials: unable to generate access token: %wManual resolver instance has not yet been built.Measures the duration of outbound HTTP requests.unable to get token for empty local identity: %vclient-side handshake is done using S2Av2 to: %shttps://%s/adfs/.well-known/openid-configurationTokenResponse hasn't had ScopesComputed() calledfederation metadata URL of user realm is missingfailed to get TLS configuration from S2A: %d, %vUnable to get token for empty local identity: %vhttp://docs.oasis-open.org/ws-sx/ws-trust/200512application/x-www-form-urlencoded; charset=utf-8could not convert json number value to float: %wcannot unmarshal into a **<type> or *<reference>/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pemx509: invalid RDNSequence: invalid attribute typex509: Ed25519 key encoded with illegal parametersx509: private key contains zero or negative valuex509: private key contains zero or negative primex509: signature returned by signer is invalid: %whttp2: request body closed due to handler exitinghttp: wrote more than the declared Content-Length (Client.Timeout exceeded while awaiting headers)http: partitioned cookies must be set with Secureunexpected Peek failure reading buffered byte: %vnet/http: Transport.Dial hook returned (nil, nil)strings.Reader.UnreadByte: at beginning of stringstrings.Reader.UnreadRune: at beginning of stringstrings.Reader.WriteTo: invalid WriteString countThe server could not connect to validation targetThe server received a TLS error during validationtransformed OIDC ID token does not contain 'name'not enough significant bits after mult128bitPow10azure.authorizeToken; cannot validate azure tokenclaims: MinTLSCertDuration must be greater than 0claims: MaxTLSCertDuration must be greater than 0cannot add multiple provisioners with the same iderror on identity request: status=%d, response=%sUnexpected public key type %T in provisioner '%s'failed to parse token: nebula header is not validnotAfter cannot be before notBefore; na=%v, nb=%vcertificate request fingerprint does not match %qssh certificate validBefore cannot be in the pastsshpop certificate must be a host ssh certificatecrypto/tls: ExportKeyingMaterial context too longtls: server advertised unrequested ALPN extensiontls: server sent a cookie in a normal ServerHellotls: client offered only unsupported versions: %xtls: client using inappropriate protocol fallbacktls: client illegally modified second ClientHelloreflect.Value.Slice: slice of unaddressable arrayerror converting provisioner list to certificateserror transforming provisioner %q while migratingCreated JWK provisioner %q with admin permissionsmust have super admin access to make this requesterror validating configuration for provisioner %qauthority.SignSSH: error creating ssh certificaterenewSSH: user certificate signing is not enabledrenewSSH: host certificate signing is not enabledrekeySSH; user certificate signing is not enabledrekeySSH; host certificate signing is not enabledauthority.Revoke; no persistence layer configuredecdsa: internal error: truncated hash is too longcrypto/elliptic: internal error: invalid encodinginvalid or incomplete multibyte or wide characterslice bounds out of range [::%x] with capacity %yinvalid memory address or nil pointer dereferencepanicwrap: unexpected string after package name: s.allocCount != s.nelems && freeIndex == s.nelemsruntime.reflect_makemap: unsupported map key typesweeper left outstanding across sweep generationsfully empty unfreed span set block found in resetcasgstatus: waiting for Gwaiting but is GrunnablecreateCertificateRequest `template` cannot be nilcreate tokens for connecting to the Smallstep APIinitialize the environment to use the CA commandstoken subject '%s' and argument '%s' do not matchWhat certificate authority would you like to use?What deployment type would you like to configure?issuer certificate is not a certificate authoritycertificate has been revoked according to OCSP %sremove a context and all associated configurationgenerate a public / private keypair in PEM formatThe <file> containing the TLS certificate to use.the :: must expand to at least one field of zerosgo-jose/go-jose: error in cryptographic primitivego-jose/go-jose: invalid public key in epk headergo-jose/go-jose: ecdsa signature failed to verifygo-jose/go-jose: invalid protected header: %s, %sgo-jose/go-jose: invalid elliptic key (too large)go-jose/go-jose: no x5c header present in messagessh: certificate options are not in lexical orderthe provided authority has no signature algorithmcbor: found unknown field at map element index %dasymmetric algorithm not supported or not correctGetCapability for TPM_PT_NV_BUFFER_MAX failed: %vsignature invalid: length of %d is shorter than 8parsing public key: missing asymmetric parametersbalancer is being closed; no new SubConns allowedimpossible error parsing empty service config: %vfinished serving streams for the server transportgrpc: Unexpected error (%T) from sendResponse: %vchacha20poly1305: bad nonce length passed to Sealchacha20poly1305: bad nonce length passed to Openinternal error: fillWindow called with stale data<tr><td>%d</td><td><a href='%s'>%s</a></td></tr>
SELECT nvalue FROM `%s` WHERE nkey = ? FOR UPDATEerror creating database: database name is missingSELECT nvalue FROM %s WHERE nkey = $1 FOR UPDATE;URI domain constraint %q cannot have empty labelscrypto/rsa: public exponent too small or negative<URI> of the targeted Step Certificate Authority.The JSON <file> with the template data variables.Using Device Attestation challenge to validate %qerror getting authority data: authority not founderror reading %s: not a proper nebula certificatefailed obtaining key certification parameters: %wThe provisioner <name> by which to filter admins.failed reading decrypter key password from %q: %whttp-01, dns-01, tls-alpn-01 and device-attest-01certificate with common name %q is not a valid CAkeyVault Sign failed: unexpected signature lengthcertinfo: Error parsing TBS unique attributes: %wx509: certificate has expired or is not yet validx509: certificate contained IP address of length pkcs12: input is not a multiple of the block sizeencrypt a payload using JSON Web Encryption (JWE)Print the raw bytes instead of the base64 format.The path to the <file> containing the public key.produce an authenticated and encrypted ciphertextsign small messages using public-key cryptographyuint64 values with high bit set are not supportedserver closed the stream without sending trailersbinarylogging: failed to marshal status proto: %vhttps://cloudresourcemanager.mtls.googleapis.com/cloudresourcemanager.organizations.clearOrgPolicysoftKMS does not support signature algorithm '%s'Value log GC attempt didn't result in any cleanup[Compactor: %d] Attempting to run compaction: %+vError while creating log file %d in valueLog.openboth meta pages are invalid, meta0: %v, meta1: %vfreepages: failed to get all reachable pages (%v)allocating failed, txid: %d, count: %d, error: %vwriteAt failed, pgid: %d, pageSize: %d, error: %vselect rngsubtype from pg_range where rngtypid=$1Unknown typtype %q was found while registering %qinvalid SPIFFE ID: domain or workload ID is emptyThe total amount of heap space that is scannable.(Max \w+\s{0,1}?\w*\s{0,1}\w*)\s{2,}(\w+)\s+(\w+)querying MTLS config from MDS endpoint failed: %vWithHTTPClient is incompatible with RequestReasonunexpected type for AK certificate public key: %Tsources must contain at least one TokenCredentialfailed to acquire a token.
Attempted credentials:failed to authenticate a system assigned identitye_ext_cert_policy_disallowed_any_policy_qualifierSubscriber Certificate: commonName is deprecated.{{%s}} branches end in different contexts: %v, %vCopy argument must be a pointer when Lock is trueproto: BlockOffset: illegal tag %d (wire type %d)proto: Checksum: wiretype end group for non-groupinvalid SCRAM nonce: did not include server noncecannot store statement description with empty SQLunexpected trailing bytes parsing empty range: %vcredentials: invalid token JSON from metadata: %wMeasures the number of messages received per RPC.grpclb calling NewSubConn with addrs of length %voauth2/google/externalaccount: status code %d: %sCall to handshaker.NewClientHandshaker failed: %vCall to handshaker.NewServerHandshaker failed: %vhttp call(%s)(%s) error: reply status code was %dplatform not supported, expected linux or windowsfound unknown private key type in PKCS#8 wrappingwhen logging hits line file:N, emit a stack tracesingle stream used with more than 10 bits length.invalid length for CopyBothResponse.OverallFormatBad startup message last byte. Expected 0, got %dxml: cannot use RawToken from UnmarshalXML methodxml: EncodeToken of Comment containing --> markerxml: EncodeToken of ProcInst containing ?> markertrustboundary: failed to fetch trust boundary: %wcredentials: invalid impersonation URL format: %squerying MTLS config from MDS endpoint failed: %wREQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFYinternal error: maxNbBits (%d) > tableLogMax (%d)input too small for table, want %d bytes, have %dbad interface encoding: name too large for buffergob: registering duplicate types for %q: %s != %sgob: registering duplicate names for %s: %q != %qhttp://schemas.xmlsoap.org/ws/2005/02/trust/Issuejson decode error: %w
json message bytes were: %sURLFormCall() requires qv to have non-zero lengthMarshal does not support **<type> or *<reference>x509: missing ASN.1 contents; use ParseCertificatex509: invalid RDNSequence: invalid attribute valuex509: RSA public exponent is not a positive numberx509: unknown key type while marshaling PKCS#8: %Tcryptobyte: attempted write while child is pendingnet/http: cannot rewind body after connection losshttp: putIdleConn: CloseIdleConnections was calledgot CONTINUATION for stream %d; expected stream %dhttp: suspiciously long trailer after chunked bodynet/http: Transport failed to read from server: %vnet/http: HTTP/1.x transport connection broken: %wUserID domain %q does not match DeviceID domain %qUserID handle %q does not match DeviceID handle %qerror doing identity request, are you in a GCP VM?tls: received unexpected CertificateStatus messagetls: invalid signature by the server certificate: tls: invalid signature by the client certificate: tls: client offered TLS version older than TLS 1.3go package net: dynamic selection of DNS resolver
reflect.Value.Slice3: slice of unaddressable arrayerror marshaling extKeyUsage extension to ASN1: %werror getting provisioners to initialize authorityerror loading provisioners to initialize authorityMigrated JWK provisioner %q with admin permissionserror updating provisioner '%s' in authority cacheauthority.SignSSH: error storing certificate in dbcannot renew a certificate without validity periodcannot rekey a certificate without validity periodcrl.renewPeriod must be greater than or equal to 0provisioner %q does not have a decrypter availableno signer certificate available for SCEP authoritymismatch between signer certificate and public keycrypto/elliptic: nistec rejected normalized scalarerror formatting fingerprint: unsupported encodingthe size of the RSA key should be at least %d bitsunsupported encrypted PEM: only PBES2 is supportedcrypto/rsa: prime factors are not relatively primecgo argument has Go pointer to unpinned Go pointermallocgc called with gcphase == _GCmarkterminationruntime.Pinner: object was allocated into an arenaruntime.Pinner: decreased non-existing pin counterrecursive call during initialization - linker skewattempt to execute system stack code on user stackcould not parse %s as uint64 value for flag %s: %sflag '--%s %s' is incompatible with flag '--%s %s'flag '--%s' and flag '--%s' are mutually exclusiveerror unmarshaling certificate authority extensionThe root certificate bundle has been saved in %s.
crypto/rand is unavailable: Read() failed with %#vCRL distribution endpoint not found in certificatecertificate status is unknown according to OCSP %sgenerate and check hashes of files and directoriesYour default web browser has been opened to visit:checks if a certificate has been issued for a hostcrypto/ecdh: public key does not match private keycrypto/cipher: incorrect nonce length given to GCMgo-jose/go-jose: failed to unmarshal x5c field: %scannot parse excluded URI domain constraint %q: %wcannot parse excluded constraint %q as IP nor CIDRaccess token hash does not match value in ID tokencbor: failed to decode base64 from byte string: %scbor: tag number %d must be followed by %s, got %scbor: wrong tag number for %s, got %v, expected %vencoding Type, NameAlg, Attributes, AuthPolicy: %vattestation does not apply to certify data, got %xtpm2.GetCapability(PT_VENDOR_STRING_%d) failed: %v/sys/kernel/security/tpm0/binary_bios_measurementsgoogle.golang.org/genproto/protobuf/source_contextgrpc: received message larger than max (%d vs. %d)grpc: failed to unmarshal the received message: %vtrying to send message larger than max (%d vs. %d)error saving authority %s; changed since last readgcp.authorizeToken; getAncestry response malformedcurve in cert and private key supplied don't match%s has arguments but cannot be invoked as functionfunction %s has %d return values; should be 1 or 2chacha20: SetCounter attempted to rollback counterThe command line invocation of the current programemail constraint %q contains too many @ charactersduplicate metrics collector registration attemptedhtml: the new current node will be a head element.The context <name> to apply for the given command.Use the JWT header 'x5cInsecure' instead of 'x5c'.Waiting for Order to be 'ready' for finalization .failed to append local root ca to system cert poolThe authority configuration has been saved in %s.
bootstrap flow does not support the %s provisionerkey content is not a valid nebula key; got type %Tcreate and manage the certificate authority adminscertinfo: Expected rsa.PublicKey for type x509.RSAcertinfo: Expected dsa.PublicKey for type x509.DSAcertificate uninstalled properly from linux trustspkcs12: error decrypting PKCS#8 shrouded key bag: pkcs12: error unmarshaling decrypted private key: pkcs12: error encrypting PKCS#8 shrouded key bag: flag '--iss' is required unless '--subtle' is usedflag '--aud' is required unless '--subtle' is usedflag '--sub' is required unless '--subtle' is usedflag '--exp' is required unless '--subtle' is usedThe path to the <file> containing the private key.error parsing certificate: %T is not a certificateedwards25519: invalid SetUniformBytes input lengthgo-jose/go-jose: no signature algorithms specifiedoauth2: token expired and refresh token is not setcannot call TPMMarshal on a nil pointer of type %Tinvalid Mutable on map with non-message value typefield %v has invalid type: got %v, want slice kind%T at address %p that called NewSubConn is deletedError closing underlying net.Conn during Close: %vbinarylogging: failed to marshal proto message: %vdelegating_resolver: invalid target address %q: %vcloudresourcemanager.folders.getEffectiveOrgPolicycloudresourcemanager.organizations.listOrgPoliciesMust have caught a nil callback for txn.CommitWithWhile reading protobuf in keyRegistryIterator.nextError while retriving datakey in sortedWriter.sendAn incompatible key %s exists in the source bucketAn incompatible key %s exists in the target bucketdereference: zero-length node key on existing nodecannot scan into *pgtype.DriverBytes from QueryRowGRPC_EXPERIMENTAL_ALTS_HANDSHAKER_KEEPALIVE_PARAMSLogValue called too many times on Value of type %Tgoogleapi: got HTTP response code %d with body: %vgoogleapi.RawMessage: UnmarshalJSON on nil pointerinstance/platform-security/auto-mtls-configurationfailed base64 decoding EK certificate response: %wfailed getting TPM private key %q as crypto.SignertbsCertList.crlExtensions.*.AuthorityKeyIdentifierExplicit text has a maximum size of 200 characterse_sub_cert_crl_distribution_points_marked_critical^(\s*(%s)\s*(%s)\s*)((?:\s+|,\s*)(%s)\s*(%s)\s*)*$proto: wrong wireType = %d for field EstimatedSizePage expected to be: %v, but self identifies as %vinvalid SCRAM ServerSignature received from serverEscapeString must be run with client_encoding=UTF8%d microseconds cannot be represented as time.TimeLower cannot be NULL unless LowerType is UnboundedUpper cannot be NULL unless UpperType is Unbounded^[-+]?[0-9][0-9_]*(?::[0-5]?[0-9])+(?:\.[0-9_]*)?$unable to transfer jwtAccess PerRPCCredentials: %vjwt: invalid Exp = %d; must be later than Iat = %doauth2/google: unable to generate access token: %vjws: invalid Exp = %v; must be later than Iat = %vauthentication challenge contains invalid claims: https://login.microsoftonline.com/managed_identitymatch offset (%d) bigger than current history (%d)credentials: unable to retrieve AWS role name - %scredentials: failed to open credential file %q: %wclient-side auth info is not of type alts.AuthInfoserver-side auth info is not of type alts.AuthInfolocal identity must be populated in session resultproblem getting mex doc from federated url(%s): %wchallenge claims conflict with client capabilitiesthe account type (Federated or Managed) is missinginvalid uint data length %d: exceeds input size %dcouldn't parse SAML assertion, version unknown: %qbuildTokenRequestMessage had no authority type(%v)x509: certificate has expired or is not yet valid: JSON decoder out of sync - data changing underfoot?ScanState's Read should not be called. Use ReadRuneprotocol error: received %T before a SETTINGS framehttp: Transport does not support unencrypted HTTP/2error doing http GET for url %s with status code %dexpected exactly one Wire UserID identifier; got %dcannot add multiple provisioners with the same namefailed parsing decrypter certificate: trailing datatls: missing signature_algorithms from TLS 1.2 peertls: VerifyHostname called on TLS server connectioncrypto/tls: reserved ExportKeyingMaterial label: %stls: server's identity changed during renegotiationtls: server selected unsupported compression formattls: server offered only incompatible point formatstls: server sent an unexpected early_data extensiontls: client did not request an application protocoltls: client offered only incompatible point formatsadminHandler.authorizeToken; error with reuse tokenerror getting policy to (re)load policy engines: %wcheckSSHHost: error from injected checkSSHHost funccannot commit configuration if not loaded from filecrypto/elliptic: Add was called on an invalid pointinternal error: too many releases of process handleerror parsing certificate request as DER format: %vunsupported encrypted PEM: only PBKDF2 is supportedlimiterEvent.stop: invalid limiter event type foundpotentially overlapping in-use allocations detectedfatal: systemstack called from unexpected goroutinecould not parse %s as float64 value for flag %s: %stoo many positional arguments were provided in '%s'The <fingerprint> of the targeted root certificate.Generate only the PKI without the CA configuration.error parsing %s: file is not a certificate requestcreate a certificate or certificate signing requestthe key %q cannot be used to sign X509 certificatescould not verify certificate against OCSP server(s)Extract CRL and CA from the URL passed as argument.initialize and manage a certificate revocation listauthorization and single sign-on using OAuth & OIDCgodebug: Value of name not listed in godebugs.All: go-jose/go-jose: ed25519 signature failed to verifygo-jose/go-jose: failed to decompress plaintext: %vgo-jose/go-jose: message is missing alg/enc headersgo-jose/go-jose: invalid EC key, missing x/y valuesgo-jose/go-jose: unsupported/unknown elliptic curvecannot parse excluded common name constraint %q: %wcannot parse permitted URI domain constraint %q: %wcannot parse permitted constraint %q as IP nor CIDRoidc: multiple signatures on id token not supportedkey fields are not compatible with the selected useName doesn't have a Digest, can't compare to Publicgot capability of type %T, want tpm2.TaggedPropertysql: driver does not support read-only transactionsgrpc: cannot create SubConn with empty address listgrpc: failed to decompress the received message: %vcertificate is valid before the signing certificatecan't use %v to iterate over more than one variabletemplate template must be empty with directory typecontraint %q can not be empty or white space stringip %q is not explicitly permitted by any constraintber2der: BER tag length is more than available datapkcs7: private key does not implement crypto.Signerecdsa: internal error: request size exceeds maximumdefault type does not match variable type: %v != %v-//o'reilly and associates//dtd html extended 1.0//html: AppendChild called for an attached child Node/var/run/secrets/kubernetes.io/serviceaccount/tokenUsing Standalone Mode HTTP challenge to validate %snote: NSS support is not available on your platformflag '--key' cannot be used with JWE algorithm '%s'create JWKs (JSON Web Keys) and manage JWK Key Setssign and verify data using JSON Web Signature (JWS)Length of one-time passwords. Defaults to 6 digits.crypto/ecdh: internal error: isLess input too largesql/driver: couldn't convert %v (%T) into type boolinvalid AppendMutable on list with non-message typeinvalid value: setting map field to read-only valueextension %v extends %v outside the extension rangefield %v has invalid type: got %v, want struct kindfield %v has invalid type: %v does not implement %vcannot add a child (id = %d) of type %T to a serverEXPERIMENTAL. Number of failed connection attempts.received %d-bytes data exceeding the limit %d bytesstream terminated by RST_STREAM with error code: %vkeepalive ping failed to receive ACK within timeoutcloudresourcemanager.projects.getEffectiveOrgPolicyfailed to insert the result of merge compaction: %s%s Time elapsed: %s, bytes sent: %s, speed: %s/sec
This shouldn't happen. Latest Pointer:%+v. Meta:%v.Invalid ValueThreshold, must be less or equal to %dError while retrieving datakey in logFile.bootstarpMySQL server does not support required protocol 41+iterator: Next and NextPage called on same iteratoroauth2/google: invalid token JSON from metadata: %vgoogle: missing scope/audience for JWT access tokenPlease run "Connect-AzAccount" to set up an accountx509: negative certificate list base-crl-number: %d^[-+]?(180(\.0+)?|((1[0-7]\d)|([1-9]?\d))(\.\d+)?)$^(\*\.)?(\?\.)*([A-Za-z0-9*_-]+\.)*[A-Za-z0-9*_-]*$EV certificates must include countryName in subject%s does not have same major and minor version as %sproto: wrong wireType = %d for field EncryptionAlgoproto: TableIndex: wiretype end group for non-groupfailed to read from file: %s at offset: %d, len: %dDetected mismatch, f.freemaps: %v, f.forwardMap: %vBUG: received ReadyForQuery while handling Describe%#v only has %d public fields - %d is out of boundscannot scan into non-pointer or nil destinations %Tcredentials: both scopes and audience were providedSwitching mode. Is pick_first used for backends? %v%s Credential=%s/%s, SignedHeaders=%s, Signature=%soauth2/google/externalaccount: Audience must be set<(?:\w+:)?[c|C]ode>\s*(\w+)\s*<\/(?:\w+:)?[c|C]ode>can not scale barcode to an image smaller than %dx1failed to get certificate path from config file: %werror parsing certificate from trust chain file: %wx509: cannot verify signature: insecure algorithm %vx509: issuer must have the crlSign key usage bit set<meta name="viewport" content="width=device-width">
request header "TE" may only be "trailers" in HTTP/2http2: Transport readFrame error on conn %p: (%T) %vprotocol error: received DATA before a HEADERS frameinvalid 'preferred_username' %q after transformationincompatible input; onlyReturnExisting must be aloneabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZerror getting identity token, are you in a Azure VM?error getting identity token: status=%d, response=%soidc.AuthorizeToken; error parsing oidc token claimsssh certificate key algorithm (DSA) is not supportedtls: invalid EncryptedClientHelloKeys PrivateKey: %stls: server selected unsupported protocol version %xtls: received a session ticket with invalid lifetimetls: internal error: session ticket keys unavailabletls: private key type does not match public key typeerrors: *target must be interface or implement erroradminHandler.authorizeToken; error parsing x5c tokenerror validating renew token: token is expired (exp)crl.cacheDuration must be greater than or equal to 0ecdsa: internal error: unexpectedly masking off bitsfailed to correctly flush all P-owned cleanup blocksruntime: cannot disable permissions in address spaceruntime.SetFinalizer: pointer not in allocated blockruntime: use of FixAlloc_Alloc before FixAlloc_Init
span set block with unpopped elements found in resetcasfrom_Gscanstatus: gp->status is not in scan staterevokeCertificateRequest `certificate` cannot be nilstepCAS `certificateIssuer.type` %s is not supportedWhat URI would you like to use for the SSH host key?What URI would you like to use for the SSH user key?Certificate with Serial Number %s has been revoked.
Please enter the password to encrypt the private keyPlease enter the password to encrypt the private JWK**step crypto kdf hash** [<input>]
[--alg ALGORITHM]step certificates is not configured with SSH supportadds a SSH certificate into the authentication agentproxy ssh connections according to the host registrygo-jose/go-jose: invalid RSA key, missing n/e valuesssh: peer's curve25519 public value has wrong lengthssh: peer's curve25519 public value is not valid: %wssh: unexpected message type %d (expected one of %v)cannot parse permitted common name constraint %q: %woidc: failed to decode provider discovery object: %vexpected Content-Type = application/json, got %q: %vcbor: two or more fields of %v have the same name %qcbor: cannot create DecMode with nil value as TagSetcannot decode CBOR map to struct with toarray optioncbor: cannot create EncMode with nil value as TagSetcommands not being accepted because of a TPM failurethe type of the value is not appropriate for the usecommand channel can only be used as a TPM 2.0 deviceprovided key can be duplicated to a different parenttpm2.GetCapability(PT_FIRMWARE_VERSION_1) failed: %vcertified incorrect key, expected: %v, certified: %vinvalid Wire client ID scheme %q; expected "wireapp"sql: Tx.Stmt: statement from different database usedgrpc: the provided default service config is invalidSubchannel Connectivity change to %v, last error: %sgrpc: Server.handleStream failed to write status: %verror unmarshaling provisioner %s into dbProvisionerkey was not 64 bytes, is invalid ed25519 private keytemplate: no template %q associated with template %qwrong number of args for %s: want at least %d got %dwrong number of args for %s: got %d want at least %ddnsmessage.OPTResource{Options: []dnsmessage.Option{email constraint %q cannot contain asterisk wildcardcannot parse email constraint %q as RFC 2821 mailboxemail constraint %q cannot be converted to ASCII: %wdns %q is not explicitly permitted by any constrainturi %q is not explicitly permitted by any constraintURI with IP %q cannot be matched against constraintsMaximum amount of virtual memory available in bytes.pkcs7: unsupported key encryption algorithm providedpkcs7: cannot parse data: unimplemented content typepkcs7: encryption algorithm parameters are incorrectpkcs7: encryption algorithm parameters are malformedrsa: internal error: b is not divisible by gcd(a, b)-//advasoft ltd//dtd html 3.0 aswedit + extensions//-//sun microsystems corp.//dtd hotjava strict html//html: InsertBefore called for an attached child Nodeunable to validate any challenges for identifier: %sunexpected requested token type for SSHPOP token: %dcertinfo: Expected ecdsa.PublicKey for type x509.DSAapt install libnss3-tools" or "yum install nss-toolsflag '--jwks' cannot be used with JWE algorithm '%s'**step crypto nacl auth verify** <key-file> <digest>go-jose/go-jose: invalid ciphertext (invalid length)must call Write then Read in an alternating sequencedriver: skip fast-path; continue as if unimplementedcannot add a child (id = %d) of type %T to a channelcannot delete a child (id = %d) from a listen sockettransport: preface mismatch, wrote %d bytes; want %dheader/message limit not allowed in blacklist configmalformed duration %q: too many digits after decimalPlease enter the password to decrypt the signing keyAEIOUaeiouBCDFGHJKLMNPQRSTVWXYZbcdfghjklmnpqrstvwxyzWrites are blocked, possibly due to DropAll or CloseFlushing memtable, mt.size=%d size of flushChan: %d
checksum mismatch Error: value corrupted for vp: %+vWhile decrypting datakey in keyRegistryIterator.nextCommitTs cannot be zero. Please use commitAt insteadError while creating base IV, while creating logfilefailed to lock db file (%s), readonly: %t, error: %vStarting a new transaction [writable: %t] failed: %vinvalid DSN: did you forget to escape a param value?commands out of sync. You can't run this command nowselect rngtypid from pg_range where rngmultitypid=$1The number of non-default behaviors executed by the error details: name = RequestInfo id = %s data = %s
create and manage ACME External Account Binding Keysmanage certificate issuance policies for authoritiesx509: trailing data after certificate list delta-crltbsCertList.crlExtensions.*.IssuingDistributionPointx509: trailing data after revoked certificate reasontbsCertList.revokedCertificates.crlEntryExtensions.*basicConstraints MUST appear as a critical extensionDSA: Certificates MUST include all domain parametersEV certificates must include serialNumber in subjectEV certificates must be 825 days in validity or lessunexpected read from section with uninitialized dataprototext: error parsing unknown field wire type: %vexpected space, attr name, or end of tag, but got %qcannot append two slice with different type (%s, %s)can't convert %s to decimal: exponent is not numericproto: ManifestChange: illegal tag %d (wire type %d)proto: BlockOffset: wiretype end group for non-groupDetected mismatch, f.freemaps: %v, f.backwardMap: %vinvalid SCRAM nonce: did not start with client nonceunterminated quoted string in connection info stringcredentials: incomplete token received from metadataunable to transfer credentials PerRPCCredentials: %vunable to transfer TokenSource PerRPCCredentials: %vReceived state change for an unknown SubConn: %p, %voauth2/google/externalaccount: %v missing `%q` fieldvalue size (%d bytes) too large for cache (%d bytes)expected exactly two items in the authenticated safecan not scale barcode to an image smaller than %dx%dinternal error: literalsHeader has invalid size (%d)buildDtable_asm returned unhandled nonzero code = %dsequenceDecs_decode_amd64 returned erroneous code %dinvalid body length: expected at most %d, but got %dxml: EncodeElement of StartElement with missing nametrustboundary: error getting the lookup endpoint: %wfailed to read manufacturer, setting onGCE=false: %vdecode: corrupted data: non-zero delta for singletonUnmarshal() received type %T, which is not a *structIf you want to help us debug the problem, please run:x509: certificate specifies an incompatible key usagepem: cannot encode a header key that contains a colonhttp: putIdleConn: too many idle connections for hosthttp2: Framer %p: failed to decode just-written frameillegal use of AllowIllegalReads with ReadMetaHeadershttp2: Transport failed to get client conn for %s: %vnon-CONNECT pattern with unclean path can never matchdescribeConflict called with non-conflicting patternsnet/http: CloseNotify called after ServeHTTP finishedwrong type in x5c header list; expected string but %Ttlsalpn01ValidateChallenge - error updating challengeerror creating template options from ACME provisionerexpected exactly one Wire DeviceID identifier, got %derror parsing attestationRoots: malformed certificateerror parsing attestationRoots: no certificates foundhttp://169.254.169.254/metadata/identity/oauth2/tokenclaims: DefaultTLSCertDuration must be greater than 0jwk.authorizeToken; jwk token subject cannot be emptyssh certificate type does not match - got %v, want %vcertificate request key of type '%T' is not supportedx5c.authorizeToken; x5c token subject cannot be emptytls: unable to generate random session ticket key: %vtls: received unexpected handshake message of type %Ttls: unexpected server_name extension in server hellotls: client does not support uncompressed connectionstls: failed to find any PEM data in certificate inputreflect: non-interface type passed to Type.Implementsreflect.Value.Slice: string slice index out of boundserror unmarshaling json: serialNumber %s is not validerror reloading admin resources on failed admin storeadminHandler.authorizeToken; error parsing x5c claimserror getting root certificate: certificate not foundonly RSA keys are (currently) supported as decrypterscrypto/elliptic: attempted operation on invalid pointerror decoding %s: contains an unexpected header '%s'failed converting *ecdsa.PublicKey to *ecdh.PublicKeynon-concurrent sweep failed to drain all sweep queuesexited a goroutine internally locked to the OS threadcould not parse %s as int slice value for flag %s: %snot enough positional arguments were provided in '%s'Create a default ACME provisioner. Defaults to false.error loading certificate: certificate chain is emptyerror reading HTTP response body from /token endpointmath/big: internal error: cannot find (D/n) = -1 for unique.canonMap: ran out of hash bits while iteratingunique.canonMap: ran out of hash bits while insertingsync/atomic: compare and swap of nil value into Valuebufio.Scan: too many empty tokens without progressinggo-jose/go-jose: invalid EC key (nil, or X/Y missing)ssh: server-generated gex p is out of range (%d bits)cbor: failed to decode base64url from byte string: %sfailed creating new OIDC provider using discovery: %wunexpected character %s, missing ":" after field nameinvalid GOLANG_PROTOBUF_REGISTRATION_CONFLICT value: cannot combine empty 'service' and non-empty 'method'grpc: Server.Serve failed to create ServerTransport: error marshaling details when creating provisioner %serror marshaling details when updating provisioner %ssmall map with no empty slot (concurrent map writes?)bug: semaphore allowed more acquires than pool allowsNumber of bytes sent by the process over the network.collected metric %s %s has help %q but should have %q <a class="footnote-return" href="#fnref:%s%s">%s</a>-//microsoft//dtd internet explorer 2.0 html strict//-//microsoft//dtd internet explorer 3.0 html strict//error generating OIDC token: exec "step oauth" failedx509: DSA signature contained zero or negative valuesPlease enter the password to decrypt your private JWKpositional argument <length> %q is not a valid numbercrypto/ecdh: internal error: mismatched isLess inputsgo-jose/go-jose: key wrap input must be 8 byte blockschacha20: internal error: wrong dst and/or src lengthunexpected error while reading Data frame payload: %vtransport: failed to write initial settings frame: %vreceived an illegal stream id: %v. headers frame: %+vbinarylogging: error in trailer is not a status errorcloudresourcemanager.organizations.testIamPermissionsInvalid ValueLogFileSize, must be between 1MB and 2GBThis transaction has been discarded. Create a new oneIterating over move keys to find invalids for fid: %dError while encrpting sanity text in WriteKeyRegistry
       COALESCE(multirange.rngtypid, 0) AS rngtypid,returned MTLS config from MDS endpoint is invalid: %vWithHTTPClient is incompatible with gRPC dial optionsgenerated %d random bytes instead of the requested %dmanage certificate issuance policies for provisionersx509: trailing data after certificate list crl-numberInternationalized DNSNames punycode not valid unicodee_sub_ca_crl_distribution_points_does_not_contain_urle_sub_cert_given_name_surname_contains_correct_policycannot append two slices with different type (%s, %s)can't convert %s to decimal: fractional part too longBUG: received CommandComplete while handling DescribeBUG: cannot parse date that regexp matched (year): %wunexpected trailing bytes parsing unbounded range: %vcannot hijack already released or hijacked connection^[-+]?(\.[0-9]+|[0-9]+(\.[0-9]*)?)([eE][-+]?[0-9]+)?$%d bytes still won't fit in the cache! (max %d bytes)http call(%s)(%s) error: reply status code was %d:
%shttp://127.0.0.1:40342/metadata/identity/oauth2/tokendns resolver: missing port after port-separator colonxml: %s.MarshalXML wrote invalid XML: <%s> not closedcredentials: unable to retrieve AWS session token: %sproblem with access token in StorageTokenResponse: %wunable to unmarshal IDToken, problem decoding JWT: %wexpires_in and expires_on are both missing or invalidcredentials: failed to marshal additional options: %wFailed to send request to S2Av2 for client TLS configUnable to get default token for local identity %v: %vhttp://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issuecannot make a SOAP call with body set to empty stringreceived the frame length %d larger than the limit %dFailed to parse response from /ssh/check-host endpointx509: cannot verify signature: algorithm unimplementedx509: invalid RDNSequence: invalid attribute value: %sURI with IP (%q) cannot be matched against constraintscryptobyte: Builder is exceeding its fixed-size bufferx509: template.ThisUpdate is after template.NextUpdatefmt: scanning called UnreadRune with no rune availablehttp: Request.Write on Request with no Host or URL setread loop ending; caller owns writable underlying conninternal error: expected to be already writing a framehttp2: received GOAWAY %+v, starting graceful shutdownhttp2: handler wrote more than declared Content-Lengthtarget must be an absolute URL or an absolute path: %qnet/http: can't write control character in Request.URLx25519 key does not support the signature algorithm %sAK certificate is missing Extended Key Usage extensionbytes.Buffer: reader returned negative count from ReadvalidatePayload: failed to validate oidc token payloadprovisioner public SSH validation keys cannot be emptyextractSSHPOPCert; error base64 decoding sshpop headercertificate is not valid for requested server name: %wtls: server resumed a session with a different versiontls: server accepted 0-RTT with the wrong cipher suitetls: certificate used with invalid signature algorithmtls: Encrypted Client Hello cannot be used pre-TLS 1.3tls: client indicated early data in second ClientHellotls: failed to create cipher while encrypting ticket: tls: found unknown private key type in PKCS#8 wrappingreflect: Value.SetIterKey called on exhausted iteratorerror unmarshalling certificate request: trailing dataerror reloading admin resources on failed admin updateerror reloading admin resources on failed admin removeauthority.authorizeRenew: certificate has been revokedauthority.SignSSH: unexpected ssh certificate type: %dcertificate with serial number '%s' is already revokedDatabase does not support Certificate Revocation Listsecdsa: curve not supported by deterministic signaturescrypto/elliptic: Double was called on an invalid pointruntime.m memory alignment too small for spinbit mutexmin size of malloc header is not a size class boundarygcControllerState.findRunnable: blackening not enabledno goroutines (main called runtime.Goexit) - deadlock!trace: non-empty full trace buffer for done generationtrace: non-empty full trace buffer for next generation	goroutine running on other thread; stack unavailable
https://github.com/urfave/cli/blob/master/CHANGELOG.mdThe <file> containing the cert that should be revoked.token subject '%s' and serial number '%s' do not match**step certificate key** <crt-file> [**--out**=<file>]private key type does not match issuer public key typeissuer certificate does not have the keyCertSign usageThe <file> to use as a dictionary to get random words.start an HTTP(S) server serving the contents of a path, square brackets can only be used with IPv6 addresses, IPv6 addresses must be surrounded by square bracketsbinary.Write: some values are not fixed-sized in type ssh: only P-256, P-384 and P-521 EC keys are supportedhierarchy is not enabled or is not correct for the usesql: expected %d destination arguments in Scan, not %dindent may only be composed of space or tab charactersunknown field number %d while unmarshalling GoFeaturesunknown field number %d while unmarshalling FeatureSetgrpc: no decompressor available for compressed payloadgrpc: Server.RegisterService after Server.Serve for %qinvalid template type %s, it must be %s, %s, %s, or %sname is not in canonical format (it must end with a .)period must be greater than or equal to %s, but got %vIP principals %v not expected in SSH user certificate domain constraint %q with wildcard should start with *domain constraint %q can not be converted to ASCII: %wemail %q is not explicitly permitted by any constraintStart time of the process since unix epoch in seconds.collected metric %s %s with unregistered descriptor %spkcs7: no enveloped recipient for provided certificatepanic calling String method on zero %v for flag %s: %vComplete the flow while remaining inside the terminal.step ACME provisioners do not support token auth flowsstep SCEP provisioners do not support token auth flowsThe <secret> used to obtain the OpenID Connect tokens.invalid EC key: point (x, y) does not lie on the curve%8sSubject Public Key Info:
%12sPublic Key Algorithm: only octet string salts are supported for pbes2/pbkdf2extract a public JSON Web Key (JWK) from a private JWKprint the public key from a private key or certificateName of the issuing organization (e.g., smallstep.com)positional argument <length> %q must be greater than 0Certificate Table's entry type of %s is not supported
quotedprintable: invalid unescaped byte 0x%02x in bodyfield %v has invalid type: got %v, want interface kindgRPC requires a ResponseWriter supporting http.FlusherClosing server transport due to maximum connection agefailed to unmarshal, message is %T, want proto.Messageagent: failed to list keys, unexpected message type %Terror parsing certificate: decodedSignerCert.Bytes: %sWhile unmarshal of datakey in keyRegistryIterator.next[Compactor: %d] Running compaction: %+v for level: %d
Opening db file (%s) with mode %s and with options: %sStarting a new transaction [writable: %t] successfullyGRPC_EXPERIMENTAL_ENABLE_DEFAULT_PORT_FOR_PROXY_TARGETerror details: name = BadRequest field = %s desc = %s
oauth2/google: incomplete token received from metadataunmarshalling MTLS config from MDS endpoint failed: %vthe requested identity isn't assigned to this resourcex509: trailing data after certificate list auth key IDIssuer alternate name should be marked as non-criticalgoogle api: custom Accept-Encoding headers not alloweddetected duplicated free page ID: %d in f.freemaps: %vinvalid SCRAM iteration count received from server: %wBUG: cannot parse date that regexp matched (month): %w//iam\.googleapis\.com/locations/[^/]+/workforcePools/this client doesn't support overriding its API versionliteral block was treeless, but no history was definedinvalid decoding table entry %d, symbol %d >= max (%d)xml: namespace without name in field %s of type %s: %q//iam\.([^/]+)/locations/global/workforcePools/([^/]+)unmarshalling MTLS config from MDS endpoint failed: %wfailed to create single token access token manager: %vREQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFYurn:ietf:params:oauth:client-assertion-type:jwt-bearerhttps://%s.%s/%s/v2.0/.well-known/openid-configurationcredentials: failed to properly build http request: %whttp://docs.oasis-open.org/ws-sx/ws-trust/200512/IssueFailed to send request to S2Av2 for signing operation.a transport, a root cert, or a root sha256 must be usedperiod must be greater than or equal to %s, but got %v.x509: authority info access incorrectly marked criticalx509: too many intermediates for path length constraintx509: failed to load system roots and no roots providednet/http: request canceled while waiting for connectionnet/http: invalid byte %q in %s; dropping invalid byteshttp2: server: error reading preface from client %v: %vinternal error: can only be writing one frame at a timehttp2: Transport received GOAWAY from server ErrCode:%vfailed parsing AK certificate Subject Alternative Nameserror getting azure environment: status=%d, response=%sssh certificate validBefore cannot be before validAfterssh certificate key must be at least %d bits (%d bytes)tls: internal error: handshake should have had a resulttls: server sent non-zero legacy TLS compression methodreflect: internal error: invalid use of makeMethodValuereflect.FuncOf: last arg of variadic func must be sliceerror marshaling basicConstraints extension to ASN1: %wadmin.provisionerId does not match provisioner argumentadmin with subject %s and provisioner %s already existserror validating renew token: token not valid yet (nbf)signSSHAddUser: user certificate signing is not enabledprovisioner %q does not have a default signer availableecdsa: internal error: shift can only be by 1 to 7 bitsos: invalid use of WriteAt on file opened with O_APPENDinternal error: negative process handle reference countmheap.freeSpanLocked - invalid free of user arena chunkcasfrom_Gscanstatus:top gp->status is not in scan statecould not parse %s as int64 slice value for flag %s: %spositional argument <%s> requires the '--insecure' flagdisplay help for the specified command or command groupstepCAS `certificateIssuer.provisioner` cannot be emptyprovisioner with name %s does not have an encrypted keyWhat would you like to name the CA's first provisioner?(e.g. azurekms:name=my-intermediate-key;vault=my-vault)token subject '%s' and CSR CommonName '%s' do not matchThe destination <file> of the generated one-time token.invalid value for flag --key: a private key is requiredYour certificate signing request has been saved in %s.
compare a plaintext value (e.g., a password) and a hashstep certificates is not configured with an ssh.hostKeystep certificates is not configured with an ssh.userKeycrypto/dsa: parameters not set up before generating keycipher.NewCBCEncrypter: IV length must equal block sizecipher.NewCBCDecrypter: IV length must equal block sizeeach colon-separated field must have at least one digitbufio.Scanner: SplitFunc returns negative advance countrequest header list larger than peer's advertised limitgo-jose/go-jose: public key was unexpectedly not publicvalue is out of range or is not correct for the contextPCR index %d is out of range (exceeds maximum value %d)sql: Scan called without calling Next (closemuScanHold)extension number %d is already registered on message %vgrpc: the connection is closing due to channel idlenessgrpc: Server.processUnaryRPC failed to write status: %vencoded IPs should be in pairs, an odd number was foundpublic key in cert and private key supplied don't matchtemplates variables cannot contain 'Step' as a propertytemplates variables cannot contain 'User' as a propertyStack traces that led to the creation of new OS threadsURL principals %v not expected in SSH host certificate URL principals %v not expected in SSH user certificate ber2der: invalid negative value found in BER tag lengthinvalid ContentEncryptionAlgorithm in encryptAESGCM: %dinvalid ContentEncryptionAlgorithm in encryptAESCBC: %dpkcs7: certificate signature from parent is invalid: %v{{ "%s" | bold }} {{ . | bold }}? {{ "[%s]" | faint }} What user principal would you like to use? (e.g. alice)Always set the common name in provisioned certificates.x509: ECDSA signature contained zero or negative valuescertificate uninstalled properly from the Java keystoreonly octet string salts are supported for PBMAC1/PBKDF2**step crypto jws inspect**
**--insecure** [**--json**]validation failed: unrecognized critical headers (crit)**step crypto nacl box keypair** <pub-file> <priv-file>easy-to-use high-speed tools for encryption and signingedwards25519: invalid SetBytesWithClamping input lengthgo-jose/go-jose: invalid ciphertext (auth tag mismatch)cannot add a child (id = %d) of type %T to a subChannelEXPERIMENTAL. Number of successful connection attempts.closing transport due to: %v, received prior goaway: %va HEADERS frame cannot appear in the middle of a streamPlease enter the password to decrypt the decryption keyerror processing alternate dns name: %v is not a stringValue log GC can't run because threshold is set to zeroDatabase was not properly closed, cannot open read-onlyGot error while calculating total size of directory: %s%s Key: %s Meta: %d UserMeta: %d Offset: %d len(val)=%d[Compactor: %d] LOG Compact FAILED with error: %+v: %+vRequest size offset %d is bigger than maximum offset %d[GOOS: %s, GOARCH: %s] mmap failed, size: %d, error: %v[GOOS: %s, GOARCH: %s] syncing bbolt db (%s) failed: %vthis user requires mysql native password authenticationGRPC_TEST_ONLY_GOOGLE_C2P_RESOLVER_TRAFFIC_DIRECTOR_URICount of completed GC cycles forced by the application.error details: name = QuotaFailure subj = %s desc = %s
error details: name = DebugInfo detail = %s stack = %s
manage certificate issuance policies for ACME accounts.provisioner %q does not have a webhook with the name %qgetAssertion must be a function that returns assertionsWildcards in the left label of DNSName should only be *Explicit text should not include any control characterse_sub_cert_crl_distribution_points_does_not_contain_urlindent may only be composed of space and tab characterscannot override two slices with different type (%s, %s)proto: ManifestChangeSet: illegal tag %d (wire type %d)proto: ManifestChange: wiretype end group for non-groupinvalid SCRAM server-final-message received from serverunable to encode %#v into %s format for %s (OID %d): %wprivate key should be a PEM or plain PKCS1 or PKCS8: %wSSH user policy does not support IP addresses or rangesbasic realm= not found in the string, instead found: %sinvalid secret file size, expected %d, file size was %dsyntax error: expect comma-separated list of filename=Nmatch offset (%d) bigger than current history+dict (%d)Bad startup message version number. Expected %d, got %dcredentials: failed to unmarshal subject token file: %wcredentials: invalid expiry from security token servicecredentials: unsupported gdch_service_account format %qcredentials: unable to create impersonation request: %wALTS: untrusted platform. ALTS is only supported on GCPoauth2/google: failed to marshal additional options: %vAuthCodeRequest had nil Credential for Confidential appTenantDiscoveryResponse: failed to parse issuer URL: %whandshaker service consumed bytes value is out-of-boundhttp://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearerbug: conn.Call(): could not marshal the body object: %wlanguage: different values for same key in -u extensionprotected buffer length shorter than expected: %d vs %dcannot get context configuration; no current context setstrings: illegal use of non-zero Builder copied by valuex509: subject key identifier incorrectly marked criticalx509: internal error: empty chain when appending CA certx509: invalid MaxPathLen, must be greater or equal to -1ptrEncoder.encode should have emptied ptrSeen via defershttp2: request body larger than specified content lengthhttp2: response header list larger than advertised limithttp: Request.RequestURI can't be set in client requestspromised request headers cannot include pseudo header %qnet/http: Transport.DialContext hook returned (nil, nil)invalid algorithm: Ed25519 cannot be used for encryptionkeyAuthorization does not match; expected %s, but got %skeyAuthorization does not match; expected %q, but got %qerror parsing AWS IID certificate: no certificates foundazure.authorizeToken; error parsing xms_mirid claim - %sprovisioner type '%T' not supported by identity functionfailed parsing decrypter certificate: no PEM block foundprovisioner %q does not have a decrypter certificate setsshpop.authorizeToken; error parsing sshpop token claimsThe request was forbidden by the certificate authority: tls: TLS 1.3 client supports illegal compression methodsnon-empty pointer map passed for non-pointer-size valuesreflect: Value.SetIterValue called on exhausted iteratorerror validating renew token: invalid issuer claim (iss)error extracting CA certs from pkcs7 degenerate data: %wno intermediate certificate available for SCEP authorityb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34range function continued iteration after loop body panicrange function continued iteration after whole loop exitprofilealloc called without a P or outside bootstrappingdetected possible issues with cleanups and/or finalizersin gcMark expecting to see gcphase as _GCmarkterminationruntime: netpoll: eventfd ready for something unexpectedsemaphore wake of synctest goroutine from outside bubbleMust be `func(*Context`)` or `func(*Context) error).  %screateCertificateAuthorityRequest `lifetime` cannot be 0createCertificateAuthorityRequest `parent` cannot be nilPlease enter the password to decrypt the provisioner keyCreate a host certificate instead of a user certificate.The federation certificate bundle has been saved in %s.
Check whether the certificate is for the specified host.disables the install on the system's default trust storeinstall a root certificate in the supported trust storesfailure creating intermediate list from certificate '%s'failed to read the response body from the issuing CA urlmissing or invalid 'token_endpoint' in provider metadataSSH Certificate with Serial Number %s has been revoked.
crypto/cipher: internal error: generic CBC used with AEScrypto/cipher: internal error: generic CTR used with AESgo-jose/go-jose: cannot sanitize merged headers: %v (%v)go-jose/go-jose: compact JWE format must have five partsgo-jose/go-jose: invalid P2C: must be a positive integerssh: peer's mlkem768x25519 public value has wrong lengthssh: peer's mlkem768x25519 public value is not valid: %wssh: peer's ML-KEM768 encapsulation key is not valid: %wcbor: cannot set embedded pointer to unexported struct: sql: driver does not support the use of Named Parameterssql: driver does not support non-default isolation levelhttps://protobuf.dev/reference/go/faq#namespace-conflictacBalancerWrapper: NewSubConn: failed to newAddrConn: %vgrpc: Decompressor is not installed for grpc-encoding %qgrpc: trying to send message larger than max (%d vs. %d)bytes did not contain a proper nebula certificate bannerinvalid value for "seconds" - must be a positive integerNumber of seconds since 1970 of last garbage collection.exemplar labels have %d runes, exceeding the limit of %dpkcs7: unsupported digest %q for encryption algorithm %q((https?|ftp):\/\/|\/)[-A-Za-z0-9+&@#\/%?=~_|!:,.;\(\)]+The <fingerprint> of the CSR to restrict this token for.duration (%v) has seconds and nanos with different signsPlease enter admin name/subject (e.g., name@example.com)create and manage the certificate authority provisionerscertificate installed properly in NSS security databasesinvalid jwk use: found '%s', expecting 'sig' (signature)validation failed: multiple signatures are not supported**step crypto key format** <key-file> [**--out**=<file>]**step crypto nacl sign keypair** <pub-file> <priv-file>invalid value: setting repeated field to read-only valueAborting the stream early due to InTapHandle failure: %vempty string is not a valid method binary logging confighttps://www.googleapis.com/auth/cloud-platform.read-onlycloudresourcemanager.organizations.getEffectiveOrgPolicysoftKMS createKey result is not a crypto.Signer: type %TInvalid ValueLogLoadingMode, must be FileIO or MemoryMapFound an incomplete txn at timestamp %d. Discarding it.
Table created: %d at level: %d for stream: %d. Size: %s
Count of calls made from Go to C by the current process.WithHTTPClient is incompatible with WithClientCertSourcemissing ActiveDirectoryAuthorityHost for specified cloudx509: failed to unmarshal certificate-list delta-crl: %v^[a-zA-Z]:\\(?:[^\\/:*?"<>|\r\n]+\\)*[^\\/:*?"<>|\r\n]*$EV certificates must include businessCategory in subjectEV certificates must include organizationName in subjectCAs MUST mark the inhibitAnyPolicy extension as criticaltimeseries: resolutions must be monotonically increasingdetected duplicated free page ID: %d in f.forwardMap: %vgrpclb: failed to perform RPC to the remote balancer: %vgoogleapi/transport: no Transport specified or availablexml: %s.UnmarshalXML did not consume entire <%s> elementinvalid PEM-encoded certificate data: no PEM block foundoauth2/google: failed to properly build http request: %vhandshaker service consumed bytes value is out-of-boundsTokenResponse client_info field had JWT decode error: %wUserCode: (%v)
DeviceCode: (%v)
URL: (%v)
Message: (%v)
access token isn't valid, it was cached at a future timecorruption detected: short output block %d, end %d != %dinvalid interface value length %d: exceeds input size %dbad interface encoding: data length too large for bufferFailed to receive client TLS config response from S2Av2.bug: mapWalk.storeValue() called on unsupported type: %vFailed to receive signing operation response from S2Av2.x509: failed to parse EC private key embedded in PKCS#8: x509: template contains entry with nil SerialNumber fieldhttp2: TLS conn unexpectedly found in unencrypted handofferror extracting public key from ssh public key interfaceThe server will not issue certificates for the identifier%s: not a supported AWS Instance Metadata Service versionk8ssa.authorizeToken; k8sSA token subject cannot be emptytls: client sent invalid encrypted_client_hello extensiontls: Ed25519 public keys are not supported before TLS 1.2received record with version %x when expecting version %xtls: server sent an unnecessary HelloRetryRequest messagetls: server selected an invalid PSK and cipher suite pairtls: no key exchanges supported by both client and servertls: client sent invalid encrypted client hello extensionerror marshaling SubjectAlternativeName extension to ASN1provisioner %q is disabled due to an initialization errorerror validating renew token: invalid subject claim (sub)cannot unmarshal %s at offset %d into Go value of type %sSCEP provisioner %q does not have a decrypter certificateerror creating template options from SCEP provisioner: %wsync: WaitGroup misuse: Add called concurrently with Waitsync: WaitGroup.Add called from multiple synctest bubblesruntime: checkmarks found unexpected unmarked object obj=runtime: failed to disable profiling timer; timer_delete(non-Go code set up signal handler without SA_ONSTACK flagerror decoding certificate: not a valid PEM encoded blockerror parsing provisioner key: key is not a crypto.SignerstepCAS 'certificateAuthorityFingerprint' cannot be emptycreateCertificateRequest `lifetime` cannot be less than 0Choose a password for your CA keys and first provisioner.Generating user and host SSH certificate signing keys... **step certificate bundle** <crt-file> <ca> <bundle-file>**step certificate format** <crt-file> [**--out**=<file>]print certificate or CSR details in human readable formatflag '--skip-csr-signature' is required with a public keyprint the fingerprint of an SSH public key or certificate{{ "%s" | red }} {{ "Add User Certificate:" | bold }} %v
crypto/cipher: invalid buffer overlap of output and inputgo-jose/go-jose: expected %d bit key, got %d bits insteadgo-jose/go-jose: invalid embedded jwk, must be public keygo-jose/go-jose: compact JWS format must have three partsssh: unsupported signature algorithm %q for key format %qcbor: found duplicate map key %#v at map element index %dcannot decode CBOR array to struct without toarray optioncbor: cannot encode cbor.Tag when TagsMd is TagsForbiddencan't map TPM EC curve ID 0x%x to Go elliptic.Curve valueReadPublic failed (%v), and then CreatePrimary failed: %vAdjusting keepalive ping interval to minimum period of %vgrpc: compressed flag set with identity or empty encodingcould not calculate shasum for provided CA; error: %s; %scan't handle assignment of %s to empty interface argumenttried to access resource that is not acquired or hijackedemail contraint %q can not be empty or white space stringURI domain constraint %q contains invalid square bracketsURI domain constraint %q cannot be converted to ASCII: %wNumber of bytes received by the process over the network.crypto/drbg: internal error: request size exceeds maximumcannot run executable found relative to current directory (set GODEBUG=execwait=2 to capture stacks for debugging)provisioner '%s' does not have an 'encryptedKey' propertyx509: only RSA, ECDSA, Ed25519, and X25519 keys supportedcertificate cannot be installed in NSS security databasesverify a signed JWS data structure and return the payloadverify a signed JWT data structure and return the payloadSubConn with unexpected state %v present in SubConns map.finished processing active streams while in draining modereceived goaway with non-zero even-numbered stream id: %vunexpected HTTP status code received from server: %d (%s)No sets or deletes are allowed in a read-only transactionFailure while flushing memtable to disk: %v. Retrying...
All tables consolidated into one level. Flattening done.
Waiting to add level 0 table. Compaction priorities: %+v
growing db size failed, pgid: %d, pagesize: %d, error: %vinvalid SPIFFE ID: total ID length larger than 2048 bytesCount of completed GC cycles generated by the Go runtime.public key does not match the leaf certificate public keyAzureCLICredential: GetToken() requires exactly one scopex509: failed to unmarshal certificate-list crl-number: %vCAs MUST NOT generate certificate with unique identifiersOnly one of NIST P‐256, P‐384, or P‐521 can be usedThe subject key identifier extension MUST be non-criticalCertificates MUST have RSA, DSA, or ECDSA public key typecan't get freelist page IDs from a non-freelist page: %2xdetected duplicated free page ID: %d in f.backwardMap: %vcredentials: both credentials file and JSON were providedMeasures the size of RPC request messages (uncompressed).oauth2/google: unable to create impersonation request: %vunexpected buffer cap %d, want at least %d with window %dtrustboundary: failed to read trust boundary response: %wtrustboundary: HTTP client cannot be nil for DataProvidertrustboundary: error fetching the trust boundary data: %wcredentials: invalid credential_source file format type: failed to retrieve Private Key from Remote Signer Libraryhttpclient in oauth instance for fetching metadata is nilfailed to establish stream to ALTS handshaker service: %vGobDecoder: invalid data length %d: exceeds input size %dtype mismatch: no fields matched compiling decoder for %skey update request message wrote less bytes than expectedfailed to offload server cert verification to S2A: %d, %vfailed to offload client cert verification to S2A: %d, %vhttp://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKeyfindFields received a %s type, expected *struct or structsupplied traffic secret must be %v bytes, given: %v bytesfailed to create half connection using traffic secret: %vfailed to offload signing with private key to S2A: %d, %vcalled CompareAndSwap when value is not of comparable typex509: authority key identifier incorrectly marked criticalx509: certificate contains duplicate extension with OID %qx509: failed to parse RSA private key embedded in PKCS#8: x509: provided PrivateKey doesn't match parent's PublicKeyjson: cannot set embedded pointer to unexported struct: %vcannot push URL with scheme %q from request with scheme %qhttp2: client connection force closed via ClientConn.Closestep-jose: password cannot be empty when encryptying a JWKaws.authorizeToken; error parsing token, header is missingtls: FIPS 140-3 requires the use of Extended Master Secrettls: server changed cipher suite after a HelloRetryRequestDNS response contained records which contain invalid nameserror marshaling challenge password: password is not validerror parsing RegisteredID SAN: empty value is not allowedtoken issued before the bootstrap of certificate authorityauthority.Authorize; ssh certificate flows are not enablederror validating renew token: invalid audience claim (aud)authority.SignSSH: user certificate signing is not enabledauthority.SignSSH: host certificate signing is not enabledrequest serial number %q and token subject %q do not matchcould not retrieve revoked certificates list from databaseprovisioner %q does not have a default decrypter availablecrypto/elliptic: ScalarMult was called on an invalid pointpositional arguments <%s> and <%s> cannot be equal in '%s'flag '--%s' is required unless the '--%s' flag is providedcreateCertificateAuthorityRequest `template` cannot be nilcreateCertificateAuthorityRequest `createKey` is not validWhat is the id of your project on Google's Cloud Platform?standalone, plus cloud configuration, reporting & alerting%s {{ printf "%%s - %%s" .Name .Description | underline }}failure to load root certificate pool from input path '%s'derive a secret key from a secret value (e.g., a password)crypto/ecdh: bad X25519 remote ECDH input: low order pointsync/atomic: swap of inconsistently typed value into Valuego-jose/go-jose: invalid JWK, unable to hex decode x5t: %vgo-jose/go-jose: invalid EC public key, wrong length for xgo-jose/go-jose: invalid EC public key, wrong length for yssh: the signature key type %q is invalid for certificatesssh: no key found; last parsing error for ignored line: %woidc: user info endpoint is not supported by this provideroidc: current time %v before the nbf (not before) time: %vTPM not initialized by TPM2_Startup or already initializedcommand failed because audit sequence required exclusivitythe TPM is rate-limiting accesses to prevent wearout of NVsql: transaction has already been committed or rolled backunknown field number %d while unmarshalling EditionDefaultServer.addConn called when server has already been stoppederror unmarshaling policy bytes into dbAuthorityPolicy: %wgcp.authorizeToken; invalid gcp token - invalid project id"seconds" parameter is not supported for this profile typeThe request was forbidden by the certificate authority: %sURI domain constraint %q with wildcard should start with *pkcs7: Message digest mismatch
	Expected: %X
	Actual  : %Xhttp://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtdThe number of entities to return per (paging) API request.GODEBUG=execwait=2 detected a leaked exec.Cmd created by:
Request a token for an audience other than the API GatewayEmail Address and URI SANs are not supported for ACME flowcas type %q does not implement CertificateAuthorityCreatorcertinfo: Expected ed25519.PublicKey for type x509.ED25519cannot add a child (id = %d) of type %T to a listen sockettransport: http2Client.reader got unhandled frame type %v.Only one iterator can be active at one time, for a RW txn.LOG Compact %d->%d, del %d tables, add %d tables, took %v
Commit cannot be called with managedDB=true. Use CommitAt.Cannot run value log GC when DB is opened in InMemory modebatch function returned an error and should be re-run solomysql: driver does not support the use of Named ParametersNumber of objects, live or unswept, occupying heap memory.WithImpersonatedCredentials requires scopes being providedx509: failed to unmarshal certificate list freshestCRL: %vx509: unhandled critical extension in certificate list: %vDNSName labels MUST be less than or equal to 63 charactersCompliant certificates SHOULD NOT use the noticeRef optionPolicies must not be mapped to or from the anyPolicy valueRoot CA certificates MUST have Key Usage Extension PresentattrNoneattrScriptattrScriptTypeattrStyleattrURLattrSrcseturlPartNoneurlPartPreQueryurlPartQueryOrFragurlPartUnknownproto: ManifestChangeSet: wiretype end group for non-groupdetected duplicated free page ID: %d in existing f.ids: %vcannot unmarshal %s to timestamp with layout %s or %s (%w)instance/network-interfaces/0/access-configs/0/external-ipMeasures the size of RPC response messages (uncompressed).client handshake called using server transport credentialsserver handshake called using client transport credentialsdeny wildcard names in X.509 certificate issuance policiesAzure Arc doesn't support user-assigned managed identitieslog: killed current thread with SIGABRT, but still runningxml: unsupported version %q; only version 1.0 is supportedxml: encoding %q declared but Decoder.CharsetReader is niltrustboundary: failed to create trust boundary request: %wcertificate configuration is missing the key file locationhttps://%s/dstsv2/%s/v2.0/.well-known/openid-configurationTenantDiscoveryResponse: failed to parse authority URL: %wcredentials: invalid response from Secure Token Server: %wgob: cannot encode nil pointer of type %s inside interfacehttp://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issuedo not support maps with values of '**type' or '*referencebug: sliceWalk.storeValue() called on unsupported type: %vhttp2: Transport received Server's graceful shutdown GOAWAYRoundTripper returned a response & error; ignoring responsehttp: superfluous response.WriteHeader call from %s (%s:%d)http: response.Write on hijacked connection from %s (%s:%d)The revocation reason provided is not allowed by the serverResponse received didn't match the challenge's requirementsfailed parsing AK certificate Subject Alternative Names: %wrequest for metadata returned non-successful status code %donly encryption algorithm identifiers from 0 to 4 are validssh certificate principals does not match - got %v, want %vssh certificate validAfter does not match - got %v, want %vsshpop.authorizeToken; sshpop token subject cannot be emptytls: server resumed a session with a different cipher suitetls: server selected TLS 1.3 using the legacy version fieldtls: server sent an unnecessary HelloRetryRequest key_sharetls: client didn't send one key share in second ClientHellotls: client sent unexpected key share in second ClientHelloreflect: reflect.Value.Elem on an invalid notinheap pointerreflect: indirection through nil pointer to embedded structerror reloading admin resources on failed provisioner storeerror deleting admin %s, as part of provisioner %s deletionprovisioner %q does not have a signer certificate availableecdsa: internal error: ordInverse produced an invalid valueerror decoding %s: contains more than one PEM encoded blockcannot convert non-NIST *ecdh.PublicKey to *ecdsa.PublicKeysync: WaitGroup is reused before previous Wait has returnedruntime: mmap: too much locked memory (check 'ulimit -l').
tried to trace goroutine with invalid or unsupported statuserror parsing DER format certificate or certificate requestextract certificates from Windows Portable Executable filescrypto/dsa: use of DSA is not allowed in FIPS 140-only modecrypto/ecdh: private key and public key curves do not matchcrypto/des: use of DES is not allowed in FIPS 140-only modecrypto/md5: use of MD5 is not allowed in FIPS 140-only modesync/atomic: store of inconsistently typed value into Valuebufio.Scanner: SplitFunc returns advance count beyond inputgo-jose/go-jose: invalid JWK, x5u header is invalid URL: %wgo-jose/go-jose: invalid EC private key, wrong length for xgo-jose/go-jose: invalid EC private key, wrong length for ygo-jose/go-jose: invalid EC private key, wrong length for dtag number %d or %d must be followed by byte string, got %sunsupported Scan, storing driver.Value type %T into type %Tstream: failed to validate md when setting trailer, err: %vencoded Subnets should be in pairs, an odd number was foundcrypto/rc4: use of RC4 is not allowed in FIPS 140-only modeber2der: Indefinite form tag must have constructed encoding"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-//o'reilly and associates//dtd html extended relaxed 1.0//html: internal error: clearStackToContext unknown scope: %dDo not apply context specific environment for this command.failed performing secret request with attestation CA %q: %wThe path to a PEM certificate <file> for the SCEP decrypterThe path to a PEM private key <file> for the SCEP decrypterprovisioner options must define either ID or Name to remove%16sTPM Specification: Family: %s, Level: %d, Revision: %d
define JAVA_HOME environment variable to use the Java trustgo-jose/go-jose: JWK with matching kid not found in JWK Setinitial http2 frame from server is not a settings frame: %Tsecond GOAWAY written and no active streams left to processcannot register CodecV2 with empty string result for Name()proto: failed to marshal, message is %T, want proto.Messagedelegating_resolver: unable to build the proxy resolver: %vagent: failed to sign challenge, unexpected message type %TEncryption key's length should beeither 16, 24, or 32 bytesinvalid DSN: missing the slash separating the database nameselect typtype::text, typbasetype from pg_type where oid=$1Array element OID %v not registered while loading pgtype %qinvalid SPIFFE ID: domain length larger than 255 charactersInvalid write cursor position (%d) exceeded line height: %dThe authority key identifier extension must be non-criticalGeneralized time values MUST NOT include fractional secondsRoot CA Certificate: extendedKeyUsage MUST NOT be present.tdelimNonedelimDoubleQuotedelimSingleQuotedelimSpaceOrTagEndhtml/template internal error: template escaping out of syncfield %q has keys in NullFields but is not a map[string]anycan't get freelist page count from a non-freelist page: %2xfreePagesCount (%d) is out of sync with free pages map (%d)manage denied names for X.509 certificate issuance policiesallow wildcard names in X.509 certificate issuance policies%s field %q with tag %q conflicts with field %q with tag %qcredentials: got invalid expiry from security token serviceunix time(%s) could not be converted from string to int: %wcalled CompareAndDelete when value is not of comparable typex509: encrypted PEM data is not a multiple of the block sizex509: template contains entry with zero RevocationTime field (Client.Timeout or context cancellation while reading body)internal error: attempt to send frame on a closed stream: %vmalformed response from server: missing status pseudo headernet/http: server response headers exceeded %d bytes; abortederror retrieving authorization options from ACME provisionerbytes.Reader.UnreadRune: previous operation was not ReadRunerequest for API token returned non-successful status code %daws.authorizeToken; error unmarshaling aws identity documentazure.authorizeToken; failed to validate azure token payloadssh certificate validBefore does not match - got %v, want %vtls: no supported versions satisfy MinVersion and MaxVersiontls: initial handshake had non-empty renegotiation extensiontls: server resumed a session with a different EMS extensiontls: client requested unsupported application protocols (%q)reflect: call of reflect.Value.Cap on ptr to non-array Valuereflect: call of reflect.Value.Len on ptr to non-array Valueerror unmarshaling json: %s is not an ASN1 object identifierx5c.authorizeToken; x5c token has invalid issuer claim (iss)error reloading admin resources on failed provisioner updateerror reloading admin resources on failed provisioner removemismatch between certificate chain and decrypter public keysmanual span allocation called with non-manually-managed typeaddr range base and limit are not in the same memory segmentruntime: failed to configure profiling timer; timer_settime(runtime: malformed profBuf buffer - tag and data out of syncThe directory where TPM keys and certificates will be storedWhat URI would you like to use for the root certificate key?{{ %q | green }} {{ "Deployment Type:" | bold }} {{ .Name }}The <command> to run after the certificate has been rekeyed.The <command> to run after the certificate has been renewed.disables the uninstall from the system's default trust storeuninstall a root certificate from the supported trust storeserror decoding ssh certificate: %T is not a *ssh.Certificateerror creating identity token: email address cannot be emptysync/atomic: compare and swap of inconsistently typed valuesssh: unexpected trailing data after certificate option valuecbor: failed to decode byte string in expected format %d: %scbor: cannot encode cbor.RawTag when TagsMd is TagsForbiddenauthValue or authPolicy is not available for selected entityattestation does not apply to certification data, got tag %xinvalid context to convert cursor rows, missing parent *Rowsconnect called on addrConn in non-idle state (%v); ignoring.ignoring nil parameter in grpc.WithStatsHandler ClientOptionfailed to rollback read-only CmpAndSwap transaction on %s/%sURI domain constraint %q contains scheme (not supported yet)called Float64Histogram on non-Float64Histogram metric valuecollected metric %q { %s} must not have an explicit %q labelber2der: cannot move offset forward, end of ber data reachedThe admin <subject> to use for generating admin credentials.Installing the root certificate in the system truststore... invalid JWK: a symmetric key cannot be used as a provisionercertificate uninstalled properly from NSS security databasesflag '--exp' must be in the future unless '--subtle' is usedConvert RSA and ECDSA private keys to PKCS#8 PEM/DER format.'--skew' values greater than 1 require the '--insecure' flaggo-jose/go-jose: invalid EC private key, missing %s value(s)end group tag %d does not match begin group tag %d at pos %dpickfirst: received illegal BalancerConfig (type %T): %v: %wheader key %q contains illegal characters not in [0-9a-z-_.]unable to parse %s key, must be of type string, but %s foundCannot use badger in Disk-less mode with Dir or ValueDir setThe total amount of global variable space that is scannable.error details: name = LocalizedMessage locale = %s msg = %s
AK public key does not match the leaf certificate public keyDNSName should not have a hyphen beginning or ending the SLDoptional header size is less than optional header magic sizeEscapeString must be run with standard_conforming_strings=onoauth2/google/externalaccount: executable command failed: %vmanage allowed names for X.509 certificate issuance policiesCloud Shell doesn't support user-assigned managed identitiestrustboundary: ConfigProvider cannot be nil for DataProvidertrustboundary: GCE config: failed to get universe domain: %wcredentials: the token returned by the executable is expiredcredentials: executable command failed with exit code %v: %wcredentials: STSAudience must be set for the GDCH auth flowsoauth2/google: invalid response from Secure Token Server: %vpeer is not responding and re-connection should be attemptedcertificate in CertificateChain obtained from S2Av2 is emptyhkdf.Expand.Read returned unexpected length, got %d, want %dchacha20poly1305: invalid buffer overlap of output and inputx509: failed to parse URI constraint %q: cannot be IP addressnet/http: invalid Cookie.Domain %q; dropping domain attributeVisit the “instance” URL and take actions specified theregcp.authorizeToken; invalid gcp token - invalid subject claimoidc.AuthorizeRevoke; cannot revoke with non-admin oidc tokenssh certificate validAfter cannot be greater than validBeforetls: unsupported certificate: private key is %T, expected *%Ttls: EncryptedClientHelloConfigList contains no valid configstls: server sent a ServerHello extension forbidden in TLS 1.3tls: received a session ticket with empty opaque ticket labeltls: client certificate used with invalid signature algorithmerror decoding ssh certificate: %T is not an *ssh.Certificatereflect: wrong return count from function created by MakeFuncerror parsing DirectoryName SAN: empty or malformed asn1Value  is in a tiny block with other (possibly long-lived) values
runtime: may need to increase max user processes (ulimit -u)
revokeCertificate 'reasonCode=%d' is invalid or not supporteduse the encoding format typically used in URLs and file names    $ step ca bootstrap --team <name> --authority <authority>fully-managed step-ca cloud instance run for you by smallstepgenerate a new certificate from signing a certificate requestBundle the new leaf certificate with the signing certificate.Print result of certificate verification to stdout on successOutput HTTP Authorization Header (suitable for use with curl)Unable to derive a host-id. Make sure /etc/machine-id exists.go-jose/go-jose: invalid JWK, x5t header has invalid encodinggo-jose/go-jose: invalid JWK, x5t header is of incorrect sizego-jose/go-jose: invalid RSA private key, missing %s value(s)go-jose/go-jose: invalid EC private key, missing x/y/d valuesgo-jose/go-jose: invalid OCT (symmetric) key, missing k valuesupport for Linux TPM 1.2 disabled (build with CGO to enable)Health check is requested but health package is not imported.subconn returned from pick is type %T, not *acBalancerWrappergrpc: message after decompression larger than max (%d vs. %d)grpc: received message after decompression larger than max %dURI domain contraint %q cannot be empty or white space stringxid: cannot get hostname nor generate a random number: %v; %vbigmod: internal error: u and v are not in the expected statehtml: internal error: indexOfElementInScope unknown scope: %dexec: Cmd started a Process but leaked without a call to Waiterror adding context: '%s' - {authority: '%s', profile: '%s'}JWK, ACME, OIDC, SSHPOP, K8SSA, NEBULA, SCEP, AWS, GCP, AZURE  2. Add a new authority and select "Link a step-ca instance"**step crypto jwk keyset find** <jwks-file> [**--kid**=<kid>]Received a HEADERS frame with :method %q which should be POSTCannot use CommitAt with managedDB=false. Use Commit instead.Trying to close stream: %d, but no sorted writer found for itTruncation needed at offset %d. Can be done manually as well.Error while SeekStart for the logfile %d in logFile.bootstarpsimple protocol queries must be run with client_encoding=UTF8Cumulative sum of heap memory freed by the garbage collector.The number of bytes of stack that were scanned last GC cycle.Memory that is reserved for or used to hold runtime metadata.tbsCertList.revokedCertificates.crlEntryExtensions.*.criticalx509: failed to parse revoked certificate invalidity date: %vx509: trailing data after revoked certificate invalidity datex509: unhandled critical extension in revoked certificate: %v^(?:[-+]?(?:[0-9]+))?(?:\.[0-9]*)?(?:[eE][\+\-]?(?:[0-9]+))?$^magnet:\?xt=urn:[a-zA-Z0-9]+:[a-zA-Z0-9]{32,40}&dn=.+&tr=.+$Freshest CRL MUST be marked as non-critical by conforming CAsIf present, the IAN extension must contain at least one entryIf present, the SAN extension MUST contain at least one entryw_root_ca_basic_constraints_path_len_constraint_field_presentstringutils illegal argument: Minimum abbreviation width is 4the source and target buckets are in different database filesgo.opentelemetry.io/contrib/instrumentation/net/http/otelhttpoauth2/google/externalaccount: unable to determine AWS regionoauth2/google/externalaccount: missing AccessKeyId credentialoauth2/google/externalaccount: Subject token type must be setoauth2/google: got invalid expiry from security token servicexml: EncodeToken of Directive containing wrong < or > markerscredentials: unable to retrieve AWS security credentials - %scredentials: response contains unsuccessful response: (%v) %vtoken response failed because declined scopes are present: %stype mismatch in decoder: want struct type %s; got non-structx509: failed to marshal EC private key while building PKCS#8: x509: certificate is not authorized to sign other certificatesURI with empty host (%q) cannot be matched against constraintsx509: certificate private key does not implement crypto.Signertrying to put back buffer of the wrong size in the copyBufPoolstrings.Reader.UnreadRune: previous operation was not ReadRuneThe jws was signed by a public key the server does not supportorder must have exactly one WireUser and WireDevice identifierabcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZhttp://169.254.169.254/metadata/instance/compute/azEnvironmentazure.AuthorizeSSHSign; sshCA is disabled for provisioner '%s'failed to parse nebula certificate: nebula header is not validtls: server echoed TLS 1.3 compatibility session ID in TLS 1.2tls: server did not send a quic_transport_parameters extensiontls: client used the legacy version field to negotiate TLS 1.3tls: client did not send a quic_transport_parameters extensiontls: certificate cannot be used with the selected cipher suitereflect.ArrayOf: array size would exceed virtual address spacereflect: reflect.Value.Pointer on an invalid notinheap pointerx5c.authorizeToken; x5c token has invalid audience claim (aud)error validating renew token: token issued in the future (iat)error verifying certificate: SHA256 fingerprint does not matchprovisioner %q does not have a decrypter certificate availablecrypto/rand: use of Prime is not allowed in FIPS 140-only modefound bad pointer in Go heap (incorrect use of unsafe or cgo?)limiterEvent.stop: found wrong event in p's limiter event slotslice length too short to convert to array or pointer to arrayruntime: internal error: misuse of lockOSThread/unlockOSThreadcould not verify certificate against CRL distribution point(s)key derivation functions for password hashing and verificationflag '--add-user' is incompatible with more than one principal0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZcrypto/cipher: use of CFB is not allowed in FIPS 140-only modecrypto/sha1: use of SHA-1 is not allowed in FIPS 140-only modego-jose/go-jose: invalid EC key, X/Y are not on declared curvego-jose/go-jose/jwt: validation failed, invalid ID claim (jti)go-jose/go-jose/jwt: validation failed, token is expired (exp)ssh: hash algorithm for format %q not allowed in FIPS 140 modessh: peer's ML-KEM768/curve25519 public value has wrong lengthssh: peer's ML-KEM768/curve25519 public value is not valid: %wcbor: decoded time cannot be represented in RFC3339 format: %vthe authorization HMAC check failed and DA counter incrementedextracting cryto.PublicKey from Public part of primary key: %vcollected metric %q { %s} has a label with an invalid name: %sThe minimum public key <length> of the SCEP RSA encryption keyerror converting provisioner interface to linkedca provisionererror validating x5t certificate and key for use in x5t headerLocation of file containing passphrase to decrypt private key.**step crypto nacl secretbox open** <nonce> <key-file>
[--raw]**step crypto nacl secretbox seal** <nonce> <key-file>
[--raw]Name of the user's account (e.g., a username or email
address)pickfirst: unable to unmarshal LB policy config: %s, error: %vcloudresourcemanager.folders.listAvailableOrgPolicyConstraintsFid: %d. Skipped: %5.2fMB Num iterations: %d. Data status=%+v
[GOOS: %s, GOARCH: %s] munmap failed, db.datasz: %d, error: %vcommands out of sync. Did you run multiple statements at once?Range element OID %v was not already registered, needed for %qcpu(\d+) (\d+) (\d+) (\d+) (\d+) (\d+) (\d+) (\d+) (\d+) (\d+)certificate public key can't be compared to a crypto.PublicKeygithub.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeystbsCertList.revokedCertificates.crlEntryExtensions.*.CRLReason^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$Root and Sub CA Certificate: The CA field MUST be set to true.General name fields MUST NOT be empty in subjectAlternateNamesWhen not empty, the subject field MUST be a distinguished nameUTCTime values MUST be expressed in Greenwich Mean Time (Zulu)