nginx config fails with SSL key/pem (unique case)svn using nginx Commit failed: path not foundNginx proxy...

Would a primitive species be able to learn English from reading books alone?

Why do Radio Buttons not fill the entire outer circle?

Why does a 97 / 92 key piano exist by Bosendorfer?

Reason why a kingside attack is not justified

What should be the ideal length of sentences in a blog post for ease of reading?

Should I be concerned about student access to a test bank?

"Marked down as someone wanting to sell shares." What does that mean?

Why is "la Gestapo" feminine?

Relations between homogeneous polynomials

Rendered textures different to 3D View

Is there any common country to visit for persons holding UK and Schengen visas?

PTIJ: Which Dr. Seuss books should one obtain?

Why is implicit conversion not ambiguous for non-primitive types?

How do you say "Trust your struggle." in French?

How to split IPA spelling into syllables

How can a new country break out from a developed country without war?

Is divisi notation needed for brass or woodwind in an orchestra?

"Oh no!" in Latin

Mortal danger in mid-grade literature

Why is indicated airspeed rather than ground speed used during the takeoff roll?

Pre-Employment Background Check With Consent For Future Checks

Highest stage count that are used one right after the other?

Make a Bowl of Alphabet Soup

Why doesn't Gödel's incompleteness theorem apply to false statements?



nginx config fails with SSL key/pem (unique case)


svn using nginx Commit failed: path not foundNginx proxy pass works for https but not httpnginx load balancer rewrite to listen portNginx subversion commit failureNginx/Apache: set HSTS only if X-Forwarded-Proto is httpsnginx rewrite throw 404 with last and breaknginx reverse proxy hide login query also on 301 redirect or full qualified urlUniversal HTTPS to HTTP reverse proxy using nginxConfigure NGINX : How to handle 500 Error on upstream itself, While Nginx handle other 5xx errorsJenkins/Nginx returning 404 when concurrent requests made from jenkins













1















I am trying to install SSL on my nginx reverse proxy with certified ssl keys but i get this message when i try to restart server:



Restarting nginx: [emerg]: SSL_CTX_use_PrivateKey_file("/etc/nginx/conf.d/cert.key") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib)

configuration file /etc/nginx/nginx.conf test failed


everyfiles are root:root with 600 permissions
i've tested the certificats and they are validated with this website: http://ssltools.com/cert_key_match



there are no trailing weird caracters in my keys, and has 64 caracter per line



here is my config file



server {

    listen   443;

    server_name     my.domain.com;

    ssl on;

    ssl_certificate      conf.d/cert.pem;

    ssl_certificate_key  conf.d/cert.key;



    location / {

         proxy_pass         http://upstream1;

         proxy_redirect     off;

         proxy_buffering    off;

         proxy_set_header        Host            $host;

         proxy_set_header        X-Real-IP       $remote_addr;

         proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;

    }


}



Any ideas? Thank you






nginx ssl web-server reverse-proxy configuration







share|improve this question


















  • 1





    Are you using a chained certificate? If so, you should follow the instructions at the certificate authority. You need to include the chained certificate as well. Alsom, I strongly discourage you from uploading your certificates to a random website. If they're saving what's uploaded your cert has already been compromised. You can do the verification with openssl directly yourself.

    – yoonix
    Jan 31 '14 at 19:43













  • yes i am. in my cert.pem i start with the root cert, then in the same file there is the intermediate cert. Now on my cert.key file there is two cert where the second one starts with -----BEGIN RSA PRIVATE KEY-----

    – Fredow
    Feb 3 '14 at 5:15
















1















I am trying to install SSL on my nginx reverse proxy with certified ssl keys but i get this message when i try to restart server:



Restarting nginx: [emerg]: SSL_CTX_use_PrivateKey_file("/etc/nginx/conf.d/cert.key") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib)

configuration file /etc/nginx/nginx.conf test failed


everyfiles are root:root with 600 permissions
i've tested the certificats and they are validated with this website: http://ssltools.com/cert_key_match



there are no trailing weird caracters in my keys, and has 64 caracter per line



here is my config file



server {

    listen   443;

    server_name     my.domain.com;

    ssl on;

    ssl_certificate      conf.d/cert.pem;

    ssl_certificate_key  conf.d/cert.key;



    location / {

         proxy_pass         http://upstream1;

         proxy_redirect     off;

         proxy_buffering    off;

         proxy_set_header        Host            $host;

         proxy_set_header        X-Real-IP       $remote_addr;

         proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;

    }


}



Any ideas? Thank you






nginx ssl web-server reverse-proxy configuration







share|improve this question


















  • 1





    Are you using a chained certificate? If so, you should follow the instructions at the certificate authority. You need to include the chained certificate as well. Alsom, I strongly discourage you from uploading your certificates to a random website. If they're saving what's uploaded your cert has already been compromised. You can do the verification with openssl directly yourself.

    – yoonix
    Jan 31 '14 at 19:43













  • yes i am. in my cert.pem i start with the root cert, then in the same file there is the intermediate cert. Now on my cert.key file there is two cert where the second one starts with -----BEGIN RSA PRIVATE KEY-----

    – Fredow
    Feb 3 '14 at 5:15














1












1








1








I am trying to install SSL on my nginx reverse proxy with certified ssl keys but i get this message when i try to restart server:



Restarting nginx: [emerg]: SSL_CTX_use_PrivateKey_file("/etc/nginx/conf.d/cert.key") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib)

configuration file /etc/nginx/nginx.conf test failed


everyfiles are root:root with 600 permissions
i've tested the certificats and they are validated with this website: http://ssltools.com/cert_key_match



there are no trailing weird caracters in my keys, and has 64 caracter per line



here is my config file



server {

    listen   443;

    server_name     my.domain.com;

    ssl on;

    ssl_certificate      conf.d/cert.pem;

    ssl_certificate_key  conf.d/cert.key;



    location / {

         proxy_pass         http://upstream1;

         proxy_redirect     off;

         proxy_buffering    off;

         proxy_set_header        Host            $host;

         proxy_set_header        X-Real-IP       $remote_addr;

         proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;

    }


}



Any ideas? Thank you






nginx ssl web-server reverse-proxy configuration







share|improve this question














I am trying to install SSL on my nginx reverse proxy with certified ssl keys but i get this message when i try to restart server:



Restarting nginx: [emerg]: SSL_CTX_use_PrivateKey_file("/etc/nginx/conf.d/cert.key") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib)

configuration file /etc/nginx/nginx.conf test failed


everyfiles are root:root with 600 permissions
i've tested the certificats and they are validated with this website: http://ssltools.com/cert_key_match



there are no trailing weird caracters in my keys, and has 64 caracter per line



here is my config file



server {

    listen   443;

    server_name     my.domain.com;

    ssl on;

    ssl_certificate      conf.d/cert.pem;

    ssl_certificate_key  conf.d/cert.key;



    location / {

         proxy_pass         http://upstream1;

         proxy_redirect     off;

         proxy_buffering    off;

         proxy_set_header        Host            $host;

         proxy_set_header        X-Real-IP       $remote_addr;

         proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;

    }


}



Any ideas? Thank you






nginx ssl web-server reverse-proxy configuration




nginx ssl web-server reverse-proxy configuration






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Jan 31 '14 at 19:35









FredowFredow

10115




10115








  • 1





    Are you using a chained certificate? If so, you should follow the instructions at the certificate authority. You need to include the chained certificate as well. Alsom, I strongly discourage you from uploading your certificates to a random website. If they're saving what's uploaded your cert has already been compromised. You can do the verification with openssl directly yourself.

    – yoonix
    Jan 31 '14 at 19:43













  • yes i am. in my cert.pem i start with the root cert, then in the same file there is the intermediate cert. Now on my cert.key file there is two cert where the second one starts with -----BEGIN RSA PRIVATE KEY-----

    – Fredow
    Feb 3 '14 at 5:15














  • 1





    Are you using a chained certificate? If so, you should follow the instructions at the certificate authority. You need to include the chained certificate as well. Alsom, I strongly discourage you from uploading your certificates to a random website. If they're saving what's uploaded your cert has already been compromised. You can do the verification with openssl directly yourself.

    – yoonix
    Jan 31 '14 at 19:43













  • yes i am. in my cert.pem i start with the root cert, then in the same file there is the intermediate cert. Now on my cert.key file there is two cert where the second one starts with -----BEGIN RSA PRIVATE KEY-----

    – Fredow
    Feb 3 '14 at 5:15








1




1





Are you using a chained certificate? If so, you should follow the instructions at the certificate authority. You need to include the chained certificate as well. Alsom, I strongly discourage you from uploading your certificates to a random website. If they're saving what's uploaded your cert has already been compromised. You can do the verification with openssl directly yourself.

– yoonix
Jan 31 '14 at 19:43







Are you using a chained certificate? If so, you should follow the instructions at the certificate authority. You need to include the chained certificate as well. Alsom, I strongly discourage you from uploading your certificates to a random website. If they're saving what's uploaded your cert has already been compromised. You can do the verification with openssl directly yourself.

– yoonix
Jan 31 '14 at 19:43















yes i am. in my cert.pem i start with the root cert, then in the same file there is the intermediate cert. Now on my cert.key file there is two cert where the second one starts with -----BEGIN RSA PRIVATE KEY-----

– Fredow
Feb 3 '14 at 5:15





yes i am. in my cert.pem i start with the root cert, then in the same file there is the intermediate cert. Now on my cert.key file there is two cert where the second one starts with -----BEGIN RSA PRIVATE KEY-----

– Fredow
Feb 3 '14 at 5:15










4 Answers
4






active

oldest

votes


















2














check here



I hope you've copy-pasted with the following lines:



-----BEGIN CERTIFICATE-----

...

-----END CERTIFICATE-----

-----BEGIN RSA PRIVATE KEY-----

...

-----END RSA PRIVATE KEY-----





share|improve this answer
























  • the cert.pem in that exemple acts as ssl_certificate or ssl_certificate_key ?

    – Fredow
    Feb 3 '14 at 5:15











  • extention .pem always acts as certificate.

    – Ilja
    Feb 3 '14 at 8:06











  • Yeah i had it already done. I have 4 keys in those 2 files, ill post the content of my keys here (this formatting is too good...): cert.pem : -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- cert.key -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- [...] -----END RSA PRIVATE KEY-----

    – Fredow
    Feb 3 '14 at 14:38













  • cert.key MUST contain only key: -----BEGIN RSA PRIVATE KEY----- [...] -----END RSA PRIVATE KEY-----

    – Ilja
    Feb 3 '14 at 15:51








  • 1





    Ive resolved locally my issue. The formatting of the keys are different with nginx vs apache, and the bundle key has 3 certificats inside it, not two. Thankx for your help IIja, it's much apreciated.

    – Fredow
    Feb 6 '14 at 19:59



















1














A different solution that may work for others:



use the .pem file for both ssl_certificate and ssl_certificate_key



That is:



...

ssl on;

ssl_certificate      conf.d/cert.pem;

ssl_certificate_key  conf.d/cert.pem;

...





share|improve this answer































    0














    FYI, make sure your BEGIN block is identical to the expected block, character for character. Mine started with 4 dashes, not 5. ---- vs -----. The validation tooling error messages aren't very specific when you make this error.






    share|improve this answer































      0














      I got the same problem(from /var/log/nginx/error.log)



      2019/03/20 01:25:41 [emerg] 2509#0: SSL_CTX_use_PrivateKey_file("/etc/nginx/conf.d/sslcert/mm.merchantspring.com.au.key") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: ANY PRIVATE KEY error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib)


      then I found my key file need also to be chained with certificate. After update key file, restart nginx , it works.



      My Env:



      Nginx config file is like this:



          ssl_certificate /etc/nginx/conf.d/sslcert/mywebsite.pem;
      
    ssl_certificate_key /etc/nginx/conf.d/sslcert/mywebsite.key;


      mywebsite.pem(chained, 4 certificates totally. cat mywebsite.crt intermediate.crt > mywebsite.pem):



      -----BEGIN CERTIFICATE-----
      
...
      

      
-----END CERTIFICATE-----
      
-----BEGIN CERTIFICATE-----
      
...
      

      
-----END CERTIFICATE-----
      
-----BEGIN CERTIFICATE-----
      
...
      

      
-----END CERTIFICATE-----
      
-----BEGIN CERTIFICATE-----
      
...
      

      
-----END CERTIFICATE-----


      mywebsite.key:(chained with crt and key)



      -----BEGIN CERTIFICATE-----
      
 ...
      
-----END CERTIFICATE-----
      
-----BEGIN PRIVATE KEY-----
      
...
      
-----END PRIVATE KEY-----


      I got the key file from godaddy website, instead of creating it by openssl. But I do think it will be better if doing this with openssl.





      share








      New contributor




      user515131 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.




















        Your Answer








        StackExchange.ready(function() {
        var channelOptions = {
        tags: "".split(" "),
        id: "2"
        };
        initTagRenderer("".split(" "), "".split(" "), channelOptions);

        StackExchange.using("externalEditor", function() {
        // Have to fire editor after snippets, if snippets enabled
        if (StackExchange.settings.snippets.snippetsEnabled) {
        StackExchange.using("snippets", function() {
        createEditor();
        });
        }
        else {
        createEditor();
        }
        });

        function createEditor() {
        StackExchange.prepareEditor({
        heartbeatType: 'answer',
        autoActivateHeartbeat: false,
        convertImagesToLinks: true,
        noModals: true,
        showLowRepImageUploadWarning: true,
        reputationToPostImages: 10,
        bindNavPrevention: true,
        postfix: "",
        imageUploader: {
        brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
        contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
        allowUrls: true
        },
        onDemand: true,
        discardSelector: ".discard-answer"
        ,immediatelyShowMarkdownHelp:true
        });


        }
        });














        draft saved

        draft discarded


















        StackExchange.ready(
        function () {
        StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f571377%2fnginx-config-fails-with-ssl-key-pem-unique-case%23new-answer', 'question_page');
        }
        );

        Post as a guest















        Required, but never shown

























        4 Answers
        4






        active

        oldest

        votes








        4 Answers
        4






        active

        oldest

        votes









        active

        oldest

        votes






        active

        oldest

        votes









        2














        check here



        I hope you've copy-pasted with the following lines:



        -----BEGIN CERTIFICATE-----
        
...
        
-----END CERTIFICATE-----
        
-----BEGIN RSA PRIVATE KEY-----
        
...
        
-----END RSA PRIVATE KEY-----





        share|improve this answer
























        • the cert.pem in that exemple acts as ssl_certificate or ssl_certificate_key ?

          – Fredow
          Feb 3 '14 at 5:15











        • extention .pem always acts as certificate.

          – Ilja
          Feb 3 '14 at 8:06











        • Yeah i had it already done. I have 4 keys in those 2 files, ill post the content of my keys here (this formatting is too good...): cert.pem : -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- cert.key -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- [...] -----END RSA PRIVATE KEY-----

          – Fredow
          Feb 3 '14 at 14:38













        • cert.key MUST contain only key: -----BEGIN RSA PRIVATE KEY----- [...] -----END RSA PRIVATE KEY-----

          – Ilja
          Feb 3 '14 at 15:51








        • 1





          Ive resolved locally my issue. The formatting of the keys are different with nginx vs apache, and the bundle key has 3 certificats inside it, not two. Thankx for your help IIja, it's much apreciated.

          – Fredow
          Feb 6 '14 at 19:59
















        2














        check here



        I hope you've copy-pasted with the following lines:



        -----BEGIN CERTIFICATE-----
        
...
        
-----END CERTIFICATE-----
        
-----BEGIN RSA PRIVATE KEY-----
        
...
        
-----END RSA PRIVATE KEY-----





        share|improve this answer
























        • the cert.pem in that exemple acts as ssl_certificate or ssl_certificate_key ?

          – Fredow
          Feb 3 '14 at 5:15











        • extention .pem always acts as certificate.

          – Ilja
          Feb 3 '14 at 8:06











        • Yeah i had it already done. I have 4 keys in those 2 files, ill post the content of my keys here (this formatting is too good...): cert.pem : -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- cert.key -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- [...] -----END RSA PRIVATE KEY-----

          – Fredow
          Feb 3 '14 at 14:38













        • cert.key MUST contain only key: -----BEGIN RSA PRIVATE KEY----- [...] -----END RSA PRIVATE KEY-----

          – Ilja
          Feb 3 '14 at 15:51








        • 1





          Ive resolved locally my issue. The formatting of the keys are different with nginx vs apache, and the bundle key has 3 certificats inside it, not two. Thankx for your help IIja, it's much apreciated.

          – Fredow
          Feb 6 '14 at 19:59














        2












        2








        2







        check here



        I hope you've copy-pasted with the following lines:



        -----BEGIN CERTIFICATE-----
        
...
        
-----END CERTIFICATE-----
        
-----BEGIN RSA PRIVATE KEY-----
        
...
        
-----END RSA PRIVATE KEY-----





        share|improve this answer













        check here



        I hope you've copy-pasted with the following lines:



        -----BEGIN CERTIFICATE-----
        
...
        
-----END CERTIFICATE-----
        
-----BEGIN RSA PRIVATE KEY-----
        
...
        
-----END RSA PRIVATE KEY-----






        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Feb 1 '14 at 21:33









        IljaIlja

        42229




        42229













        • the cert.pem in that exemple acts as ssl_certificate or ssl_certificate_key ?

          – Fredow
          Feb 3 '14 at 5:15











        • extention .pem always acts as certificate.

          – Ilja
          Feb 3 '14 at 8:06











        • Yeah i had it already done. I have 4 keys in those 2 files, ill post the content of my keys here (this formatting is too good...): cert.pem : -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- cert.key -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- [...] -----END RSA PRIVATE KEY-----

          – Fredow
          Feb 3 '14 at 14:38













        • cert.key MUST contain only key: -----BEGIN RSA PRIVATE KEY----- [...] -----END RSA PRIVATE KEY-----

          – Ilja
          Feb 3 '14 at 15:51








        • 1





          Ive resolved locally my issue. The formatting of the keys are different with nginx vs apache, and the bundle key has 3 certificats inside it, not two. Thankx for your help IIja, it's much apreciated.

          – Fredow
          Feb 6 '14 at 19:59



















        • the cert.pem in that exemple acts as ssl_certificate or ssl_certificate_key ?

          – Fredow
          Feb 3 '14 at 5:15











        • extention .pem always acts as certificate.

          – Ilja
          Feb 3 '14 at 8:06











        • Yeah i had it already done. I have 4 keys in those 2 files, ill post the content of my keys here (this formatting is too good...): cert.pem : -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- cert.key -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- [...] -----END RSA PRIVATE KEY-----

          – Fredow
          Feb 3 '14 at 14:38













        • cert.key MUST contain only key: -----BEGIN RSA PRIVATE KEY----- [...] -----END RSA PRIVATE KEY-----

          – Ilja
          Feb 3 '14 at 15:51








        • 1





          Ive resolved locally my issue. The formatting of the keys are different with nginx vs apache, and the bundle key has 3 certificats inside it, not two. Thankx for your help IIja, it's much apreciated.

          – Fredow
          Feb 6 '14 at 19:59

















        the cert.pem in that exemple acts as ssl_certificate or ssl_certificate_key ?

        – Fredow
        Feb 3 '14 at 5:15





        the cert.pem in that exemple acts as ssl_certificate or ssl_certificate_key ?

        – Fredow
        Feb 3 '14 at 5:15













        extention .pem always acts as certificate.

        – Ilja
        Feb 3 '14 at 8:06





        extention .pem always acts as certificate.

        – Ilja
        Feb 3 '14 at 8:06













        Yeah i had it already done. I have 4 keys in those 2 files, ill post the content of my keys here (this formatting is too good...): cert.pem : -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- cert.key -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- [...] -----END RSA PRIVATE KEY-----

        – Fredow
        Feb 3 '14 at 14:38







        Yeah i had it already done. I have 4 keys in those 2 files, ill post the content of my keys here (this formatting is too good...): cert.pem : -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- cert.key -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- [...] -----END RSA PRIVATE KEY-----

        – Fredow
        Feb 3 '14 at 14:38















        cert.key MUST contain only key: -----BEGIN RSA PRIVATE KEY----- [...] -----END RSA PRIVATE KEY-----

        – Ilja
        Feb 3 '14 at 15:51







        cert.key MUST contain only key: -----BEGIN RSA PRIVATE KEY----- [...] -----END RSA PRIVATE KEY-----

        – Ilja
        Feb 3 '14 at 15:51






        1




        1





        Ive resolved locally my issue. The formatting of the keys are different with nginx vs apache, and the bundle key has 3 certificats inside it, not two. Thankx for your help IIja, it's much apreciated.

        – Fredow
        Feb 6 '14 at 19:59





        Ive resolved locally my issue. The formatting of the keys are different with nginx vs apache, and the bundle key has 3 certificats inside it, not two. Thankx for your help IIja, it's much apreciated.

        – Fredow
        Feb 6 '14 at 19:59













        1














        A different solution that may work for others:



        use the .pem file for both ssl_certificate and ssl_certificate_key



        That is:



        ...
        
ssl on;
        
ssl_certificate      conf.d/cert.pem;
        
ssl_certificate_key  conf.d/cert.pem;
        
...





        share|improve this answer




























          1














          A different solution that may work for others:



          use the .pem file for both ssl_certificate and ssl_certificate_key



          That is:



          ...
          
ssl on;
          
ssl_certificate      conf.d/cert.pem;
          
ssl_certificate_key  conf.d/cert.pem;
          
...





          share|improve this answer


























            1












            1








            1







            A different solution that may work for others:



            use the .pem file for both ssl_certificate and ssl_certificate_key



            That is:



            ...
            
ssl on;
            
ssl_certificate      conf.d/cert.pem;
            
ssl_certificate_key  conf.d/cert.pem;
            
...





            share|improve this answer













            A different solution that may work for others:



            use the .pem file for both ssl_certificate and ssl_certificate_key



            That is:



            ...
            
ssl on;
            
ssl_certificate      conf.d/cert.pem;
            
ssl_certificate_key  conf.d/cert.pem;
            
...






            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered Apr 29 '16 at 18:33









            Peter KlipfelPeter Klipfel

            1165




            1165























                0














                FYI, make sure your BEGIN block is identical to the expected block, character for character. Mine started with 4 dashes, not 5. ---- vs -----. The validation tooling error messages aren't very specific when you make this error.






                share|improve this answer




























                  0














                  FYI, make sure your BEGIN block is identical to the expected block, character for character. Mine started with 4 dashes, not 5. ---- vs -----. The validation tooling error messages aren't very specific when you make this error.






                  share|improve this answer


























                    0












                    0








                    0







                    FYI, make sure your BEGIN block is identical to the expected block, character for character. Mine started with 4 dashes, not 5. ---- vs -----. The validation tooling error messages aren't very specific when you make this error.






                    share|improve this answer













                    FYI, make sure your BEGIN block is identical to the expected block, character for character. Mine started with 4 dashes, not 5. ---- vs -----. The validation tooling error messages aren't very specific when you make this error.







                    share|improve this answer












                    share|improve this answer



                    share|improve this answer










                    answered Jul 1 '17 at 16:29









                    Joseph LustJoseph Lust

                    30327




                    30327























                        0














                        I got the same problem(from /var/log/nginx/error.log)



                        2019/03/20 01:25:41 [emerg] 2509#0: SSL_CTX_use_PrivateKey_file("/etc/nginx/conf.d/sslcert/mm.merchantspring.com.au.key") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: ANY PRIVATE KEY error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib)


                        then I found my key file need also to be chained with certificate. After update key file, restart nginx , it works.



                        My Env:



                        Nginx config file is like this:



                            ssl_certificate /etc/nginx/conf.d/sslcert/mywebsite.pem;
                        
    ssl_certificate_key /etc/nginx/conf.d/sslcert/mywebsite.key;


                        mywebsite.pem(chained, 4 certificates totally. cat mywebsite.crt intermediate.crt > mywebsite.pem):



                        -----BEGIN CERTIFICATE-----
                        
...
                        

                        
-----END CERTIFICATE-----
                        
-----BEGIN CERTIFICATE-----
                        
...
                        

                        
-----END CERTIFICATE-----
                        
-----BEGIN CERTIFICATE-----
                        
...
                        

                        
-----END CERTIFICATE-----
                        
-----BEGIN CERTIFICATE-----
                        
...
                        

                        
-----END CERTIFICATE-----


                        mywebsite.key:(chained with crt and key)



                        -----BEGIN CERTIFICATE-----
                        
 ...
                        
-----END CERTIFICATE-----
                        
-----BEGIN PRIVATE KEY-----
                        
...
                        
-----END PRIVATE KEY-----


                        I got the key file from godaddy website, instead of creating it by openssl. But I do think it will be better if doing this with openssl.





                        share








                        New contributor




                        user515131 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                        Check out our Code of Conduct.

























                          0














                          I got the same problem(from /var/log/nginx/error.log)



                          2019/03/20 01:25:41 [emerg] 2509#0: SSL_CTX_use_PrivateKey_file("/etc/nginx/conf.d/sslcert/mm.merchantspring.com.au.key") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: ANY PRIVATE KEY error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib)


                          then I found my key file need also to be chained with certificate. After update key file, restart nginx , it works.



                          My Env:



                          Nginx config file is like this:



                              ssl_certificate /etc/nginx/conf.d/sslcert/mywebsite.pem;
                          
    ssl_certificate_key /etc/nginx/conf.d/sslcert/mywebsite.key;


                          mywebsite.pem(chained, 4 certificates totally. cat mywebsite.crt intermediate.crt > mywebsite.pem):



                          -----BEGIN CERTIFICATE-----
                          
...
                          

                          
-----END CERTIFICATE-----
                          
-----BEGIN CERTIFICATE-----
                          
...
                          

                          
-----END CERTIFICATE-----
                          
-----BEGIN CERTIFICATE-----
                          
...
                          

                          
-----END CERTIFICATE-----
                          
-----BEGIN CERTIFICATE-----
                          
...
                          

                          
-----END CERTIFICATE-----


                          mywebsite.key:(chained with crt and key)



                          -----BEGIN CERTIFICATE-----
                          
 ...
                          
-----END CERTIFICATE-----
                          
-----BEGIN PRIVATE KEY-----
                          
...
                          
-----END PRIVATE KEY-----


                          I got the key file from godaddy website, instead of creating it by openssl. But I do think it will be better if doing this with openssl.





                          share








                          New contributor




                          user515131 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                          Check out our Code of Conduct.























                            0












                            0








                            0







                            I got the same problem(from /var/log/nginx/error.log)



                            2019/03/20 01:25:41 [emerg] 2509#0: SSL_CTX_use_PrivateKey_file("/etc/nginx/conf.d/sslcert/mm.merchantspring.com.au.key") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: ANY PRIVATE KEY error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib)


                            then I found my key file need also to be chained with certificate. After update key file, restart nginx , it works.



                            My Env:



                            Nginx config file is like this:



                                ssl_certificate /etc/nginx/conf.d/sslcert/mywebsite.pem;
                            
    ssl_certificate_key /etc/nginx/conf.d/sslcert/mywebsite.key;


                            mywebsite.pem(chained, 4 certificates totally. cat mywebsite.crt intermediate.crt > mywebsite.pem):



                            -----BEGIN CERTIFICATE-----
                            
...
                            

                            
-----END CERTIFICATE-----
                            
-----BEGIN CERTIFICATE-----
                            
...
                            

                            
-----END CERTIFICATE-----
                            
-----BEGIN CERTIFICATE-----
                            
...
                            

                            
-----END CERTIFICATE-----
                            
-----BEGIN CERTIFICATE-----
                            
...
                            

                            
-----END CERTIFICATE-----


                            mywebsite.key:(chained with crt and key)



                            -----BEGIN CERTIFICATE-----
                            
 ...
                            
-----END CERTIFICATE-----
                            
-----BEGIN PRIVATE KEY-----
                            
...
                            
-----END PRIVATE KEY-----


                            I got the key file from godaddy website, instead of creating it by openssl. But I do think it will be better if doing this with openssl.





                            share








                            New contributor




                            user515131 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                            Check out our Code of Conduct.










                            I got the same problem(from /var/log/nginx/error.log)



                            2019/03/20 01:25:41 [emerg] 2509#0: SSL_CTX_use_PrivateKey_file("/etc/nginx/conf.d/sslcert/mm.merchantspring.com.au.key") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: ANY PRIVATE KEY error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib)


                            then I found my key file need also to be chained with certificate. After update key file, restart nginx , it works.



                            My Env:



                            Nginx config file is like this:



                                ssl_certificate /etc/nginx/conf.d/sslcert/mywebsite.pem;
                            
    ssl_certificate_key /etc/nginx/conf.d/sslcert/mywebsite.key;


                            mywebsite.pem(chained, 4 certificates totally. cat mywebsite.crt intermediate.crt > mywebsite.pem):



                            -----BEGIN CERTIFICATE-----
                            
...
                            

                            
-----END CERTIFICATE-----
                            
-----BEGIN CERTIFICATE-----
                            
...
                            

                            
-----END CERTIFICATE-----
                            
-----BEGIN CERTIFICATE-----
                            
...
                            

                            
-----END CERTIFICATE-----
                            
-----BEGIN CERTIFICATE-----
                            
...
                            

                            
-----END CERTIFICATE-----


                            mywebsite.key:(chained with crt and key)



                            -----BEGIN CERTIFICATE-----
                            
 ...
                            
-----END CERTIFICATE-----
                            
-----BEGIN PRIVATE KEY-----
                            
...
                            
-----END PRIVATE KEY-----


                            I got the key file from godaddy website, instead of creating it by openssl. But I do think it will be better if doing this with openssl.






                            share








                            New contributor




                            user515131 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                            Check out our Code of Conduct.








                            share


                            share






                            New contributor




                            user515131 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                            Check out our Code of Conduct.









                            answered 9 mins ago









                            user515131user515131

                            1




                            1




                            New contributor




                            user515131 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                            Check out our Code of Conduct.





                            New contributor





                            user515131 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                            Check out our Code of Conduct.






                            user515131 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                            Check out our Code of Conduct.






























                                draft saved

                                draft discarded




















































                                Thanks for contributing an answer to Server Fault!


                                • Please be sure to answer the question. Provide details and share your research!

                                But avoid



                                • Asking for help, clarification, or responding to other answers.

                                • Making statements based on opinion; back them up with references or personal experience.


                                To learn more, see our tips on writing great answers.




                                draft saved


                                draft discarded














                                StackExchange.ready(
                                function () {
                                StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f571377%2fnginx-config-fails-with-ssl-key-pem-unique-case%23new-answer', 'question_page');
                                }
                                );

                                Post as a guest















                                Required, but never shown





















































                                Required, but never shown














                                Required, but never shown












                                Required, but never shown







                                Required, but never shown

































                                Required, but never shown














                                Required, but never shown












                                Required, but never shown







                                Required, but never shown







                                -

                                Popular posts from this blog

                                As a Security Precaution, the user account has been locked The Next CEO of Stack OverflowMS...

                                Image
                                Could a dragon use its wings to swim? Is it a bad idea to plug the other end of ESD strap to wall ground? How can I prove that a state of equilibrium is unstable? Compilation of a 2d array and a 1d array pgfplots: How to draw a tangent graph below two others? How dangerous is XSS Gauss' Posthumous Publications? How to implement Comparable so it is consistent with identity-equality What does this strange code stamp on my passport mean? "Eavesdropping" vs "Listen in on" Which acid/base does a strong base/acid react when added to a buffer solution?
                                Read more

                                Список ссавців Італії Природоохоронні статуси | Список |...

                                Image
                                Списки ссавцівФауна ІталіїСписки:ІталіяСсавці Італії ІталіїМСОПХижіCetartiodactylaРукокриліКомахоїдніЗайцеподібніГризуниМСОП ссавці Італії ? Італія Біорегіон Біогеографічний екорегіон Голарктика Екозона Палеарктика Біом субтропічний ліс, альпійські луки, прісні води, континентальний шельф, континентальний схил Місцевість Континент Європа Країна Італія Територія Середземне море Фауна більшого обсягу За географією фауна Європи За систематикою ссавці, фауна Італії За екологією суходільна фауна, морська фауна За біогеографією теріофауна Європи Геологічний вік сучасність Особливості Видовий обсяг 121 Чужорідні види Genetta genetta, Ondatra zibethicus, Oryctolagus cuniculus, Rattus norvegicus, Rattus rattus, Sciurus carolinensis, Tamias sibiricus Список ссавців Італії містить перелік видів, записаних на території Італії (південна Європа) згідно з
                                Read more

                                Українські прізвища Зміст Історичні відомості |...

                                Image
                                АдигськіАбхазькіАзербайджанські [en] Албанські [en] АлтайськіАмериканські [en] Афроамериканські [en] АнглійськіАрабськіБашкирськіБілоруські [en] прізвищаБолгарські [en] БоснійськіБурятськіВельські [en] ВепськіВ'єтнамські [en] Вірменські [en] Гавайські [en] ГолландськіГрецькіГрузинськіДанськіЕстонськіЄврейські [en] Юдейські [en] Ефіопія/Еритрея [en] Зімбабвійські [en] Індіанські [en] ІндійськіІндонезійські [en] Ірландські [en] ІсландськіІспанські і португальськіІталійськіКалмицькі [en] КарельськіКазахськіКамбоджійські [en] Канадські [en] КіргизькіКитайські [en] КоміКорейськіЛатиськіЛитовські [en] Лаоські [en] МарійськіМакедонські [en] Малазійські [en] Монгольські [en] МордовськіНімецькіНорвезькіОсетинськіПерські [en] ПольськіПрибалтійськіПортугальськіРосійськіпрізвищаРумунськіСербськіСкандинавськіСлов'янськіСахаСловацькі [en] Сомалійські [en] ТайванськіТайські [en] Татарські [en] ТибетськіТувинськіТурецькі [en] УгорськіУдмуртськіУкраїнськіпрізвищаФіджійські [en] ФінськіФранцузьк
                                Read more