nginx config fails with SSL key/pem (unique case)svn using nginx Commit failed: path not foundNginx proxy...
Would a primitive species be able to learn English from reading books alone?
Why do Radio Buttons not fill the entire outer circle?
Why does a 97 / 92 key piano exist by Bosendorfer?
Reason why a kingside attack is not justified
What should be the ideal length of sentences in a blog post for ease of reading?
Should I be concerned about student access to a test bank?
"Marked down as someone wanting to sell shares." What does that mean?
Why is "la Gestapo" feminine?
Relations between homogeneous polynomials
Rendered textures different to 3D View
Is there any common country to visit for persons holding UK and Schengen visas?
PTIJ: Which Dr. Seuss books should one obtain?
Why is implicit conversion not ambiguous for non-primitive types?
How do you say "Trust your struggle." in French?
How to split IPA spelling into syllables
How can a new country break out from a developed country without war?
Is divisi notation needed for brass or woodwind in an orchestra?
"Oh no!" in Latin
Mortal danger in mid-grade literature
Why is indicated airspeed rather than ground speed used during the takeoff roll?
Pre-Employment Background Check With Consent For Future Checks
Highest stage count that are used one right after the other?
Make a Bowl of Alphabet Soup
Why doesn't Gödel's incompleteness theorem apply to false statements?
nginx config fails with SSL key/pem (unique case)
svn using nginx Commit failed: path not foundNginx proxy pass works for https but not httpnginx load balancer rewrite to listen portNginx subversion commit failureNginx/Apache: set HSTS only if X-Forwarded-Proto is httpsnginx rewrite throw 404 with last and breaknginx reverse proxy hide login query also on 301 redirect or full qualified urlUniversal HTTPS to HTTP reverse proxy using nginxConfigure NGINX : How to handle 500 Error on upstream itself, While Nginx handle other 5xx errorsJenkins/Nginx returning 404 when concurrent requests made from jenkins
I am trying to install SSL on my nginx reverse proxy with certified ssl keys but i get this message when i try to restart server:
Restarting nginx: [emerg]: SSL_CTX_use_PrivateKey_file("/etc/nginx/conf.d/cert.key") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib)
configuration file /etc/nginx/nginx.conf test failed
everyfiles are root:root with 600 permissions
i've tested the certificats and they are validated with this website: http://ssltools.com/cert_key_match
there are no trailing weird caracters in my keys, and has 64 caracter per line
here is my config file
server {
listen 443;
server_name my.domain.com;
ssl on;
ssl_certificate conf.d/cert.pem;
ssl_certificate_key conf.d/cert.key;
location / {
proxy_pass http://upstream1;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Any ideas? Thank you
nginx ssl web-server reverse-proxy configuration
asked Jan 31 '14 at 19:35
FredowFredow
10115
add a comment |
I am trying to install SSL on my nginx reverse proxy with certified ssl keys but i get this message when i try to restart server:
Restarting nginx: [emerg]: SSL_CTX_use_PrivateKey_file("/etc/nginx/conf.d/cert.key") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib)
configuration file /etc/nginx/nginx.conf test failed
everyfiles are root:root with 600 permissions
i've tested the certificats and they are validated with this website: http://ssltools.com/cert_key_match
there are no trailing weird caracters in my keys, and has 64 caracter per line
here is my config file
server {
listen 443;
server_name my.domain.com;
ssl on;
ssl_certificate conf.d/cert.pem;
ssl_certificate_key conf.d/cert.key;
location / {
proxy_pass http://upstream1;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Any ideas? Thank you
nginx ssl web-server reverse-proxy configuration
asked Jan 31 '14 at 19:35
FredowFredow
10115
1
Are you using a chained certificate? If so, you should follow the instructions at the certificate authority. You need to include the chained certificate as well. Alsom, I strongly discourage you from uploading your certificates to a random website. If they're saving what's uploaded your cert has already been compromised. You can do the verification with openssl directly yourself.
– yoonix
Jan 31 '14 at 19:43
yes i am. in my cert.pem i start with the root cert, then in the same file there is the intermediate cert. Now on my cert.key file there is two cert where the second one starts with -----BEGIN RSA PRIVATE KEY-----
– Fredow
Feb 3 '14 at 5:15
add a comment |
I am trying to install SSL on my nginx reverse proxy with certified ssl keys but i get this message when i try to restart server:
Restarting nginx: [emerg]: SSL_CTX_use_PrivateKey_file("/etc/nginx/conf.d/cert.key") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib)
configuration file /etc/nginx/nginx.conf test failed
everyfiles are root:root with 600 permissions
i've tested the certificats and they are validated with this website: http://ssltools.com/cert_key_match
there are no trailing weird caracters in my keys, and has 64 caracter per line
here is my config file
server {
listen 443;
server_name my.domain.com;
ssl on;
ssl_certificate conf.d/cert.pem;
ssl_certificate_key conf.d/cert.key;
location / {
proxy_pass http://upstream1;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Any ideas? Thank you
nginx ssl web-server reverse-proxy configuration
asked Jan 31 '14 at 19:35
FredowFredow
10115
I am trying to install SSL on my nginx reverse proxy with certified ssl keys but i get this message when i try to restart server:
Restarting nginx: [emerg]: SSL_CTX_use_PrivateKey_file("/etc/nginx/conf.d/cert.key") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib)
configuration file /etc/nginx/nginx.conf test failed
everyfiles are root:root with 600 permissions
i've tested the certificats and they are validated with this website: http://ssltools.com/cert_key_match
there are no trailing weird caracters in my keys, and has 64 caracter per line
here is my config file
server {
listen 443;
server_name my.domain.com;
ssl on;
ssl_certificate conf.d/cert.pem;
ssl_certificate_key conf.d/cert.key;
location / {
proxy_pass http://upstream1;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Any ideas? Thank you
nginx ssl web-server reverse-proxy configuration
nginx ssl web-server reverse-proxy configuration
asked Jan 31 '14 at 19:35
FredowFredow
10115
asked Jan 31 '14 at 19:35
FredowFredow
10115
asked Jan 31 '14 at 19:35
FredowFredow
10115
asked Jan 31 '14 at 19:35
FredowFredow
10115
asked Jan 31 '14 at 19:35
FredowFredow
10115
10115
1
Are you using a chained certificate? If so, you should follow the instructions at the certificate authority. You need to include the chained certificate as well. Alsom, I strongly discourage you from uploading your certificates to a random website. If they're saving what's uploaded your cert has already been compromised. You can do the verification with openssl directly yourself.
– yoonix
Jan 31 '14 at 19:43
yes i am. in my cert.pem i start with the root cert, then in the same file there is the intermediate cert. Now on my cert.key file there is two cert where the second one starts with -----BEGIN RSA PRIVATE KEY-----
– Fredow
Feb 3 '14 at 5:15
add a comment |
1
Are you using a chained certificate? If so, you should follow the instructions at the certificate authority. You need to include the chained certificate as well. Alsom, I strongly discourage you from uploading your certificates to a random website. If they're saving what's uploaded your cert has already been compromised. You can do the verification with openssl directly yourself.
– yoonix
Jan 31 '14 at 19:43
yes i am. in my cert.pem i start with the root cert, then in the same file there is the intermediate cert. Now on my cert.key file there is two cert where the second one starts with -----BEGIN RSA PRIVATE KEY-----
– Fredow
Feb 3 '14 at 5:15
1
1
Are you using a chained certificate? If so, you should follow the instructions at the certificate authority. You need to include the chained certificate as well. Alsom, I strongly discourage you from uploading your certificates to a random website. If they're saving what's uploaded your cert has already been compromised. You can do the verification with openssl directly yourself.
– yoonix
Jan 31 '14 at 19:43
Are you using a chained certificate? If so, you should follow the instructions at the certificate authority. You need to include the chained certificate as well. Alsom, I strongly discourage you from uploading your certificates to a random website. If they're saving what's uploaded your cert has already been compromised. You can do the verification with openssl directly yourself.
– yoonix
Jan 31 '14 at 19:43
yes i am. in my cert.pem i start with the root cert, then in the same file there is the intermediate cert. Now on my cert.key file there is two cert where the second one starts with -----BEGIN RSA PRIVATE KEY-----
– Fredow
Feb 3 '14 at 5:15
yes i am. in my cert.pem i start with the root cert, then in the same file there is the intermediate cert. Now on my cert.key file there is two cert where the second one starts with -----BEGIN RSA PRIVATE KEY-----
– Fredow
Feb 3 '14 at 5:15
add a comment |
4 Answers
4
active
oldest
votes
check here
I hope you've copy-pasted with the following lines:
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
answered Feb 1 '14 at 21:33
IljaIlja
42229
the cert.pem in that exemple acts as ssl_certificate or ssl_certificate_key ?
– Fredow
Feb 3 '14 at 5:15
extention .pem always acts as certificate.
– Ilja
Feb 3 '14 at 8:06
Yeah i had it already done. I have 4 keys in those 2 files, ill post the content of my keys here (this formatting is too good...): cert.pem :-----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE-----cert.key-----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- [...] -----END RSA PRIVATE KEY-----
– Fredow
Feb 3 '14 at 14:38
cert.key MUST contain only key: -----BEGIN RSA PRIVATE KEY----- [...] -----END RSA PRIVATE KEY-----
– Ilja
Feb 3 '14 at 15:51
1
Ive resolved locally my issue. The formatting of the keys are different with nginx vs apache, and the bundle key has 3 certificats inside it, not two. Thankx for your help IIja, it's much apreciated.
– Fredow
Feb 6 '14 at 19:59
|
show 2 more comments
A different solution that may work for others:
use the .pem file for both ssl_certificate and ssl_certificate_key
That is:
...
ssl on;
ssl_certificate conf.d/cert.pem;
ssl_certificate_key conf.d/cert.pem;
...
answered Apr 29 '16 at 18:33
Peter KlipfelPeter Klipfel
1165
add a comment |
FYI, make sure your BEGIN block is identical to the expected block, character for character. Mine started with 4 dashes, not 5. ---- vs -----. The validation tooling error messages aren't very specific when you make this error.
answered Jul 1 '17 at 16:29
Joseph LustJoseph Lust
30327
add a comment |
I got the same problem(from /var/log/nginx/error.log)
2019/03/20 01:25:41 [emerg] 2509#0: SSL_CTX_use_PrivateKey_file("/etc/nginx/conf.d/sslcert/mm.merchantspring.com.au.key") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: ANY PRIVATE KEY error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib)
then I found my key file need also to be chained with certificate. After update key file, restart nginx , it works.
My Env:
Nginx config file is like this:
ssl_certificate /etc/nginx/conf.d/sslcert/mywebsite.pem;
ssl_certificate_key /etc/nginx/conf.d/sslcert/mywebsite.key;
mywebsite.pem(chained, 4 certificates totally. cat mywebsite.crt intermediate.crt > mywebsite.pem):
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
mywebsite.key:(chained with crt and key)
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
I got the key file from godaddy website, instead of creating it by openssl. But I do think it will be better if doing this with openssl.
answered 9 mins ago
user515131user515131
1
New contributor
user515131 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f571377%2fnginx-config-fails-with-ssl-key-pem-unique-case%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
check here
I hope you've copy-pasted with the following lines:
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
answered Feb 1 '14 at 21:33
IljaIlja
42229
the cert.pem in that exemple acts as ssl_certificate or ssl_certificate_key ?
– Fredow
Feb 3 '14 at 5:15
extention .pem always acts as certificate.
– Ilja
Feb 3 '14 at 8:06
Yeah i had it already done. I have 4 keys in those 2 files, ill post the content of my keys here (this formatting is too good...): cert.pem :-----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE-----cert.key-----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- [...] -----END RSA PRIVATE KEY-----
– Fredow
Feb 3 '14 at 14:38
cert.key MUST contain only key: -----BEGIN RSA PRIVATE KEY----- [...] -----END RSA PRIVATE KEY-----
– Ilja
Feb 3 '14 at 15:51
1
Ive resolved locally my issue. The formatting of the keys are different with nginx vs apache, and the bundle key has 3 certificats inside it, not two. Thankx for your help IIja, it's much apreciated.
– Fredow
Feb 6 '14 at 19:59
|
show 2 more comments
check here
I hope you've copy-pasted with the following lines:
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
answered Feb 1 '14 at 21:33
IljaIlja
42229
the cert.pem in that exemple acts as ssl_certificate or ssl_certificate_key ?
– Fredow
Feb 3 '14 at 5:15
extention .pem always acts as certificate.
– Ilja
Feb 3 '14 at 8:06
Yeah i had it already done. I have 4 keys in those 2 files, ill post the content of my keys here (this formatting is too good...): cert.pem :-----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE-----cert.key-----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- [...] -----END RSA PRIVATE KEY-----
– Fredow
Feb 3 '14 at 14:38
cert.key MUST contain only key: -----BEGIN RSA PRIVATE KEY----- [...] -----END RSA PRIVATE KEY-----
– Ilja
Feb 3 '14 at 15:51
1
Ive resolved locally my issue. The formatting of the keys are different with nginx vs apache, and the bundle key has 3 certificats inside it, not two. Thankx for your help IIja, it's much apreciated.
– Fredow
Feb 6 '14 at 19:59
|
show 2 more comments
check here
I hope you've copy-pasted with the following lines:
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
answered Feb 1 '14 at 21:33
IljaIlja
42229
check here
I hope you've copy-pasted with the following lines:
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
answered Feb 1 '14 at 21:33
IljaIlja
42229
answered Feb 1 '14 at 21:33
IljaIlja
42229
answered Feb 1 '14 at 21:33
IljaIlja
42229
answered Feb 1 '14 at 21:33
IljaIlja
42229
42229
the cert.pem in that exemple acts as ssl_certificate or ssl_certificate_key ?
– Fredow
Feb 3 '14 at 5:15
extention .pem always acts as certificate.
– Ilja
Feb 3 '14 at 8:06
Yeah i had it already done. I have 4 keys in those 2 files, ill post the content of my keys here (this formatting is too good...): cert.pem :-----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE-----cert.key-----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- [...] -----END RSA PRIVATE KEY-----
– Fredow
Feb 3 '14 at 14:38
cert.key MUST contain only key: -----BEGIN RSA PRIVATE KEY----- [...] -----END RSA PRIVATE KEY-----
– Ilja
Feb 3 '14 at 15:51
1
Ive resolved locally my issue. The formatting of the keys are different with nginx vs apache, and the bundle key has 3 certificats inside it, not two. Thankx for your help IIja, it's much apreciated.
– Fredow
Feb 6 '14 at 19:59
|
show 2 more comments
the cert.pem in that exemple acts as ssl_certificate or ssl_certificate_key ?
– Fredow
Feb 3 '14 at 5:15
extention .pem always acts as certificate.
– Ilja
Feb 3 '14 at 8:06
Yeah i had it already done. I have 4 keys in those 2 files, ill post the content of my keys here (this formatting is too good...): cert.pem :-----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE-----cert.key-----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- [...] -----END RSA PRIVATE KEY-----
– Fredow
Feb 3 '14 at 14:38
cert.key MUST contain only key: -----BEGIN RSA PRIVATE KEY----- [...] -----END RSA PRIVATE KEY-----
– Ilja
Feb 3 '14 at 15:51
1
Ive resolved locally my issue. The formatting of the keys are different with nginx vs apache, and the bundle key has 3 certificats inside it, not two. Thankx for your help IIja, it's much apreciated.
– Fredow
Feb 6 '14 at 19:59
the cert.pem in that exemple acts as ssl_certificate or ssl_certificate_key ?
– Fredow
Feb 3 '14 at 5:15
the cert.pem in that exemple acts as ssl_certificate or ssl_certificate_key ?
– Fredow
Feb 3 '14 at 5:15
extention .pem always acts as certificate.
– Ilja
Feb 3 '14 at 8:06
extention .pem always acts as certificate.
– Ilja
Feb 3 '14 at 8:06
Yeah i had it already done. I have 4 keys in those 2 files, ill post the content of my keys here (this formatting is too good...): cert.pem :
-----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- cert.key -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- [...] -----END RSA PRIVATE KEY-----– Fredow
Feb 3 '14 at 14:38
Yeah i had it already done. I have 4 keys in those 2 files, ill post the content of my keys here (this formatting is too good...): cert.pem :
-----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- cert.key -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- [...] -----END RSA PRIVATE KEY-----– Fredow
Feb 3 '14 at 14:38
cert.key MUST contain only key: -----BEGIN RSA PRIVATE KEY----- [...] -----END RSA PRIVATE KEY-----
– Ilja
Feb 3 '14 at 15:51
cert.key MUST contain only key: -----BEGIN RSA PRIVATE KEY----- [...] -----END RSA PRIVATE KEY-----
– Ilja
Feb 3 '14 at 15:51
1
1
Ive resolved locally my issue. The formatting of the keys are different with nginx vs apache, and the bundle key has 3 certificats inside it, not two. Thankx for your help IIja, it's much apreciated.
– Fredow
Feb 6 '14 at 19:59
Ive resolved locally my issue. The formatting of the keys are different with nginx vs apache, and the bundle key has 3 certificats inside it, not two. Thankx for your help IIja, it's much apreciated.
– Fredow
Feb 6 '14 at 19:59
|
show 2 more comments
A different solution that may work for others:
use the .pem file for both ssl_certificate and ssl_certificate_key
That is:
...
ssl on;
ssl_certificate conf.d/cert.pem;
ssl_certificate_key conf.d/cert.pem;
...
answered Apr 29 '16 at 18:33
Peter KlipfelPeter Klipfel
1165
add a comment |
A different solution that may work for others:
use the .pem file for both ssl_certificate and ssl_certificate_key
That is:
...
ssl on;
ssl_certificate conf.d/cert.pem;
ssl_certificate_key conf.d/cert.pem;
...
answered Apr 29 '16 at 18:33
Peter KlipfelPeter Klipfel
1165
add a comment |
A different solution that may work for others:
use the .pem file for both ssl_certificate and ssl_certificate_key
That is:
...
ssl on;
ssl_certificate conf.d/cert.pem;
ssl_certificate_key conf.d/cert.pem;
...
answered Apr 29 '16 at 18:33
Peter KlipfelPeter Klipfel
1165
A different solution that may work for others:
use the .pem file for both ssl_certificate and ssl_certificate_key
That is:
...
ssl on;
ssl_certificate conf.d/cert.pem;
ssl_certificate_key conf.d/cert.pem;
...
answered Apr 29 '16 at 18:33
Peter KlipfelPeter Klipfel
1165
answered Apr 29 '16 at 18:33
Peter KlipfelPeter Klipfel
1165
answered Apr 29 '16 at 18:33
Peter KlipfelPeter Klipfel
1165
answered Apr 29 '16 at 18:33
Peter KlipfelPeter Klipfel
1165
1165
add a comment |
add a comment |
FYI, make sure your BEGIN block is identical to the expected block, character for character. Mine started with 4 dashes, not 5. ---- vs -----. The validation tooling error messages aren't very specific when you make this error.
answered Jul 1 '17 at 16:29
Joseph LustJoseph Lust
30327
add a comment |
FYI, make sure your BEGIN block is identical to the expected block, character for character. Mine started with 4 dashes, not 5. ---- vs -----. The validation tooling error messages aren't very specific when you make this error.
answered Jul 1 '17 at 16:29
Joseph LustJoseph Lust
30327
add a comment |
FYI, make sure your BEGIN block is identical to the expected block, character for character. Mine started with 4 dashes, not 5. ---- vs -----. The validation tooling error messages aren't very specific when you make this error.
answered Jul 1 '17 at 16:29
Joseph LustJoseph Lust
30327
FYI, make sure your BEGIN block is identical to the expected block, character for character. Mine started with 4 dashes, not 5. ---- vs -----. The validation tooling error messages aren't very specific when you make this error.
answered Jul 1 '17 at 16:29
Joseph LustJoseph Lust
30327
answered Jul 1 '17 at 16:29
Joseph LustJoseph Lust
30327
answered Jul 1 '17 at 16:29
Joseph LustJoseph Lust
30327
answered Jul 1 '17 at 16:29
Joseph LustJoseph Lust
30327
30327
add a comment |
add a comment |
I got the same problem(from /var/log/nginx/error.log)
2019/03/20 01:25:41 [emerg] 2509#0: SSL_CTX_use_PrivateKey_file("/etc/nginx/conf.d/sslcert/mm.merchantspring.com.au.key") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: ANY PRIVATE KEY error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib)
then I found my key file need also to be chained with certificate. After update key file, restart nginx , it works.
My Env:
Nginx config file is like this:
ssl_certificate /etc/nginx/conf.d/sslcert/mywebsite.pem;
ssl_certificate_key /etc/nginx/conf.d/sslcert/mywebsite.key;
mywebsite.pem(chained, 4 certificates totally. cat mywebsite.crt intermediate.crt > mywebsite.pem):
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
mywebsite.key:(chained with crt and key)
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
I got the key file from godaddy website, instead of creating it by openssl. But I do think it will be better if doing this with openssl.
answered 9 mins ago
user515131user515131
1
New contributor
user515131 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I got the same problem(from /var/log/nginx/error.log)
2019/03/20 01:25:41 [emerg] 2509#0: SSL_CTX_use_PrivateKey_file("/etc/nginx/conf.d/sslcert/mm.merchantspring.com.au.key") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: ANY PRIVATE KEY error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib)
then I found my key file need also to be chained with certificate. After update key file, restart nginx , it works.
My Env:
Nginx config file is like this:
ssl_certificate /etc/nginx/conf.d/sslcert/mywebsite.pem;
ssl_certificate_key /etc/nginx/conf.d/sslcert/mywebsite.key;
mywebsite.pem(chained, 4 certificates totally. cat mywebsite.crt intermediate.crt > mywebsite.pem):
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
mywebsite.key:(chained with crt and key)
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
I got the key file from godaddy website, instead of creating it by openssl. But I do think it will be better if doing this with openssl.
answered 9 mins ago
user515131user515131
1
New contributor
user515131 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I got the same problem(from /var/log/nginx/error.log)
2019/03/20 01:25:41 [emerg] 2509#0: SSL_CTX_use_PrivateKey_file("/etc/nginx/conf.d/sslcert/mm.merchantspring.com.au.key") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: ANY PRIVATE KEY error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib)
then I found my key file need also to be chained with certificate. After update key file, restart nginx , it works.
My Env:
Nginx config file is like this:
ssl_certificate /etc/nginx/conf.d/sslcert/mywebsite.pem;
ssl_certificate_key /etc/nginx/conf.d/sslcert/mywebsite.key;
mywebsite.pem(chained, 4 certificates totally. cat mywebsite.crt intermediate.crt > mywebsite.pem):
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
mywebsite.key:(chained with crt and key)
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
I got the key file from godaddy website, instead of creating it by openssl. But I do think it will be better if doing this with openssl.
answered 9 mins ago
user515131user515131
1
New contributor
user515131 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I got the same problem(from /var/log/nginx/error.log)
2019/03/20 01:25:41 [emerg] 2509#0: SSL_CTX_use_PrivateKey_file("/etc/nginx/conf.d/sslcert/mm.merchantspring.com.au.key") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: ANY PRIVATE KEY error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib)
then I found my key file need also to be chained with certificate. After update key file, restart nginx , it works.
My Env:
Nginx config file is like this:
ssl_certificate /etc/nginx/conf.d/sslcert/mywebsite.pem;
ssl_certificate_key /etc/nginx/conf.d/sslcert/mywebsite.key;
mywebsite.pem(chained, 4 certificates totally. cat mywebsite.crt intermediate.crt > mywebsite.pem):
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
mywebsite.key:(chained with crt and key)
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
I got the key file from godaddy website, instead of creating it by openssl. But I do think it will be better if doing this with openssl.
answered 9 mins ago
user515131user515131
1
New contributor
user515131 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 9 mins ago
user515131user515131
1
New contributor
user515131 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 9 mins ago
user515131user515131
1
answered 9 mins ago
user515131user515131
1
1
New contributor
user515131 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
user515131 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
user515131 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f571377%2fnginx-config-fails-with-ssl-key-pem-unique-case%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
Are you using a chained certificate? If so, you should follow the instructions at the certificate authority. You need to include the chained certificate as well. Alsom, I strongly discourage you from uploading your certificates to a random website. If they're saving what's uploaded your cert has already been compromised. You can do the verification with openssl directly yourself.
– yoonix
Jan 31 '14 at 19:43
yes i am. in my cert.pem i start with the root cert, then in the same file there is the intermediate cert. Now on my cert.key file there is two cert where the second one starts with -----BEGIN RSA PRIVATE KEY-----
– Fredow
Feb 3 '14 at 5:15