nginx fails to load a file - ssl certificate - even if its clearly there

Question

I want to use ssl with nginx. I create the necessary certificates:

[root@arch ssl]# pwd
/etc/nginx/ssl
[root@arch ssl]# ls -l
total 12
-rwx------ 1 root root 1346 Aug  3 14:36 server.crt
-rwx------ 1 root root 1115 Aug  3 14:36 server.csr
-rwx------ 1 root root 1743 Aug  3 14:35 server.key

But nginx fails to load these files. It says it can't find them:

systemctl -l status nginx

nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled)
Active: failed (Result: exit-code) since Sun 2014-08-03 14:50:04 EDT; 21min ago
Process: 21391 ExecStart=/usr/bin/nginx -g pid /run/nginx.pid; error_log stderr; (code=exited, status=1/FAILURE)
Main PID: 16458 (code=exited, status=0/SUCCESS)

Aug 03 14:50:04 arch nginx[21391]: 2014/08/03 14:50:04 [emerg] 21391#0:     BIO_new_file("/etc/gninx/ssl/server.crt") failed (SSL: error:02001002:system     library:fopen:No such file or directory:fopen('/etc/gninx/ssl/server.crt','r')     error:2006D080:BIO routines:BIO_new_file:no such file)
Aug 03 14:50:04 arch systemd[1]: nginx.service: control process exited, code=exited     status=1
Aug 03 14:50:04 arch systemd[1]: Failed to start A high performance web server and a reverse proxy server.
Aug 03 14:50:04 arch systemd[1]: Unit nginx.service entered failed state.

This is the config that I have:

server {


   server_name localhost;
   listen 443;
   ssi on;        


   ssl on;
   ssl_certificate /etc/gninx/ssl/server.crt;
   ssl_certificate_key /etc/nginx/ssl/server.key;

   client_max_body_size 4G;



   location =  / {
       ...
   }
}

Can anyone tell me please what I;m missing?

Thanks in advance for your kind help and time.

Jenia.

You misspelled `nginx` as `gninx`. – Michael Hampton Aug 03 '14 at 19:29 — Michael Hampton, Aug 03 '14 at 19:29

score 7 · Answer 1 · answered Aug 03 '14 at 21:29

I'll bet nginx is not running as root. The permissions you have on the key/cert pair is readable only by root.

I usually create a www group and make the key root:www 440 and the cert root:www 444 (the cert is sent out publically for every connection; so there's no reason to keep it secret; just make sure it's uneditable). Then I make sure that apache (or nginx as you prefer) runs as www:www.

--oh yah... Make sure that you don't have a pass phrase on the key; or if you do (it ~is~ better security), make sure that nginx has a provision to allow you to submit the pass phrase as you initiate it. (sorry, I've never tried to use nginx). And then be prepared for it to hang and wait every time it restarts until you can reach the console.

thanks for the pass phrase hint it was the source to my issue :) — SlimenTN, Jul 19 '21 at 14:11

score 7 · Answer 2 · edited Mar 12 '16 at 15:24

7

The problem was the route, as you set /etc/gninx/ssl/server.crt; which should be /etc/nginx/ssl/server.crt;

edited Mar 12 '16 at 15:24

udondan

2,061
15
18

answered Mar 11 '16 at 23:24

McArthur

71
1
1

nginx fails to load a file - ssl certificate - even if its clearly there

2 Answers2