1

I'm having trouble configuring my SSL to use with nginx. I'm not sure how to solve the problem, is there anyone someone might know the solution or can put me on the right track?

Error

nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/nginx/ssl/test.key") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: ANY PRIVATE KEY error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib)

nginx config

listen   443 ssl;
ssl_certificate       /etc/nginx/ssl/test.crt;
ssl_certificate_key   /etc/nginx/ssl/test.key;

ausearch -m avc -ts today | audit2allow

#============= httpd_t ==============

#!!!! This avc is allowed in the current policy
allow httpd_t user_home_t:file read;
Ovie Trix
  • 13
  • 1
  • 2
  • 6
  • 1
    Your `test.key` does not contain the key or does not have the proper format. Possible duplicate of [nginx config fails with SSL key/pem (unique case)](https://serverfault.com/questions/571377/nginx-config-fails-with-ssl-key-pem-unique-case) – Steffen Ullrich Aug 15 '19 at 17:23
  • How did you create this private key? – Michael Hampton Aug 15 '19 at 18:18
  • It was generated for me from go daddy @MichaelHampton – Ovie Trix Aug 15 '19 at 18:59
  • That's unusual, and certainly not recommended. Have you looked at it? – Michael Hampton Aug 15 '19 at 19:46
  • So, what would be recommended? Should I have my own DNS server going and avoid go daddy? – Ovie Trix Aug 15 '19 at 19:48
  • DNS service and SSL certificate are separate things and need not be done by the same provider. And normally **you** would create the private key, use it to sign a certificate signing request, which the SSL provider will turn into a certificate. The SSL provider should not create and indeed never see your private key. – Jenny D Aug 20 '19 at 06:44
  • (But generally speaking, I personally recommend pretty much any other DNS provider - GoDaddy have had quite a few security, privacy, and technical issues.) – Jenny D Aug 20 '19 at 06:46

1 Answers1

0

Try configuring it with LetsEncrypt SSL with certbot. For more information see here: https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04

If u want self-signed cert. then click here: https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-nginx-in-ubuntu-18-04

Rahul Biswas
  • 139
  • 1
  • 1
  • 14