Letsencrypt isn't working anymore. tls: failed to find PEM data

The TLS used to work and is now failing with.

Activating privacy features...2016/11/29 17:26:22 tls: failed to find any PEM data in certificate input

Does anyone have an idea?

thanks!

Can you tell us what changed and what version of Caddy you’re using? How you run it, etc?

Hi Matt,

The version didn’t change, but I’ve updated it since then to the latest stable. The kernel version did however.

The machine I’m using is a VM.

$ ./caddy_linux_amd64 --version
Caddy 0.9.3
$ ./caddy_linux_amd64 --plugins
Server types:
  http

Caddyfile loaders:
  short
  flag
  default

Other plugins:
  http.basicauth
  http.bind
  http.browse
  http.errors
  http.expvar
  http.ext
  http.fastcgi
  http.gzip
  http.header
  http.internal
  http.log
  http.markdown
  http.mime
  http.pprof
  http.proxy
  http.redir
  http.rewrite
  http.root
  http.status
  http.templates
  http.websocket
  shutdown
  startup
  tls
  tls.storage.file
$ uname -a
Linux srvz-webapp 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1+deb8u2 (2016-10-19) x86_64 GNU/Linux

What could have changed is the Linux kernel as I don’t have any control over it…

Thanks in advance,

Are the certificate files there and do they have the expected contents? This error comes from the standard library when the PEM file is empty.

Right… thanks!

$ openssl verify /etc/ssl/certs/ssl-cert-snakeoil.pem
Error opening certificate file /etc/ssl/certs/ssl-cert-snakeoil.pem
139659398051472:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('/etc/ssl/certs/ssl-cert-snakeoil.pem','r')
139659398051472:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
unable to load certificate

$ sudo openssl verify /etc/ssl/certs/ssl-cert-snakeoil.pem
/etc/ssl/certs/ssl-cert-snakeoil.pem: CN = srvz-webapp.he-arc.ch
error 18 at 0 depth lookup:self signed certificate
OK

/etc/ssl/certs/ca-certificates.crt file is okay too. Which file acts as the private key?

Hi Gruet,

I’m having the same problem. Because of this caddy won’t start anymore. Did you manage to fix the problem? If so, what dit you do to fix it?

If i run:

openssl verify *.pem

in /etc/ssl/certs all come back ok (i do see some expired and and errors but all return ok).

Hi Chris,

I had to run it manually rather than through systemctl, but dunno why. I went back to nginx since.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.