The TLS used to work and is now failing with.
Activating privacy features...2016/11/29 17:26:22 tls: failed to find any PEM data in certificate input
Does anyone have an idea?
thanks!
The TLS used to work and is now failing with.
Activating privacy features...2016/11/29 17:26:22 tls: failed to find any PEM data in certificate input
Does anyone have an idea?
thanks!
Can you tell us what changed and what version of Caddy you’re using? How you run it, etc?
Hi Matt,
The version didn’t change, but I’ve updated it since then to the latest stable. The kernel version did however.
The machine I’m using is a VM.
$ ./caddy_linux_amd64 --version
Caddy 0.9.3
$ ./caddy_linux_amd64 --plugins
Server types:
http
Caddyfile loaders:
short
flag
default
Other plugins:
http.basicauth
http.bind
http.browse
http.errors
http.expvar
http.ext
http.fastcgi
http.gzip
http.header
http.internal
http.log
http.markdown
http.mime
http.pprof
http.proxy
http.redir
http.rewrite
http.root
http.status
http.templates
http.websocket
shutdown
startup
tls
tls.storage.file
$ uname -a
Linux srvz-webapp 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1+deb8u2 (2016-10-19) x86_64 GNU/Linux
What could have changed is the Linux kernel as I don’t have any control over it…
Thanks in advance,
Are the certificate files there and do they have the expected contents? This error comes from the standard library when the PEM file is empty.
Right… thanks!
$ openssl verify /etc/ssl/certs/ssl-cert-snakeoil.pem
Error opening certificate file /etc/ssl/certs/ssl-cert-snakeoil.pem
139659398051472:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('/etc/ssl/certs/ssl-cert-snakeoil.pem','r')
139659398051472:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
unable to load certificate
…
$ sudo openssl verify /etc/ssl/certs/ssl-cert-snakeoil.pem
/etc/ssl/certs/ssl-cert-snakeoil.pem: CN = srvz-webapp.he-arc.ch
error 18 at 0 depth lookup:self signed certificate
OK
/etc/ssl/certs/ca-certificates.crt
file is okay too. Which file acts as the private key?
Hi Gruet,
I’m having the same problem. Because of this caddy won’t start anymore. Did you manage to fix the problem? If so, what dit you do to fix it?
If i run:
openssl verify *.pem
in /etc/ssl/certs all come back ok (i do see some expired and and errors but all return ok).
Hi Chris,
I had to run it manually rather than through systemctl, but dunno why. I went back to nginx since.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.