Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

haproxy - unable to load SSL private key from PEM file

Tags:

haproxy

haproxy does not start anymore, it shows the error

bind <ip>:443' : unable to load SSL private key from PEM file ... 

We did not change anything on the certificates or configuration. Since the last start we only made normal updates to the system.

To find the error, I generated a completely new certificate (self signed) but the error still exists.

This is the structure of the PEM file:

-----BEGIN CERTIFICATE----- MIIDXjCCAkY... -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIIEpgIBAAKC.... -----END RSA PRIVATE KEY----- 

I also tried to convert the private key with

openssl pkcs8 -topk8 -inform pem -in server.key -outform pem -nocrypt -out server_new.key 

but haproxy still shows the same error.

I'm trying for hours now but I can not find the reason. Please help! Thank you!

Update:

The problem has something to do with file access. The PEM file was stored at /data/ssl/domainname/domainname.pem. File rights are ok. When I move the PEM file to /etc/haproxy then everything is ok.

like image 809
efdev1234 Avatar asked Jan 14 '15 16:01

efdev1234


1 Answers

The order in which the cert and key files appear in the pem is important. Use the following to create the pem file.

cat example.com.crt example.com.key > example.com.pem 
like image 114
Justin Hourigan Avatar answered Sep 21 '22 23:09

Justin Hourigan