NGINX SSL certificate permission SSL error :0200100D:system

Question

Getting following error in NGINX server, Using LetsEncrypts free SSL Certificate.

2016/06/23 19:53:13 [warn] 5013#0: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:1

2016/06/23 19:53:13 [emerg] 5013#0: BIO_new_file("/etc/letsencrypt/live/abc/fullchain.pem") failed (SSL: error:0200100D:system library:fopen:Permission denied:fopen('/etc/letsencrypt/live/abc/fullchain.pem','r') error:2006D002:BIO routines:BIO_new_file:system lib)

Answer 1

Both problems have one root cause.

1. This error usually happens, when you try to start nginx with non-root user. You could try to start as root or under sudo.

2. Looks like you have permission on your pem file, which not allow nginx to read it when you start it from non-root user, you could try to change file permission or start nginx as root or under sudo.

Answer 2

If your chmod and chown is all correct on the file, this is probably because you copied a file into a folder - maybe home folder (say) - then mv'd the file into position for NGINX. SeLinux remembers the original file creation location and applies the rights wherever the file is mv'd to - to reset the SeLinux permissions to the current location/file permissions use

restorecon filename

This usually sorts it

Answer 3

Hello I also had the same similar issue.

setenforce 0

It was solved this way.

Answer 4

If you run nginx worker process from www-data user, it needs just set rights on /etc/letsencrypt/ folder:

chown -R www-data:www-data /etc/letsencrypt/
chmod -R 755 /etc/letsencrypt/

It should works