Join Log in
Score:0
João A. Veiga avatar Server

nginx SSL fail error:0909006C

cn flag
João A. Veiga

I'm configuring a SSL certificate from GoDaddy and have followed all their instructions in the page: https://br.godaddy.com/help/nginx-on-centos-7-install-a-certificate-27192?lc=en-US

I am running o CentOS8

I am still getting the following error:

SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: ANY PRIVATE KEY

I configured my nginx server as

server {
    listen 443 ssl;

    server_name 185.224.81.18;
    ssl_certificate     /etc/nginx/ssl/vegazbet.crt;
    ssl_certificate_key /etc/nginx/ssl/generated-private-key.txt;

    include ssl.conf;

    include       proxy_params;

    location / {
        proxy_pass http://localhost:5010;
    }

    location /static {
        root /home/useradmin/vegazbet/web/app;
    }

    location /socket.io {
        proxy_http_version 1.1;
        proxy_buffering off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_pass http://localhost:5010/socket.io;
    }
}

SSL.CONF
ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
ssl_ecdh_curve              secp384r1;
ssl_ciphers                 "ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384 OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 OLD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
ssl_prefer_server_ciphers   on;
ssl_session_timeout         10m;
ssl_session_cache           shared:SSL:10m;
ssl_session_tickets         off;
ssl_stapling                on;
ssl_stapling_verify         on;

PROXY_PARAMS
proxy_set_header    X-Real-IP           $remote_addr;
proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
proxy_set_header    X-Forwarded-Proto   $scheme;
proxy_set_header    Host                $host;
proxy_set_header    X-Forwarded-Host    $host;
proxy_set_header    X-Forwarded-Port    $server_port;

Does anyone have any ideia what that error means?

I've looked through lots of forum posts here and found no one with the exact same error...

114
0 + 0
ssl
us flag
Tero Kilkanen
Where exactly did you obtain the private key and certificate? It seems the files are somehow corrupted.
0
Reply
João A. Veiga avatar
cn flag
João A. Veiga
I downloaded them from godaddy. They generated the private key and the crt file (crt file was already concatenated with Intermediate Certificate Chain)
0
Reply
João A. Veiga avatar
cn flag
João A. Veiga
Then I sftp d them to my server
0
Reply
us flag
Tero Kilkanen
The name `generated-private-key.txt` is suspicious.
0
Reply
João A. Veiga avatar
cn flag
João A. Veiga
How can I check if it is correct, when i open it it looks like a regular private key. starts qith -----BEGIN PRIVATE KEY-----
0
Reply
dave_thompson_085 avatar
jp flag
dave_thompson_085
Do `od -c generated-private-key.txt` and **make sure it starts with _exactly_ the characters** `- - - - - B E G I N (sp) P R I V A` then `T E (sp) K E Y - - - - - \n` (where I use (sp) to indicate a blank space) **with nothing else** before the first hyphen, although you _may_ have `\r` before the `\n`.
0
Reply
João A. Veiga avatar
cn flag
João A. Veiga
Thanks for the help, turns out the file was formatted as UTF eith BOM, removing the bom made it work
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.