I'm configuring Nginx with self-signed SSL certificate. Nginx fails to start due to the following error
[emerg] cannot load certificate key "/path/to/my.key": PEM_read_bio_PrivateKey() failed (SSL: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:Type=X509_ALGOR error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib)
The key and certificate are generated using GoCA. Both can be validated using OpenSSL. Furthermore, the key and certificate works fine with Apache httpd. So I suspect this is something related to nginx.
The key file is valid.
$ openssl rsa -noout -text -in my.key
Private-Key: (2048 bit, 2 primes)
modulus:
publicExponent:
privateExponent:
...
It's format seems OK to me.
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
The certificate is also valid
$ openssl x509 -in my.crt -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
...
Nginx version info (from Docker nginx:mainline)
nginx version: nginx/1.23.2
built by gcc 10.2.1 20210110 (Debian 10.2.1-6)
built with OpenSSL 1.1.1n 15 Mar 2022
