CODEWITHSUNDEEP
dockernginxhttps
beohof
beohof

Reputation: 21

nginx error SSL: error:0906D06C:PEM routines:PEM_read_bio:no start

Nevermind Guys. It has been a simple configuration issue confusing key and cert

I'm trying to setup nginx inside a docker container. It throws the error:

nginx: [emerg] PEM_read_bio_X509_AUX("/ssl/nginx.key") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)

I am well aware this is usually caused by a Syntax error, but:

openssl rsa -noout -text -in /ssl/nginx.key

seems to be working fine as now error message is thrown.

Is anybody aware of this issue and able to help me or replicate the error?

Have a nice weekend :)

Environment(of course ran in container):

nginx -v
nginx version: nginx/1.13.7

docker --version
Docker version 17.12.0-ce, build c97c6d6

cat nginx.conf
user       www-data;  ## Default: nobody
worker_processes  auto;
pid        /run/nginx.pid;
worker_rlimit_nofile 8192;

events {
  worker_connections  4096;  ## Default: 1024
}

http {
  include    mime.types;
  default_type application/octet-stream;
  sendfile     on;
  tcp_nopush   on;
  server {
          listen 80;
          listen 443 ssl;
          ssl_certificate     /ssl/nginx.key;
          ssl_certificate_key /ssl/nginx.crt;

          root /web/phabricator/webroot;
          index index.html index.htm index.php;

          server_name _;

          location / {
            index index.php;
            rewrite ^/(.*)$ /index.php?__path__=/$1 last;
          }

          location ~ \.php$ {
            fastcgi_pass   php:9000;
            fastcgi_index   index.php;

            #required if PHP was built with --enable-force-cgi-redirect
            fastcgi_param  REDIRECT_STATUS    200;

            #variables to make the $_SERVER populate in PHP
            fastcgi_param  SCRIPT_FILENAME   $document_root$fastcgi_script_name;
            fastcgi_param  QUERY_STRING       $query_string;
            fastcgi_param  REQUEST_METHOD     $request_method;
            fastcgi_param  CONTENT_TYPE       $content_type;
            fastcgi_param  CONTENT_LENGTH     $content_length;

            fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;

            fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
            fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

            fastcgi_param  REMOTE_ADDR        $remote_addr;
    }
  }
}

Upvotes: 2

Views: 5499

Answers (1)

mwfearnley
mwfearnley

Reputation: 3669

As you've pointed out, the error is in mixing up the .key and .crt file. It's easily done.

ssl_certificate     /ssl/nginx.key;
ssl_certificate_key /ssl/nginx.crt;

The files just need to be swapped round:

ssl_certificate     /ssl/nginx.crt;
ssl_certificate_key /ssl/nginx.key;

Upvotes: 1

Related Questions