发表新帖
发表新帖

haproxy - unable to load SSL private key from PEM file

后端 未结
关注
9 1556
悲哀的现实
悲哀的现实 2021-02-05 00:41

haproxy does not start anymore, it shows the error

bind :443\' : unable to load SSL private key from PEM file ...

We did not change a

相关标签:
9条回答
  • 轻奢々
    2021-02-05 00:49

    I also encountered this error. You might want to try to remove the passphrase from the private key before you begin ripping your hair out. It solved the problem for me. I think HAProxy is supposed to ask you for the password on restart, but it didn't in my case using 'sudo /etc/init.d/haproxy restart

    To remove the password, try 'openssl rsa -in [PRIVATE_KEY_FILE] -out nopassphrase.key'

    Is passphrase necesssary? There's a discussion in the link below. https://security.stackexchange.com/questions/70495/ssl-certificate-is-passphrase-necessary-and-how-does-apache-know-it

    0 讨论(0)
  • 春和景丽
    2021-02-05 00:58

    For the latest version of letsencrypt certbot,fullchain.pem and privkey.pem files will be generated for you in /etc/letsencrypt/live/example.com folder. They need to be combined in order to HAProxy to read it properly.

    cat fullchain.pem privkey.pem > example.com.pem

    In HAProxy configuraion /etc/haproxy/haproxy.cfg

    bind *:443 ssl crt /etc/letsencrypt/live/example.com/example.com.pem
    0 讨论(0)
  • 别那么骄傲
    2021-02-05 01:01

    Did you append your certificate's private key to the end of the file?

    HAProxy requires a "full chain" - certificate, intermediate authority (if you have one), and then private key. E.g.:

    cat cert.pem cert.key > /haproxy/certs/fullchain.pem
    0 讨论(0)
  • 我在风中等你
    2021-02-05 01:02

    The order in which the cert and key files appear in the pem is important. Use the following to create the pem file.

    cat example.com.crt example.com.key > example.com.pem
    0 讨论(0)
  • 小鲜肉
    2021-02-05 01:02

    The problem for me was a strange character at the beginning of the key.

    This character did not show up when I cated the file because the character was <feff> otherwise known as the UTF-8 BOM (Byte Order Mark). It only showed up when I opened the file in vim.

    I wouldn't expect this to be very common, but hopefully it saves someone some headache.

    0 讨论(0)
  • 星月不相逢
    2021-02-05 01:04

    Just for information, in my case I had space character in front of "-----BEGIN RSA PRIVATE KEY-----" sequence and that broke the pem file.

    0 讨论(0)
 看不清?
提交回复
热议问题