nginx: [emerg] cannot load certificate PEM_read_bio_X509() failed

neal

安装好 Let'sEncrypt 免费通配符/泛域名SSL证书后,重启nginx报错    使用的是lnmp1.9


nginx: [emerg] cannot load certificate "/usr/local/nginx/conf/ssl/fullchain.cer": PEM_read_bio_X509() failed
nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed

nginx版本信息如下：

[root@VM-0-13-centos ~]# nginx -V
nginx version: nginx/1.22.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
built with OpenSSL 1.1.1o  3 May 2022
TLS SNI support enabled
configure arguments: --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module --with-http_gzip_static_module --with-http_sub_module --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-openssl=/root/lnmp1.9/src/openssl-1.1.1o --with-openssl-opt='enable-weak-ssl-ciphers' --with-ld-opt='-ljemalloc' --add-module=/root/nginx-let-module


使用openssl 查看是正常的
openssl x509 -in /usr/local/nginx/conf/ssl/fullchain.cer -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:7c:44:38:b0:63:5a:e0:37:96:8e:36:81:51:20:cd:9f:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Validity
            Not Before: Sep 15 01:45:47 2022 GMT
            Not After : Dec 14 01:45:46 2022 GMT
        Subject: CN=mingshishaobing.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:

licess

生成的ssl证书是在 /usr/local/nginx/conf/ssl/域名/ 目录下
检查配置文件是否正确配置，ssl_certificate 为 路径+fullchain.cer ， ssl_certificate_key 为 key的 路径+文件名

neal

licess 发表于 2022-9-15 19:41
生成的ssl证书是在 /usr/local/nginx/conf/ssl/域名/ 目录下
检查配置文件是否正确配置，ssl_certificate  ...

路径检查了 都是没有问题的  

上面路径 我把域名给去掉了

neal

licess 发表于 2022-9-15 19:41
生成的ssl证书是在 /usr/local/nginx/conf/ssl/域名/ 目录下
检查配置文件是否正确配置，ssl_certificate  ...

从 阿里云上申请的证书  也是报这个错误信息  证书路径全是正确的
openssl x509 -in /usr/local/nginx/conf/ssl/fullchain.cer -text -noout  检测也是正常的  就是重启nginx的时候 报错

licess

neal 发表于 2022-9-16 14:48
从 阿里云上申请的证书  也是报这个错误信息  证书路径全是正确的
openssl x509 -in /usr/local/nginx/co ...

自己动过证书文件吗？
一般 PEM_read_bio_X509() failed 后面还会有更详细的错误信息

neal

证书没改过     Let'sEncrypt 证书安装好之后  重启nginx之后 就出现这种情况了
阿里云的申请的证书 也是直接上传的 没有编辑过

重启之后   
nginx: [emerg] cannot load certificate "/usr/local/nginx/conf/ssl/fullchain.cer": PEM_read_bio_X509() failed
nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
就这两行错误

neal

nginx 错误日志
PEM_read_bio_X509() failed  也只有这个错误


2022/09/14 20:05:02 [notice] 5729#0: signal process started
2022/09/14 20:06:04 [notice] 5998#0: signal process started
2022/09/15 11:41:57 [emerg] 29923#0: cannot load certificate "/usr/local/nginx/conf/ssl/mingshishao.com/fullchain.cer": PEM_read_bio_X509() failed
2022/09/15 11:44:44 [emerg] 30472#0: cannot load certificate "/usr/local/nginx/conf/ssl/mingshishao.com/fullchain.cer": PEM_read_bio_X509() failed
2022/09/15 11:50:02 [emerg] 31532#0: cannot load certificate "/usr/local/nginx/conf/ssl/mingshishao.com/fullchain.cer": PEM_read_bio_X509() failed
2022/09/15 11:52:22 [emerg] 31987#0: cannot load certificate "/usr/local/nginx/conf/ssl/mingshishao.com/fullchain.cer": PEM_read_bio_X509() failed
2022/09/15 13:57:24 [emerg] 25148#0: cannot load certificate "/usr/local/nginx/conf/ssl/mingshishao.com/fullchain.cer": PEM_read_bio_X509() failed
2022/09/15 14:13:43 [emerg] 28393#0: cannot load certificate "/usr/local/nginx/conf/ssl/mingshishao.com/fullchain.cer": PEM_read_bio_X509() failed

licess

neal 发表于 2022-9-19 11:11
nginx 错误日志
PEM_read_bio_X509() failed  也只有这个错误

按现有信息看不确定什么问题

neal

licess 发表于 2022-9-19 14:10
按现有信息看不确定什么问题

谢谢军哥