Nginx Question posted in
The official documentation can be found here.

PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) – Nginx

when I am using this command to generate a certificate of my website:

/usr/local/bin/certbot certonly -d '*.poemhub.top' 
--manual --preferred-challenges dns 
--cert-name=poemhub 
--key-type=ecdsa 
--server https://acme-v02.api.letsencrypt.org/directory

it tell me generate success:

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/poemhub/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/poemhub/privkey.pem
   Your certificate will expire on 2021-10-10. To obtain a new or
   tweaked version of this certificate in the future, simply run
   certbot again. To non-interactively renew *all* of your
   certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

now I am using this command to reload the nginx:

nginx -s reload

and tell me this error:

nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/poemhub.top/fullchain.pem": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)

where is going wrong? what should I do to fix the problem?

Tags:

2

Answers


  1. 0

    The path you use in your nginx configuration is not the path where the file was generated:

    … have been saved at:
    /etc/letsencrypt/live/poemhub/fullchain.pem

    vs.

    "/etc/letsencrypt/live/poemhub.top/fullchain.pem": PEM_read_bio_X509_AUX() failed …

    Login or Signup to reply.
  2. 0

    It is possible to get this error if you have swapped the key and cert files around ( wasn’t me 🙂 ).

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search