nginx fails to load ssl certificate

nginx cannot load certificate permission denied
nginx ssl certificate
nginx: (emerg cannot load certificate bio_new_file)
install ssl certificate ubuntu nginx
nginx expecting: trusted certificate
nginx emerg cannot load certificate key pem_read_bio_privatekey failed ssl
error:2006d080:bio routines:bio_new_file:no such file
nginx certificate chain

I have to add ssl (https) for a website, I was given a SSL.CSR and a SSL.KEY file. I 'dos2unix'ed them (because they have trailing ^M) and copied them to the server(CSR -> mywebsite.crt, KEY -> mywebsite.key). I did the following modification to nginx.conf:

@@ -60,8 +60,13 @@
        }

     server {
-       listen       80;
+       listen       443;
         server_name  ...;
+       ssl                 on;
+       ssl_certificate     mywebsite.crt;
+       ssl_certificate_key mywebsite.key;
+       ssl_session_cache   shared:SSL:10m;
+       ssl_session_timeout 10m;
        # Set the max size for file uploads to 500Mb

        client_max_body_size 500M;

Error happens when I restart nginx:

nginx: [emerg] PEM_read_bio_X509_AUX("/etc/nginx/mywebsite.crt") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)

I figure it's because the first line of mywebsite.crt file contains 'REQUEST', so I remove 'REQUEST' from the first and last of the lines, and restart nginx again, and hit another error:

nginx: [emerg] PEM_read_bio_X509_AUX("/etc/nginx/mywebsite.crt") failed (SSL: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:Field=algorithm, Type=X509_ALGOR error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:Field=signature, Type=X509_CINF error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:Field=cert_info, Type=X509 error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib)

Any idea?


You should never share your private key. You should consider the key you posted here compromised and generate a new key and signing request.

You have a certificate request and not an actual signed certificate. You provide the request ('CSR') to the signing party. They use that request to create a signed certificate ('CRT') which they then make available to you. The key is never disclosed to anyone.

nginx fails to load a file - ssl certificate, The problem was the route, as you set /etc/gninx/ssl/server.crt; which should be / etc/nginx/ssl/server.crt;. nginx fails to load a file - ssl certificate - even if its clearly there. Ask Question Asked 5 years, 11 months ago. Active 4 years, 3 months ago.


FYI, you can validate the keys just calling:

openssl x509 -noout -text -in your.crt
openssl rsa -noout -text -in your.key

In my case this error proved rather subtle: the BEGIN block started with 4 dashes, not 5. ---- vs -----. Sadly the validation tool error messages aren't very specific.

Nginx startup fails ssl no such file or directory, Also check the permissions of the .pem file, if Nginx cannot access it, it can show as docker run -d -P --name docker-nginx -v /etc/ssl/certs:/etc/ssl/certs nginx. I've done all I can to ensure it's not about permissions, like setenforce 0, move the files to /etc/nginx/ssl, use 0644 mode on them and ensure the parent dir has 0755, also tried setting nginx user as group owner, ensured workers run as nginx user, that nginx user is member of nginx group and that nginx was completely shutdown to end all user


I came across this issue while searching online for SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE I got this error after running:

    nginx -t

The problem I had was that cert.pem and cert.key was missing

    -----BEGIN CERTIFICATE-----
    -----END CERTIFICATE-----

SSL Certificate on NGINX fails to load – Onooks, Feb 20 11:06:35 my.server.com nginx[6173]: nginx: [emerg] cannot load certificate "/etc/ssl/certs/certificate.crt": BIO_new_file() failed (SSL:� I tried to add new SSL certificates and i go this issue when try to generate it : it was working perfectly fine 2 days ago i pulled the last container and for some reason i got this message (unhealthy) with docker ps


I configured the certificates wrongly in gitlab.rb file. A simple error took long to realize.

nginx['ssl_certificate'] = "/etc/gitlab/ssl/self-ssl.crt"
nginx['ssl_certificate'] = "/etc/gitlab/ssl/self-ssl.key"

Instead of

nginx['ssl_certificate'] = "/etc/gitlab/ssl/self-ssl.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/self-ssl.key"

I can't install the SSL certificate in nginx, I have a Node js application that listens to port 3000. I installed nginx and configured it so that it redirects the data from port 80 to 3000 using the� This quick, four-part guide explains how to install an SSL certificate on NGINX. The first part provides step by step instructions on how to generate a CSR code for NGINX, while the middle section focuses on the SSL installation itself.


The steps on the NGINX site for combining your public certificate with an intermediate certificate use cat to combine the two files. But if your public cert file does not end in a new line, the -----BEGIN CERTIFICATE----- line of the intermediate cert will be appended to the end of the -----END CERTIFICATE----- line of the public certificate, leading to an invalid chained certificate file. Manually separating these two lines can correct the issue.

How to install an SSL certificate on a NGINX server – HelpDesk , crt files. You need to link the Certificate issued for your domain with intermediate and root certificates into one file. The order of Certificates in the� cat your_domain.crt your_domain.ca-bundle >> ssl-bundle.crt. Place the created file into the directory with the SSL certificates on your NGINX server. Step 2: Edit NGINX Configuration File. After the Certificate is uploaded, you need to modify your NGINX configuration file (by default it is called nginx.conf).


NGINX SSL Termination, Web Server Load Balancing with NGINX Plus To set up an HTTPS server, in your nginx.conf file include the ssl parameter to the listen directive in the server /www.example.com.key") failed (SSL: error:0B080074:x509 certificate routines:� Sometimes, even PKI veterans struggle with ordering or installing SSL/TLS certificates. This does not suggest a lack of knowledge – rather, those processes can bring up previously unseen errors. Ordering the right certificate, creating a CSR, downloading it, installing it, and testing it to make sure there are no problems are all areas where


Nginx SSL Certificate Errors: PEM_read_bio_X509_AUX , This can happen if you've accidentally swapped your private key and SSL certificate in either your files, or in the Nginx configuration. Your Nginx config will contain these kind of lines for its SSL configuration. ssl_certificate /etc/nginx/ssl/mydomain. Save, quit and now restart NGINX to load the new configuration and enable TLS/SSL over HTTPS with your GoDaddy Certificate. sudo service nginx restart Test it out by accessing your site via HTTPS,


Apache or nginx fails to start in Plesk: BIO_new_file: certificate not , Applicable to: Plesk Onyx for Linux Symptoms nginx or Apache fails to start with failed (SSL: error:02001002:system library:fopen:No such file or Error displayed in Plesk Home page: nginx: [emerg] cannot load certificate� The private key is a secure entity and should be stored in a file with restricted access, however, it must be readable by nginx’s master process. The private key may alternately be stored in the same file as the certificate: ssl_certificate www.example.com.cert; ssl_certificate_key www.example.com.cert;