PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)

when I am using this command to generate a certificate of my website:

/usr/local/bin/certbot certonly -d '*.poemhub.top' \
--manual --preferred-challenges dns \
--cert-name=poemhub \
--key-type=ecdsa \
--server https://acme-v02.api.letsencrypt.org/directory

it tell me generate success:

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/poemhub/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/poemhub/privkey.pem
   Your certificate will expire on 2021-10-10. To obtain a new or
   tweaked version of this certificate in the future, simply run
   certbot again. To non-interactively renew *all* of your
   certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

now I am using this command to reload the nginx:

nginx -s reload

and tell me this error:

nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/poemhub.top/fullchain.pem": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)

where is going wrong? what should I do to fix the problem?

Answers 2

  • The path you use in your nginx configuration is not the path where the file was generated:

    ... have been saved at: /etc/letsencrypt/live/poemhub/fullchain.pem

    vs.

    "/etc/letsencrypt/live/poemhub.top/fullchain.pem": PEM_read_bio_X509_AUX() failed ...


  • Great illustrated information. I thank you for that. No doubt it will be very helpful for my future projects. I want to see some other articles on the same topic!

    girls games


Related Articles