It is an error to the SSL connection

[negima1976]

■Environment

OS: CentOS 6.7(x86_64)
kernel: 2.6.32-573.3.1.el6.x86_64
h2o: 1.4.4
openssl: 1.0.1e

■h2o cmake option

cmake -DWITH_BUNDLED_SSL=on

■h2o config

user: nobody
listen:
port: 80
host: 0.0.0.0

listen:
port: 443
host: 0.0.0.0
ssl:
key-file: /etc/pki/tls/private/server.key
certificate-file: /etc/pki/tls/certs/server.pem

max-connections: 1024

file.index: ['index.php', 'index.html']
file.send-gzip: ON
file.etag: OFF
expires: 1 day

hosts:
"hogehoge.com:80":
paths:
/:
redirect: https://hogehoge.com/

"hogehoge.com:443":
paths:
/:
file.dir: /path/wordpress
file.dirlisting: OFF
redirect:
url: /index.php/
internal: YES
status: 307

file.custom-handler:
extension: .php
fastcgi.connect:
port: /var/run/php-fpm/php-fpm.sock
type: unix

access-log: "| exec rotatelogs /var/log/h2o/access.log.%Y%m%d 86400"
error-log: "| exec rotatelogs /var/log/h2o/error.log.%Y%m%d 86400"
pid-file: /var/run/h2o.pid
http2-reprioritize-blocking-assets: ON

header.unset: "X-Powered-By"
header.set: "X-Content-Type-Options: nosniff"

■ configration test

h2o -c /etc/h2o/h2ossl.conf -t
Enter PEM pass phrase:
[OCSP Stapling] testing for certificate file:/etc/pki/tls/certs/server.pem
fetch-ocsp-response (using OpenSSL 1.0.1e-fips 11 Feb 2013)
sending OCSP request to http://gv.symcd.com
/etc/pki/tls/certs/server.pem: good
    This Update: Aug 19 01:02:14 2015 GMT
    Next Update: Aug 26 01:02:14 2015 GMT
verifying the response signature
verify OK (used: -VAfile /tmp/MLclhcdAt8/issuer.crt)
[OCSP Stapling] stapling works for file:/etc/pki/tls/certs/server.pem
Enter PEM pass phrase:
[OCSP Stapling] testing for certificate file:/etc/pki/tls/certs/server.pem
fetch-ocsp-response (using OpenSSL 1.0.1e-fips 11 Feb 2013)
sending OCSP request to http://gv.symcd.com
/etc/pki/tls/certs/server.pem: good
    This Update: Aug 19 01:02:14 2015 GMT
    Next Update: Aug 26 01:02:14 2015 GMT
verifying the response signature
verify OK (used: -VAfile /tmp/U_ABtoqx2R/issuer.crt)
[OCSP Stapling] stapling works for file:/etc/pki/tls/certs/server.pem
configuration OK

■h2o error.log

starting new worker 11524
Enter PEM pass phrase:
[/etc/h2o/h2ossl.conf:10] in command listen, failed to load private key file:/etc/pki/tls/private/server.key

139901539391392:error:0906406D:PEM routines:PEM_def_callback:problems getting password:pem/pem_lib.c:116:
139901539391392:error:0906A068:PEM routines:PEM_do_header:bad password read:pem/pem_lib.c:467:
139901539391392:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:613:
new worker 11524 seems to have failed to start, exit status:19968
starting new worker 11525
Enter PEM pass phrase:
[/etc/h2o/h2ossl.conf:10] in command listen, failed to load private key file:/etc/pki/tls/private/server.key

140023512741792:error:0906406D:PEM routines:PEM_def_callback:problems getting password:pem/pem_lib.c:116:
140023512741792:error:0906A068:PEM routines:PEM_do_header:bad password read:pem/pem_lib.c:467:
140023512741792:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:613:
new worker 11525 seems to have failed to start, exit status:19968
starting new worker 11527
Enter PEM pass phrase:
[/etc/h2o/h2ossl.conf:10] in command listen, failed to load private key file:/etc/pki/tls/private/server.key

139798662301600:error:0906406D:PEM routines:PEM_def_callback:problems getting password:pem/pem_lib.c:116:
139798662301600:error:0906A068:PEM routines:PEM_do_header:bad password read:pem/pem_lib.c:467:
139798662301600:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:613:
new worker 11527 seems to have failed to start, exit status:19968
starting new worker 11536
Enter PEM pass phrase:
[/etc/h2o/h2ossl.conf:10] in command listen, failed to load private key file:/etc/pki/tls/private/server.key

140685311305632:error:0906406D:PEM routines:PEM_def_callback:problems getting password:pem/pem_lib.c:116:
140685311305632:error:0906A068:PEM routines:PEM_do_header:bad password read:pem/pem_lib.c:467:
140685311305632:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:613:
new worker 11536 seems to have failed to start, exit status:19968
starting new worker 11537
Enter PEM pass phrase:

The nginx 's and is working without problems .

[kazuho]

You must not use a password-protected private key file. They offer basically no advantage (on hiding the private key), while making it hard to administer the servers.

Assuming that you are a Japanese, a good guide to remove the password can be found https://www.digicert.ne.jp/howto/basis/decrypt_key.html.

[negima1976]

very thanks @kauho