Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Does not work with Let's encrypt generated .pem certificate files #148

Closed
jkulak opened this issue Sep 29, 2022 · 3 comments
Closed

Does not work with Let's encrypt generated .pem certificate files #148

jkulak opened this issue Sep 29, 2022 · 3 comments
Labels
needs-verification Issue needs to be reproduced v2 v2 release

Comments

@jkulak
Copy link

jkulak commented Sep 29, 2022
edited

Describe the bug

Server runs on http as expected. I try to switch to https:

#### HTTP/2 + TLS
http2 = true
http2-tls-cert = "/home/www/deployment/fullchain.pem"
http2-tls-key =  "/home/www/deployment/privatkey.pem"

I tried with with cert.pem, chain.pem as well - same error. Server does not start.

To Reproduce

  1. Generate certificate files following: https://certbot.eff.org/instructions?ws=other&os=ubuntufocal
  2. Edit /dev/config.file like above, make sure paths are correct
  3. Run docker run --env SERVER_CONFIG_FILE=/config.toml -v /dev/config.toml:/config.toml -p 8787:80 joseluisq/static-web-server:2.12

Expected behavior

Webiste runts over https.

Logs/Screenshots

2022-09-29T22:32:19.848863Z  INFO static_web_server::server: config file: /config.toml
2022-09-29T22:32:19.849055Z  INFO static_web_server::server: server bound to tcp socket [::]:8787
2022-09-29T22:32:19.849092Z  INFO static_web_server::server: runtime worker threads: 2
2022-09-29T22:32:19.849097Z  INFO static_web_server::server: security headers: enabled=true
2022-09-29T22:32:19.849101Z  INFO static_web_server::server: auto compression: enabled=true
2022-09-29T22:32:19.849104Z  INFO static_web_server::server: compression static: enabled=false
2022-09-29T22:32:19.849108Z  INFO static_web_server::server: directory listing: enabled=false
2022-09-29T22:32:19.849116Z  INFO static_web_server::server: directory listing order code: 6
2022-09-29T22:32:19.849119Z  INFO static_web_server::server: cache control headers: enabled=true
2022-09-29T22:32:19.849130Z  INFO static_web_server::server: basic authentication: enabled=false
2022-09-29T22:32:19.849134Z  INFO static_web_server::server: log remote address: enabled=false
2022-09-29T22:32:19.849137Z  INFO static_web_server::server: redirect trailing slash: enabled=true
2022-09-29T22:32:19.849141Z  INFO static_web_server::server: grace period before graceful shutdown: 0s
2022-09-29T22:32:19.849276Z ERROR static_web_server::server: server failed to start up: failed to initialize TLS probably because invalid cert or key file

Caused by:
    certificate parse error

Environment and Specs

  • static-web-server: v12.2
  • OS: Ubuntu 20.04 LTS
  • Docker: Docker version 19.03.8, build afacb8b7f0
  • Client: n/a

Additional context

Listing of the directory with files:

www@broowqh:~/deployment$ ls -la
total 52
drwxr-xr-x  2 www www  4096 Sep 30 00:47 .
drwxr-xr-x 12 www www  4096 Sep 29 22:48 ..
-rw-r--r--  1 www root 5595 Sep 30 00:29 fullchain.pem
-rw-r--r--  1 www root 1708 Sep 30 00:29 privkey.pem
-rw-rw-r--  1 www www  1535 Sep 30 00:33 config.toml

Docker is run by www user.

Full config: https://pastebin.com/5XsbGVv4
@joseluisq joseluisq added needs-verification Issue needs to be reproduced v2 v2 release labels Sep 30, 2022
@joseluisq
Copy link
Collaborator

joseluisq commented Sep 30, 2022
edited

Can you confirm please how the format of your private key looks like? Does it start with BEGIN EC PRIVATE KEY or BEGIN RSA PRIVATE KEY?
Since EC private keys are not supported on this release yet. But in the next one.

@joseluisq
Copy link
Collaborator

Does any progress on that using latest release?

@joseluisq joseluisq mentioned this issue May 28, 2023
Closed
@joseluisq
Copy link
Collaborator

Closing this since #207 seems related and we already support EC private keys #208.
Feel free to re-open the issue if necessary.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs-verification Issue needs to be reproduced v2 v2 release
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jkulak @joseluisq