Erro de "ssl_certificate_key" NGINX

My domain is:

tvrio.rbc.net.br

I ran this command:

/usr/local/nginx/sbin/nginx -t

It produced this output:

nginx: [emerg] no "ssl_certificate_key" is defined for certificate "/etc/letsencrypt/live/tvrio.rbc.net.br/fullchain.pem"

My web server is (include version):

nginx version: nginx/1.18.0 (Ubuntu)

The operating system my web server runs on is (include version):

NAME="Ubuntu"
VERSION="20.04.6 LTS (Focal Fossa)"

The version of my certbot:

certbot 0.40.0

The certbot certificates:


Found the following certs:
Certificate Name: tvrio.rbc.net.br-0001
Domains: tvrio.rbc.net.br
Expiry Date: 2024-07-01 10:24:55+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/tvrio.rbc.net.br-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/tvrio.rbc.net.br-0001/privkey.pem
Certificate Name: tvrio.rbc.net.br
Domains: tvrio.rbc.net.br www.tvrio.rbc.net.br
Expiry Date: 2024-07-01 04:01:08+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/tvrio.rbc.net.br/fullchain.pem
Private Key Path: /etc/letsencrypt/live/tvrio.rbc.net.br/privkey.pem


What happens every time I start the application "/usr/local/nginx/sbin/nginx -t " it gives me this error:

nginx: [emerg] no "ssl_certificate_key" is defined for certificate "/etc/letsencrypt/live/tvrio.rbc.net.br/privkey.pem"

My configuration /usr/local/nginx/conf/nginx.conf

worker_processes auto;
events {
worker_connections 1024;
}

rtmp {
server {
listen 1935; # Listen on standard RTMP port
chunk_size 4096;

    application live {
        live on;
        # Turn on HLS
        hls on;
        hls_path /mnt/hls/;
        hls_fragment 10;
        hls_playlist_length 60;
        # disable consuming the stream from nginx as rtmp
        deny play all;
   }
}

}

http {
sendfile off;
tcp_nopush on;
# aio on;
directio 512;
default_type application/octet-stream;

server {
    listen 443 ssl;
    server_name tvrio.rbc.net.br;
    ssl_certificate /etc/letsencrypt/live/tvrio.rbc.net.br/fullchain.pem;
ssl_certificate /etc/letsencrypt/live/tvrio.rbc.net.br/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        # Disable cache
        add_header 'Cache-Control' 'no-cache';

        # CORS setup
        add_header 'Access-Control-Allow-Origin' '*' always;
        add_header 'Access-Control-Expose-Headers' 'Content-Length';

        # allow CORS preflight requests
        if ($request_method = 'OPTIONS') {
            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'Access-Control-Max-Age' 1728000;
            add_header 'Content-Type' 'text/plain charset=UTF-8';
            add_header 'Content-Length' 0;
            return 204;
        }

        types {
            application/dash+xml mpd;
            application/vnd.apple.mpegurl m3u8;
            video/mp2t ts;
        }

        root /mnt/;
    }
}

}

This is incorrect. Please refer to the error generated by nginx to see what's going wrong.

3 Likes

How do I check this?

There's nothing to check. You have ssl_certificate twice for 2 different files and nginx is complaining about a missing ssl_certificate_key. It's no rocket science.

4 Likes

But is the certificate there or did I misunderstand

root@rbc-tv-rio:/etc/letsencrypt/live/tvrio.rbc.net.br# ls -al
total 12
drwxr-xr-x 2 root root 4096 Apr 2 05:01 .
drwx------ 4 root root 4096 Apr 2 10:56 ..
lrwxrwxrwx 1 root root 40 Apr 2 05:01 cert.pem -> ../../archive/tvrio.rbc.net.br/cert2.pem
lrwxrwxrwx 1 root root 41 Apr 2 05:01 chain.pem -> ../../archive/tvrio.rbc.net.br/chain2.pem
lrwxrwxrwx 1 root root 45 Apr 2 05:01 fullchain.pem -> ../../archive/tvrio.rbc.net.br/fullchain2.pem
lrwxrwxrwx 1 root root 43 Apr 2 05:01 privkey.pem -> ../../archive/tvrio.rbc.net.br/privkey2.pem
-rw-r--r-- 1 root root 692 Apr 2 04:38 README

The certificate is there indeed, but you're also feeding the private key to the duplicate ssl_certificate option whereas that should be ssl_certificate_key.

2 Likes

Let me see if I understand, it has to be ssl_certificate_key instead of ssl_certificate and that?

The one with privkey.pem, yes.

3 Likes

thanks

2 Likes