error:0909006C:PEM routines:get_name:no start line

actionjdjackson · March 9, 2023, 3:59am

I ran this command: rails server -b 'ssl://0.0.0.0:9292?key_pem=/etc/letsencrypt/live/www.madeinamericainc.com/privkey.pem&cert_pem=/etc/letsencrypt/live/www.madeinamericainc.com/fullchain.pem'

It produced this output: /home/ubuntu/.rbenv/versions/3.0.2/lib/ruby/gems/3.0.0/gems/puma-5.6.5/lib/puma/minissl.rb:328:in `initialize': SSL_CTX_use_certificate: error in file '/etc/letsencrypt/live/www.madeinamericainc.com/fullchain.pem': error:0909006C:PEM routines:get_name:no start line (Puma::MiniSSL::SSLError)

My web server is (include version): puma 5.6.5

The operating system my web server runs on is (include version): ubuntu 22

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don't know): can run sudo

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.4.0

_az · March 9, 2023, 4:01am

What user are you running Rails as?

actionjdjackson · March 9, 2023, 4:08am

as a normal user, "ubuntu" - when I run sudo rails server, etc etc etc I get the following error:

Could not find irb-1.6.3 in any of the sources
Run `bundle install` to install missing gems.

which I did, and it lists irb-1.6.3 as being there. I know I need to run rails server as sudo when I use 0.0.0.0:443 - it tells me I don't have permission:

Permission denied - bind(2) for "0.0.0.0" port 443 (Errno::EACCES)

orangepizza · March 9, 2023, 4:12am

maybe each users have different rails folders.
try sudo bundle install?

actionjdjackson · March 9, 2023, 4:13am

Yeah, I was thinking the same thing, so I tried sudo bundle install and it gives me

sudo: bundle: command not found

actionjdjackson · March 9, 2023, 4:20am

okay, I ran sudo gem install bundler and then ran sudo bundle install and sure enough it reloaded irb and my server is up and running with https!!

_az · March 9, 2023, 5:10am

Running Rails (or any web application) as root is a very bad idea. You shouldn't do it.

My suggestion was going to be that you could grant your ubuntu user access to the certificate and private key files.

You could do this by setting the group permission on your Certbot installation:

sudo chgrp -R ubuntu /etc/letsencrypt/{archive,live}
sudo find /etc/letsencrypt/{live,archive} -type f -exec chmod g+r {} \; -o -type d -exec chmod g+rxs {} \;

and your ubuntu user should be able to load your certificate and private key, which should also work through renewal. If you create a different certificate, you will have to repeat the step.

system · April 8, 2023, 5:10am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.