Permissions on Ubuntu 16.04 with Apache2, gnuTLS

Hello again - after the encouragement I got on this thread Certbot Apache Plugin - GnuTLS instead of OpenSSL I had a go with certbot certonly --webroot and after a significant bit of trial and error I got through the issuing of a certificate without any error.

Now I am trying to build my mydomain.com.conf with gnuTLS for port 443.

I followed
http://www.bauer-power.net/2012/11/how-to-upgrade-from-ssl-to-gnutls-for.html#.WTRIeVKZPdR to point my .conf file at the certificates. As per
Following https://certbot.eff.org/docs/using.html#webroot
my .conf file looks like this:

GnuTLSEnable On
GnuTLSCertificateFile /etc/letsencrypt/live/www.mydomain.com/fullchain.pem
GnuTLSKeyFile /etc/letsencrypt/live/www.mydomain.com/privkey.pem

using
sudo apachectl -t
tells me that everything is fine. Alas, on starting Apache it logs

GnuTLS: Error Reading Private Key ‘/etc/letsencrypt/live/www.mydomain.com/privkey.pem’

Any suggestions gratefully received!
Hanry

Please fill out the fields below so we can help you better.

My web server is (include version): Apache2

The operating system my web server runs on is (include version): Ubuntu Server 16.04 LTS

My hosting provider, if applicable, is: bigV.io

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Hi @Hanry,

Could you please show the output of the following commands?

ls -la /etc/letsencrypt/live/www.mydomain.com/

ls -la /etc/letsencrypt/archive/www.mydomain.com/

Cheers,
sahsanu

Certainly, @sahsanu, thank you for your help!

for the …/live/ folder:

lrwxrwxrwx 1 root root 39 May 31 11:20 cert.pem -> …/…/archive/www.mydomain.com/cert2.pem
lrwxrwxrwx 1 root root 40 May 31 11:20 chain.pem -> …/…/archive/www.mydomain.com/chain2.pem
lrwxrwxrwx 1 root root 44 May 31 11:20 fullchain.pem -> …/…/archive/www.mydomain.com/fullchain2.pem
lrwxrwxrwx 1 root root 42 May 31 11:20 privkey.pem -> …/…/archive/www.mydomain.com/privkey2.pem
-rw-r–r-- 1 root root 543 May 30 17:00 README

for the …/archive/ folder:

-rw-r–r-- 1 root root 1773 May 30 17:00 cert1.pem
-rw-r–r-- 1 root root 1814 May 31 11:20 cert2.pem
-rw-r–r-- 1 root root 1679 May 30 17:00 chain1.pem
-rw-r–r-- 1 root root 1647 May 31 11:20 chain2.pem
-rw-r–r-- 1 root root 3452 May 30 17:00 fullchain1.pem
-rw-r–r-- 1 root root 3461 May 31 11:20 fullchain2.pem
-rw-r–r-- 1 root root 1704 May 30 17:00 privkey1.pem
-rw-r–r-- 1 root root 1704 May 31 11:20 privkey2.pem

Hi @Hanry,

I see no problem with your files. I’ve installed Ubuntu 16.04 in a VM to test it, also installed apache with libapache2-mod-gnutls and configured a site to use it and I’ve no problem to load, neither the fullchain.pem file nor the privkey.pem file.

I would double check that you have the right path in GnuTLSKeyFile directive or that you don’t have any strange character in the path so, remove the directive and add it again typing the right path, avoid copy paste just in case and try again.

Dear @sahsanu,

This was very kind of you, to try it out yourself - and because you did so, I knew something had to be wrong in my set-up. I did as you suggested, typed the paths in again and it worked. One of those puzzling things… I even took a screenshot to check for myself but it looks exactly the same now - only, it works

Many thanks!
Hanry

@Hanry, I’m glad you got it. Maybe the problem is that you copied the line from a Windows machine and it had a different Carriage Return / Line Feed that are invisible characters… who knows

quite a possibility - I am using screen on my server a lot as I have to use different platforms all day, could have been some encoding issue. Again, I think this only got me to look quickly enough because you ran it in a VM successfully - which is really very nice!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.