Using private key for a standalone uWSGI instance

I’m building a web API using Python3 Flask.

At the moment, I’m trying to set up SSL connection with certbot generated certificate.

The problem is that the uWSGI doesn’t seem to recognize the private key generated (privkey.pem).

I tried manually generating certificate using OpenSSL and it runs alright, even though whatever client tries to access would mind the unverified credential.

I noticed that while the key I generated manually has “RSA PRIVATE KEY” on its header, the one generated by certbot only has “PRIVATE KEY”.

How can I make this work?

I’m running an up-to-date Debian 10 system. Once again, the web server is on a standalone uWSGI instance, running Python3 Flask application.

Thank you in advance.

There’s nothing special about Let’s Encrypt or uWSGI that would prevent them working together.

I just tried out the following in Python 3 and it worked fine:

export DOMAIN=example.org
uwsgi --master --https 0.0.0.0:8443,/etc/letsencrypt/live/$DOMAIN/fullchain.pem,/etc/letsencrypt/live/$DOMAIN/privkey.pem

What error do you encounter? Does the user you’re running uwsgi from have read access to privkey.pem? By default it’s only readable by root.

1 Like

Here’s what I got

[uwsgi-ssl] unable to assign key /etc/letsencrypt/archive//prikey1.pem for context “:12001”

port 12001 is what I am trying to run it on

Did you intentionally remove your domain name, or is that what it really said?

Can you also answer the question about read access? Can the user actually read the private key?

head -n 1 /etc/letsencrypt/live/$DOMAIN/privkey.pem

You should be using /etc/letsencrypt/live/ instead of archive. One of the potential ways that using archive can go bad is that the private key can get mismatched with the wrong certificate, which would produce the error you have.

Seems to be a missing v in there.

3 Likes

I removed my domain name, since it doesn’t belong to me.

It doesn’t seem to matter where I put the file, as I am only testing. But I will ensure that once it work.

Thanks again

1 Like

Hi again

After finding a combination of path and permission error, I was able to get the server up and running.

Thank you for all your help!

P.S.: My job is not done yet since the certificate fails to verify with clients. But that’s for another day! :smiley:

2 Likes

that sound link you are foget to provide intermediate cert. make it to user fullchain.pem instead?

3 Likes

Yup! I used cert.pem instead of fullchain.pem.

Changed it accordingly and it works!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.