Though close to the previous question, this is not a duplicate. The issue is not addressed by other Q&A that addresses a much older version of HAProxy.
HA-Proxy version 1.7.12 2019/10/25
PRETTY_NAME="Debian GNU/Linux 10 (buster)"
NAME="Debian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
I have my x509 certificate preceding my RSA private key:
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
I validated these with:
openssl x509 -inform PEM -in app.perm
openssl rsa -inform PEM -in app.perm
haproxy is compiled with OpenSSL:
root@00000000:/usr/local/etc/haproxy# haproxy -vv |
grep OpenSSL
Built with OpenSSL version : OpenSSL 1.1.1d 10 Sep 2019
Running on OpenSSL version : OpenSSL 1.1.1d 10 Sep 2019
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
And the configuration file is valid:
root@f540c2c89385:/usr/local/etc/haproxy# haproxy -c -f
haproxy.cfg
Configuration file is valid
Yet, I get an error saying that the SSL certificate cannot be parsed from the PEM file…
<7>haproxy-systemd-wrapper: executing /usr/local/sbin/haproxy -p /run/haproxy.pid -db -f
/usr/local/etc/haproxy/haproxy.cfg -Ds
[ALERT] 342/180504 (7) : parsing [/usr/local/etc/haproxy/haproxy.cfg:28] : 'bind *:443' :
unable to load SSL certificate from PEM file '/usr/local/etc/haproxy/certs/app.perm'.
[ALERT] 342/180504 (7) : Error(s) found in configuration file :
/usr/local/etc/haproxy/haproxy.cfg
[ALERT] 342/180504 (7) : Fatal errors found in configuration.
<5>haproxy-systemd-wrapper: exit, haproxy RC=1
Is there a way that I can get more error information?
I believe that maybe, I am getting an error that points me in the wrong direction. I thought it was a parsing error, but checking the file thoroughly indicates it is not