Though close to the previous question, this is not a duplicate. The issue is not addressed by other Q&A that addresses a much older version of HAProxy.
HA-Proxy version 1.7.12 2019/10/25 PRETTY_NAME="Debian GNU/Linux 10 (buster)" NAME="Debian GNU/Linux" VERSION_ID="10" VERSION="10 (buster)" VERSION_CODENAME=buster
I have my x509 certificate preceding my RSA private key:
-----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- ... -----END RSA PRIVATE KEY-----
I validated these with:
openssl x509 -inform PEM -in app.perm openssl rsa -inform PEM -in app.perm
haproxy is compiled with OpenSSL:
root@00000000:/usr/local/etc/haproxy# haproxy -vv | grep OpenSSL Built with OpenSSL version : OpenSSL 1.1.1d 10 Sep 2019 Running on OpenSSL version : OpenSSL 1.1.1d 10 Sep 2019 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports prefer-server-ciphers : yes
And the configuration file is valid:
root@f540c2c89385:/usr/local/etc/haproxy# haproxy -c -f
Configuration file is valid
Yet, I get an error saying that the SSL certificate cannot be parsed from the PEM file…
<7>haproxy-systemd-wrapper: executing /usr/local/sbin/haproxy -p /run/haproxy.pid -db -f /usr/local/etc/haproxy/haproxy.cfg -Ds [ALERT] 342/180504 (7) : parsing [/usr/local/etc/haproxy/haproxy.cfg:28] : 'bind *:443' : unable to load SSL certificate from PEM file '/usr/local/etc/haproxy/certs/app.perm'. [ALERT] 342/180504 (7) : Error(s) found in configuration file : /usr/local/etc/haproxy/haproxy.cfg [ALERT] 342/180504 (7) : Fatal errors found in configuration. <5>haproxy-systemd-wrapper: exit, haproxy RC=1
Is there a way that I can get more error information?
I believe that maybe, I am getting an error that points me in the wrong direction. I thought it was a parsing error, but checking the file thoroughly indicates it is not