HAProxy is unable to load SSL certificate from PEM file despite valid PEM file and config file

Though close to the previous question, this is not a duplicate. The issue is not addressed by other Q&A that addresses a much older version of HAProxy.

HA-Proxy version 1.7.12 2019/10/25

PRETTY_NAME="Debian GNU/Linux 10 (buster)"
NAME="Debian GNU/Linux"
VERSION="10 (buster)"

I have my x509 certificate preceding my RSA private key:


I validated these with:

openssl x509 -inform PEM -in app.perm
openssl rsa -inform PEM -in app.perm

haproxy is compiled with OpenSSL:

root@00000000:/usr/local/etc/haproxy# haproxy -vv | 
grep OpenSSL
Built with OpenSSL version : OpenSSL 1.1.1d  10 Sep 2019
Running on OpenSSL version : OpenSSL 1.1.1d  10 Sep 2019
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes

And the configuration file is valid:
root@f540c2c89385:/usr/local/etc/haproxy# haproxy -c -f
Configuration file is valid

Yet, I get an error saying that the SSL certificate cannot be parsed from the PEM file…

<7>haproxy-systemd-wrapper: executing /usr/local/sbin/haproxy -p /run/haproxy.pid -db -f 
/usr/local/etc/haproxy/haproxy.cfg -Ds 
[ALERT] 342/180504 (7) : parsing [/usr/local/etc/haproxy/haproxy.cfg:28] : 'bind *:443' : 
unable to load SSL certificate from PEM file '/usr/local/etc/haproxy/certs/app.perm'.
[ALERT] 342/180504 (7) : Error(s) found in configuration file : 
[ALERT] 342/180504 (7) : Fatal errors found in configuration.
<5>haproxy-systemd-wrapper: exit, haproxy RC=1

Is there a way that I can get more error information?

I believe that maybe, I am getting an error that points me in the wrong direction. I thought it was a parsing error, but checking the file thoroughly indicates it is not :frowning:

Shouldn’t be app.pem instead of app.perm?