Server certificate need help

Hi can I ask some help please, we bought SSL certificate to Go Daddy,

I unzip the files to /etc/nginx/ssl

it has 3 files

xxxxxxxxxx.crt
xxxxxxxxxx.pem
gd_bundle-xx-xx.crt

mysite.key - I got this from go daddy panel admin

Now I add the files to my nginx

server {
        listen 80;
      #  listen [::]:80;

        listen 443 ssl;

        ssl_certificate /etc/nginx/ssl/xxxxxxxxxx.pem;
        ssl_certificate_key /etc/nginx/ssl/mysite.key;

}

but I got this error

nginx: [emerg] cannot load certificate key “/etc/nginx/ssl/mysite.key”: PEM_read_bio_PrivateKey() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: ANY PRIVA

can you help me please what I’m missing or my configraution in nginx is wrong

Thank you in advance.

1 Like

The key file is the file you got when you created the Certifcate Request (CSR).

Also, for the certificate file you probably want gd_bundle-xx-xx.crt

Once installed make sure to run it past https://www.ssllabs.com/ssltest/ to make sure it’s installed correctly.

Hi rpkamp, yes I follow your suggestion but still no luck

nginx: [emerg] cannot load certificate key "/etc/nginx/ssl/mysite.key": PEM_read_bio_PrivateKey() failed

(SSL: error:0909006C:PEM routines:get_name:no start line:Expecting:

Here is my mysite.conf


   server{
		   
		   listen 443 ssl;

           listen [::]:443 ssl;

			 ssl_certificate /etc/nginx/ssl/gd_bundle-xx-xx.crt;
			 ssl_certificate_key /etc/nginx/ssl/mysite.key;
			 
			 root /var/www/mysite;
		 
		 }

You’re still using the same key file. You need the key file that was generated when you created the request for the SSL certificate.

Usually you need to run an openssl command and that generates several files, one you upload to the SSL provider (so godaddy in your case) which they then use to create the certificate, and the other is a key file. That key file is the one you need.