Hi I've this problem with Nginx (v.1.14.2) on OpenBSD 6.5:
# nginx -t nginx: [emerg] BIO_new_file("/etc/nginx/$file_fullchain") failed (SSL: error:02FFF002:system library:func(4095):No such file or directory:fopen('/etc/nginx/$file_fullchain', 'r') error:20FFF080:BIO routines:CRYPTO_internal:no such file) nginx: configuration file /etc/nginx/nginx.conf test failed How did I do that? I just wanted to test TLS v1.3. but I didn't pay attention to the fact that the LibreSSL didn't support. (if I have understood correctly) The server Nginx can't restart, and the service web is down… Even, by restoring my oldier functional configuration only with TLS v1.2: it failed! ---- My functionnal TLS v1.2 config: ssl_buffer_size 4k; # 16k, for throughput, video applications ssl_session_cache shared:SSL:10m; ssl_session_tickets off; ssl_session_timeout 1h; ssl_certificate /etc/ssl/acme/stephane-huc.net.fullchain.pem; ssl_certificate_key /etc/ssl/acme/private/stephane-huc.net.privkey.pem; ssl_dhparam /etc/nginx/cfg/stephane-huc.net/dhp_4096.pem; ssl_ecdh_curve X25519:P-521:P-384; # Mozilla Modern Config ssl_protocols TLSv1.2; ssl_ciphers 'EECDH+CHACHA20:EECDH+AESGCM:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; ssl_prefer_server_ciphers on; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/ssl/acme/stephane-huc.net.chain.pem; resolver 80.67.169.12 80.67.169.40 [2001:910:800::12] [2001:910:800::40] valid=300s; ---- For TLS v1.3, I had just modified the lines, as: ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers 'TLS13+AESGCM+AES128:EECDH+CHACHA20:EECDH+AESGCM:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; -- ~ " Fully Basic System Distinguish Life! " ~ " Libre as a BSD " +=<<< ---- <me>Stephane HUC as PengouinBSD or CIOTBSD</me> <mail>b...@stephane-huc.net</mail>