Nginx error EMERG

Sat, 26 Oct 2019 07:52:35 -0700 

Hi

I've this problem with Nginx (v.1.14.2) on OpenBSD 6.5:

# nginx -t
nginx: [emerg] BIO_new_file("/etc/nginx/$file_fullchain") failed (SSL:
error:02FFF002:system library:func(4095):No such file or
directory:fopen('/etc/nginx/$file_fullchain', 'r') error:20FFF080:BIO
routines:CRYPTO_internal:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

How did I do that?
I just wanted to test TLS v1.3.
but I didn't pay attention to the fact that the LibreSSL didn't support.
(if I have understood correctly)

The server Nginx can't restart, and the service web is down…
Even, by restoring my oldier functional configuration only with TLS
v1.2: it failed!

----

My functionnal TLS v1.2 config:

ssl_buffer_size 4k; # 16k, for throughput, video applications

ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_session_timeout 1h;

ssl_certificate         /etc/ssl/acme/stephane-huc.net.fullchain.pem;
ssl_certificate_key     /etc/ssl/acme/private/stephane-huc.net.privkey.pem;
ssl_dhparam             /etc/nginx/cfg/stephane-huc.net/dhp_4096.pem;

ssl_ecdh_curve X25519:P-521:P-384;

# Mozilla Modern Config
ssl_protocols TLSv1.2;
ssl_ciphers
'EECDH+CHACHA20:EECDH+AESGCM:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;

ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/ssl/acme/stephane-huc.net.chain.pem;

resolver 80.67.169.12 80.67.169.40 [2001:910:800::12] [2001:910:800::40]
valid=300s;

----

For TLS v1.3, I had just modified the lines, as:
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers
'TLS13+AESGCM+AES128:EECDH+CHACHA20:EECDH+AESGCM:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';

-- 
~ " Fully Basic System Distinguish Life! " ~ " Libre as a BSD " +=<<<
----
<me>Stephane HUC as PengouinBSD or CIOTBSD</me>
<mail>b...@stephane-huc.net</mail>

Reply via email to