NGINX SSL: error:0200100D:system library:fopen:Permission denied
There is only one suggestion, you don't have enough rights for access file /etc/nginx/ssl/mysite_com/mysite_com.crt
. When you start nginx -t
under your account, nginx started with your permissions and couldn't get access to this files. There is two ways how to fix this issue without changing anything. First one - run nginx -t
under root account or trough sudo to test configuration, second one - run nginx -t
under http account to see how nginx start in real environment. But if you would like to make changes, you could add your user to group http and try to run nginx -t
.
Related videos on Youtube
Craig
I'm a Junior developer at a Magento agency. Love learning new skills. Interested in PHP & Linux. I have also dabbled in Swift and other languages. Love working on code projects that interact with APIs.
Updated on September 18, 2022Comments
-
Craig almost 2 years
I have been stuck on this for ages and I'm hoping someone can offer some advice.
Trying to install a new SSL certificate on a site. On running
nginx -t
i get the following error:nginx: [emerg] BIO_new_file("/etc/nginx/ssl/mysite_com/mysite_com.crt") failed (SSL: error:0200100D:system library:fopen:Permission denied:fopen('/etc/nginx/ssl/mysite_com/mysite_com.crt','r') error:2006D002:BIO routines:BIO_new_file:system lib) nginx: configuration file /etc/nginx/nginx.conf test failed
Now I have set the owner/group on the mysite_com.crt to the same as the files that were in the previous config which pass the nginx test fine. I have also set the permissions to the same. Even setting the file permissions to 777 temporarily to test gave the same error. I also tried creating a /ssl/ directory in the root of the partition with 777 and still the same error. I have set the owner to
http
which is the webserver user on this machine and nothing.I'm completley stumped. Any suggestions?
-
Patrick Mevzek about 7 yearsYou need to check each element of the path, not only the filename. Each directory must have
rx
rights for the user under which yournginx
process runs. -
Alex028502 over 3 yearsthis worked for me I found this answer serverfault.com/a/540544
-
-
Alexander Tolkachev about 7 years@Craig have you disabled SELinux?
-
Craig about 7 yearsI did read another post suggesting sestatus -v which just came back with command not found.
-
Alexander Tolkachev about 7 years@Craig what Linux you use?
-
Craig about 7 yearsExcellent question, I'm waiting for that answer myself. I did cat /proc/version and /etc/*-version and couldn't find any clues. With any luck when I find out it will give me a clue to what's going on.
-
Alexander Tolkachev about 7 years@Craig try
cat /etc/*release*
-
Craig about 7 yearsAs it turns out it appears to be a Synology Device of some kind. Build 15101. Any quirks that this distribution has?