我们已经通过 Letsencrypt 生成了证书并尝试通过 nginx 使用它,但是出现了一个奇怪的错误:
cannot load certificate "/home/path/site.pem": PEM_read_bio_X509_AUX() failed
我们发现的解决方案是在证书前面添加一个空格(注意证书前面的空格)(另请注意,为了安全起见,我已经更改了证书的内容)。
-----BEGIN CERTIFICATE-----
MIIF8DCCBNigAwIBAgISA08f2YsQTxMkdjKqHcKSZcDEMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzA2MjgwMDQ0NDNaFw0yMzA5MjYwMDQ0NDJaMBwxGjAYBgNVBAMMESoubGVhcm5kYXNoLnRvZGF5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvrp8IieMP7x5ipbZdJs8EcN0xoxQCWOcBnpaa8zFBpr+TAgLjayVDfQPPFyaYoM+0PFWduJRJDfGBl9VIMsACmX2NlvI6LPolA3Zsg73Ud/Ph2o5KD0cSDNFQfa+HLXVUojaxTrS3bjrz5jSPzNN/S3Vopk/NQqqq3eW0Jho9ljpMbg7JYM9c+cRFCw2gObW8LhqXrXewK9CqaFcvYee4tj1UbpJlOk9C9GrWyKI7rJI8U2DGlqNDcwyUDkRcKDafhHShyFs9sqEN0kbYNo55rcOQRGg1uaX7wd2brk5YpZCK5kh7X7hFC4M/FSY1/xttdF5e3A/5ShSPXW1iGHqxLaoLsqvUwyjdC2KChluZhRLT3/Of9YPCeI1rxfa28g4dhRCFCfLaaNoP8gB8Xcn+QY7nDqcBDFXexz1L4ZDuWyeM6bkPC9NXcju191kEhto1+XaeS47Qil6cK2KM5l1rRICmjefQ85Ab70HhI4dizasQsgYwFxr0QootdCZwY8ClG7OnkwK5VDMCSL9DHmxa1wk0HImDBMHFmFddnOH8drdJZAONPURSOSEjAIBgZngQwBAgEwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdwC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYj/rKDmAAAEAwBIMEYCIQCtXVPX7lEJgkDFoLsjAA2pVZ4R3m7uXrm+9Asp5ZFKPAIhAOMtsg4A0G5xoA2Up04IVq+0so36YvXpRU9CBbCtZ7inAHYAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGI/6yg/QAABAMARzBFAiEAsEMA4hxNWAMdrgQBTgQ54XN7psKOHBOpJO36C+q4WogCIAIn8kRkYvJAXaHvVb840XvnTxEFrvbrKWA9Y39NecQOMA0GCSqGSIb3DQEBCwUAA4IBAQBJ3ObgDYzkHAGo3raH2etRUlvlNbF4WAe2OwKVDCPEqsNdhN+phm6frGqcYJMnbqtxafFOwfwp5tsFjV24XUA4I/Q9xasQXQWGylMIngddwzV9ygZBatWQgAxw/VHhc9lGsx9nb+3nN6qfGmZeLyEvjqFIwmCIIlBkv80HY6Rxo1HsrieAGMEuZuzIaiW9pqjZfVquU0b/K0DNeDlHUPeVSngl/XD8WzQeUJqVrNAiaIwgt/q1CRfZkXUSGUO4xAm8fWgjPrvcd8xgBEsU5JTTdQv2NJr4qP58UTgmxw5+aIiZhvzd9uLmYirdn5b3EGib8sGrkDbg9OCCrg6qj6Cf
-----END CERTIFICATE-----
证书出了什么问题,为什么加了空格之后就可以用了?
答案1
如果没有更多信息,这看起来像是一个复制粘贴问题。证书不应该看起来像
-----BEGIN CERTIFICATE-----
MIIF8DCCBNigAwIBAgISA08f2YsQTxMkdjKqHcKSZcDEMA0GCSqGSIb3DQEBCwUA
...
5b3EGib8sGrkDbg9OCCrg6qj6Cf
-----END CERTIFICATE----
每行最多 64 个字符?
第一行看起来还不错,使用类似
~/test$ Base64encodedString='MIIF8DCCBNigAwIBAgISA08f2YsQTxMkdjKqHcKSZcDEMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD'
~/test$ echo -n ${Base64encodedString} | base64 --decode | hexdump -C
00000000 30 82 05 f0 30 82 04 d8 a0 03 02 01 02 02 12 03 |0...0...........|
00000010 4f 1f d9 8b 10 4f 13 24 76 32 aa 1d c2 92 65 c0 |O....O.$v2....e.|
00000020 c4 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |.0...*.H........|
00000030 30 32 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 |021.0...U....US1|
00000040 16 30 14 06 03 55 04 0a 13 0d 4c 65 74 27 73 20 |.0...U....Let's |
00000050 45 6e 63 72 79 70 74 31 0b 30 09 06 03 55 04 03 |Encrypt1.0...U..|
00000060 30 32 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 |021.0...U....US1|
00000070 16 30 14 06 03 55 04 0a 13 0d 4c 65 74 27 73 20 |.0...U....Let's |
00000080 45 6e 63 72 79 70 74 31 0b 30 09 06 03 55 04 03 |Encrypt1.0...U..|