[squid-users] 4.0.23 -> 5.9 : ERROR: Failed to acquire TLS certificate '/etc/pki/tls/private/xy.pem': error:0480006C:PEM routines::no start line
Franta Hanzlík
franta at hanzlici.cz
Mon Jul 10 18:50:32 UTC 2023
After upgrading my Fedora 27/Squid-4.0.23 to Fedora 38/Squid-5.9, the
Squid refuses to start with the error message:
Jul 10 09:55:42 jona squid[56320]: 2023/07/10 09:55:42| ERROR: Failed to acquire TLS certificate '/etc/pki/tls/private/server.pem': error:0480006C:PEM routines::no start line
Jul 10 09:55:42 jona squid[56320]: 2023/07/10 09:55:42| FATAL: HTTPS_port 192.168.20.2:22225 initialization error
Jul 10 09:55:42 jona squid[56320]: 2023/07/10 09:55:42| Squid Cache (Version 5.9): Terminated abnormally.
The problem is probably related to the reverse https proxy definition
line in squid.conf :
https_port 192.168.20.2:22225 accel cert=/etc/pki/tls/private/server.pem defaultsite=mail.kyenar.cz no-vhost name=reverzpe
server.pem is the symlink to realFile.pem with this content:
-----BEGIN RSA PRIVATE KEY-----
MIIEpQ...
...
...vo=
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIGO...
...
...c5s=
-----END CERTIFICATE-----
and it worked fine in the older Squid-4.0.23 version.
I tried:
- tls-cert= instead of cert=
- replacing the symlink server.pem with a real file.
- arrange certificate in PEM file as first and key second
- split PEM file into separate certificate and key and use it with syntax:
https_port 192.168.20.2:22225 accel tls-cert=/etc/pki/tls/private/cert.pem tls-key=/etc/pki/tls/private/key.pem defaultsite=mail.kyenar.cz no-vhost name=reverzpe
but squid still not start with this same message:
ERROR: Failed to acquire TLS certificate '/etc/pki/tls/private/cert.pem': error:0480006C:PEM routines::no start line
Can anyone help?
---
Thanks in advance! Franta Hanzlik
More information about the squid-users
mailing list