Certificate provided, but missing key
Hello,
I have been trying to setup the statistics portal (the http module) but I got stuck on a weird error message. It reads /usr/lib/knot-resolver/http.lua:275: certificate provided, but missing key
, although I have provided both the certificate and the key.
Is it an error or am I doing something wrong? Thank you in advance.
I am running following version:
# kresd -V
Knot DNS Resolver, version 1.3.1
# apt policy knot-resolver
knot-resolver:
Installed: 1.3.1-1+0~20170712141343.2+stretch~1.gbp8f698c
My CMD line is following:
/usr/sbin/kresd -f 1 -c /etc/knot-resolver/kresd.conf -k /usr/share/dns/root.key /run/knot-resolver/cache -v
Access rights of both PEM files are -rw-r-----
where the owner is root
and the group is ssl-cert
. Where user knot-resolver
belongs to groups knot-resolver
and ssl-cert
. I have also checked the accessibility using sudo -u knot-resolver cat ...
and it seems alright.
My config is following:
-- load modules
modules = {
"policy",
"view",
"version",
"stats",
"daf",
predict = {
-- 15 minutes sampling window
window = 15,
-- track last 31 days
period = 31 * 24 * (60 / 15)
},
http = {
host = "node3.example.org",
port = 8053,
cert = "/etc/letsencrypt/live/node3.example.org/fullchain.pem",
key = "/etc/letsencrypt/live/node3.example.org/privkey.pem",
geoip = "/etc/knot-resolver/GeoLite2-City.mmdb"
}
}
-- deescalate from root
user("knot-resolver", "knot-resolver")
-- setup cache
cache.storage = "lmdb:///run/knot-resolver/cache"
cache.size = 100 * MB
-- set mode
mode("normal")
-- setup trust anchors for DNSSEC
trust_anchors.file = "/usr/share/dns/root.key"