On 11/11/2023 02:26, Christoph Kukulies wrote:
The file is definitely there and the command works an a different file,
when I apply it to the previously used certificate fullchain.pem.
The file which is not working, has the following structure:
-----BEGIN EC PRIVATE KEY-----
I think you have just publicly disclosed the private key for your
certificate. If so, you should immediately replace that certificate
with a new one that uses a different key, and if it is a certificate
generated by a public CA, see about getting it revoked.
On your issue:
This is very strange.
I ran your command with my LE certificate and it worked.
echo "show ssl cert
/etc/ssl/certs/local/elyograg_org.wildcards.combined.pem" | socat
/etc/haproxy/stats.socket -
Then I made a copy of the certificate file as /tmp/fff/ddd and the same
command with that file returned the error you are getting!
echo "show ssl cert /tmp/fff/ddd" | socat /etc/haproxy/stats.socket -
The root filesystem is ext4 and /tmp is a tmpfs (ramdisk). Unix
permissions are not an issue, and I have never configured ACLs on this
system. SELinux is not active, and the apparmor service is
stopped/disabled. It does look like snapd has activated apparmor for
snaps, which seems odd because the service is stopped.
root@smeagol:/var/log# apparmor_status
apparmor module is loaded.
59 profiles are loaded.
54 profiles are in enforce mode.
/snap/snapd/20092/usr/lib/snapd/snap-confine
/snap/snapd/20092/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
/snap/snapd/20290/usr/lib/snapd/snap-confine
/snap/snapd/20290/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
docker-default
snap-update-ns.certbot
snap-update-ns.certbot-dns-route53
snap-update-ns.chromium
snap-update-ns.crypto
snap-update-ns.cups
snap-update-ns.firefox
snap-update-ns.gradle
snap-update-ns.snap-store
snap.certbot-dns-route53.hook.post-refresh
snap.chromium.chromedriver
snap.chromium.chromium
snap.chromium.hook.configure
snap.crypto.crypto
snap.cups.accept
snap.cups.cancel
snap.cups.cups-browsed
snap.cups.cupsaccept
snap.cups.cupsctl
snap.cups.cupsd
snap.cups.cupsdisable
snap.cups.cupsenable
snap.cups.cupsfilter
snap.cups.cupsreject
snap.cups.cupstestppd
snap.cups.driverless
snap.cups.gs
snap.cups.ippeveprinter
snap.cups.ippfind
snap.cups.ipptool
snap.cups.lp
snap.cups.lpadmin
snap.cups.lpc
snap.cups.lpinfo
snap.cups.lpoptions
snap.cups.lpq
snap.cups.lpr
snap.cups.lprm
snap.cups.lpstat
snap.cups.reject
snap.firefox.firefox
snap.firefox.geckodriver
snap.firefox.hook.configure
snap.firefox.hook.connect-plug-host-hunspell
snap.firefox.hook.disconnect-plug-host-hunspell
snap.firefox.hook.post-refresh
snap.snap-store.hook.configure
snap.snap-store.snap-store
snap.snap-store.ubuntu-software
snap.snap-store.ubuntu-software-local-file
5 profiles are in complain mode.
snap.certbot.certbot
snap.certbot.hook.configure
snap.certbot.hook.prepare-plug-plugin
snap.certbot.renew
snap.gradle.gradle
0 profiles are in kill mode.
0 profiles are in unconfined mode.
0 processes have profiles defined.
0 processes are in enforce mode.
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
0 processes are in mixed mode.
0 processes are in kill mode.
Thanks,
Shawn
