NGINX errors about SSL certificate PEM_read_bio_X509_AUX()

Server provisioning and management
#1

Since shortly I see these errors in the NGINX error log and I can’t pinpoint for what site this is going wrong.

2024/07/16 12:53:01 [error] 3776693#3776693: *5249775 cannot load certificate “data:”: PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 49.12.36.197, server: 0.0.0.0:443
2024/07/16 12:54:01 [error] 3776694#3776694: *5250373 cannot load certificate “data:”: PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 49.12.36.197, server: 0.0.0.0:443
2024/07/16 12:55:01 [error] 3776693#3776693: *5250868 cannot load certificate “data:”: PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 49.12.36.197, server: 0.0.0.0:443

I tried to debug an solve it but have little clue where to start for the solution.

#2

Hello @yuluma - try going to Server > Services and then select the ‘Heartbeat’ option in the overflow menu. The output may clarify which site is having the issue. If it’s not clear, another thing to try is SSH’ing into the server and then run nginx -t which may provide the needed details.

#3

Hi Adam,

root@webshops1:~# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

while the log still states:

2024/09/04 16:42:01 [error] 72263#72263: *5676917 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 162.158.111.244, server: 0.0.0.0:443

I also checked the heartbeat for the nginx service but this responded with a green ACTIVE with no notice or warning/error.

PS: 188 lines of this for the complete NGINX log

#4

You might try cross referencing the client IP to the NGINX access log to see if that helps identify a site. It may also just be a client that had some issue loading SSL.

Do any of the sites use custom SSL certs?