about doh configuration
Shuji Yoshida
y-shuji at iij.ad.jp
Tue Nov 10 08:47:10 UTC 2020
Hi,
I want to verify unbound doh.
My unbound setting is below
unbound.conf
--------------------------------------
server:
interface: 192.168.10.100 at 443
tls-service-key: "/var/unbound/etc/certs/doh_privage.key"
tls-service-pem: "/var/unbound/etc/certs/doh_server.pem"
https-port: 443
http-endpoint: "/dns-query"
--------------------------------------
And I make key and certificate below command.
--------------------------------------
# cd /var/unbound/etc/certs/
# openssl genrsa -out doh_private.key 2048
# openssl req -new -key doh_private.key -out doh_server.csr
# openssl x509 -req -in doh_server.csr -signkey doh_private.key -out doh_server.pem -outform PEM
--------------------------------------
And boot the unbound.
But unbound cannot booted and below log is output.
--------------------------------------
error: error for cert file: /var/unbound/etc/certs/doh_server.pem
error: error in SSL_CTX use_certificate_chain_file crypto error:02001002:system library:fopen:No such file or directory
error: and additionally crypto error:20074002:BIO routines:FILE_CTRL:system lib
error: and additionally crypto error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib
fatal error: could not set up listen SSL_CTX
--------------------------------------
What is wrong?
BR,
Syuji
More information about the Unbound-users
mailing list