about doh configuration
Jaap Akkerhuis
jaap at NLnetLabs.nl
Tue Nov 10 09:05:35 UTC 2020
Shuji Yoshida via Unbound-users writes:
> Hi,
>
> I want to verify unbound doh.
>
> My unbound setting is below
>
> unbound.conf
> --------------------------------------
> server:
> interface: 192.168.10.100 at 443
> tls-service-key: "/var/unbound/etc/certs/doh_privage.key"
You mistyped private it seems
jaap
> tls-service-pem: "/var/unbound/etc/certs/doh_server.pem"
> https-port: 443
> http-endpoint: "/dns-query"
> --------------------------------------
>
> And I make key and certificate below command.
>
> --------------------------------------
> # cd /var/unbound/etc/certs/
> # openssl genrsa -out doh_private.key 2048
> # openssl req -new -key doh_private.key -out doh_server.csr
> # openssl x509 -req -in doh_server.csr -signkey doh_private.key -out doh_server.pem -outform PEM
> --------------------------------------
>
> And boot the unbound.
> But unbound cannot booted and below log is output.
>
> --------------------------------------
> error: error for cert file: /var/unbound/etc/certs/doh_server.pem
> error: error in SSL_CTX use_certificate_chain_file crypto error:02001002:system library:fopen:No such file or directory
> error: and additionally crypto error:20074002:BIO routines:FILE_CTRL:system lib
> error: and additionally crypto error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib
> fatal error: could not set up listen SSL_CTX
> --------------------------------------
>
> What is wrong?
>
> BR,
> Syuji
More information about the Unbound-users
mailing list