about doh configuration
Shuji Yoshida
y-shuji at iij.ad.jp
Tue Nov 10 23:57:45 UTC 2020
Hi jaap
> You mistyped private it seems
I mistyped it and fixed, but same error.
-- Syuji
> Shuji Yoshida via Unbound-users writes:
>
> > Hi,
> >
> > I want to verify unbound doh.
> >
> > My unbound setting is below
> >
> > unbound.conf
> > --------------------------------------
> > server:
> > interface: 192.168.10.100 at 443
> > tls-service-key: "/var/unbound/etc/certs/doh_privage.key"
>
> You mistyped private it seems
>
> jaap
>
> > tls-service-pem: "/var/unbound/etc/certs/doh_server.pem"
> > https-port: 443
> > http-endpoint: "/dns-query"
> > --------------------------------------
> >
> > And I make key and certificate below command.
> >
> > --------------------------------------
> > # cd /var/unbound/etc/certs/
> > # openssl genrsa -out doh_private.key 2048
> > # openssl req -new -key doh_private.key -out doh_server.csr
> > # openssl x509 -req -in doh_server.csr -signkey doh_private.key -out doh_server.pem -outform PEM
> > --------------------------------------
> >
> > And boot the unbound.
> > But unbound cannot booted and below log is output.
> >
> > --------------------------------------
> > error: error for cert file: /var/unbound/etc/certs/doh_server.pem
> > error: error in SSL_CTX use_certificate_chain_file crypto error:02001002:system library:fopen:No such file or directory
> > error: and additionally crypto error:20074002:BIO routines:FILE_CTRL:system lib
> > error: and additionally crypto error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib
> > fatal error: could not set up listen SSL_CTX
> > --------------------------------------
> >
> > What is wrong?
> >
> > BR,
> > Syuji
More information about the Unbound-users
mailing list