Owncert nginx error

OpenVidu v2 Issues developing apps
1

Hi, congratulations to Openvidu Team, its an amazing program. I try to install my own wildcard certificates SSL over *.consulta.com (the domain is not my real domain) and and have 2 files: file1.crt and file2.cer and file3.key . My video server works perfectly with default configuractions (selfsigned) on Ubuntu OS and Openvidu 2.14 in Docker but I copy file1.crt to /owncert folder as certificate.cert and file3.key to certificate.key, but the serve refuse the conection. I Attach the logs.

=======================================
openvidu-server_1  |   =       LAUNCH OPENVIDU-SERVER        =
openvidu-server_1  |   =======================================
openvidu-server_1  |
openvidu-server_1  | ______________________________________________
openvidu-server_1  |    ____               __      ___     _
openvidu-server_1  |   / __ \              \ \    / (_)   | |
openvidu-server_1  |  | |  | |_ __   ___ _ _\ \  / / _  __| |_   _
openvidu-server_1  |  | |  | | '_ \ / _ \ '_ \ \/ / | |/ _` | | | |
openvidu-server_1  |  | |__| | |_) |  __/ | | \  /  | | (_| | |_| |
openvidu-server_1  |   \____/| .__/ \___|_| |_|\/   |_|\__,_|\__,_|
openvidu-server_1  |         | |
openvidu-server_1  |         |_|             version 2.14.0
openvidu-server_1  | ______________________________________________
openvidu-server_1  |
openvidu-server_1  | [INFO] 2020-06-04 09:56:13,363 [main] io.openvidu.server.OpenViduServer - Starting OpenViduServer on DermamedicinServerVideo with PID 19 (/openvidu-server.jar started by root in /)
openvidu-server_1  | [INFO] 2020-06-04 09:56:13,376 [main] io.openvidu.server.OpenViduServer - No active profile set, falling back to default profiles: default
openvidu-server_1  | [ERROR] 2020-06-04 09:56:13,669 [main] io.openvidu.server.config.OpenviduConfig - .env file not found at /./.env
openvidu-server_1  | [INFO] 2020-06-04 09:56:14,103 [main] io.openvidu.server.OpenViduServer - Started OpenViduServer in 2.479 seconds (JVM running for 13.798)
openvidu-server_1  | [INFO] 2020-06-04 09:56:14,115 [main] io.openvidu.server.OpenViduServer -
openvidu-server_1  |
openvidu-server_1  |
openvidu-server_1  |    Configuration properties
openvidu-server_1  |    ------------------------
openvidu-server_1  |
openvidu-server_1  |    * CERTIFICATE_TYPE=owncert
openvidu-server_1  |    * DOMAIN_OR_PUBLIC_IP=servidor.consulta.com
openvidu-server_1  |    * HTTPS_PORT=443
openvidu-server_1  |    * KMS_URIS=["ws://localhost:8888/kurento"]
openvidu-server_1  |    * OPENVIDU_CDR=false
openvidu-server_1  |    * OPENVIDU_CDR_PATH=/opt/openvidu/cdr
openvidu-server_1  |    * OPENVIDU_RECORDING=false
openvidu-server_1  |    * OPENVIDU_RECORDING_AUTOSTOP_TIMEOUT=120
openvidu-server_1  |    * OPENVIDU_RECORDING_COMPOSED_URL=
openvidu-server_1  |    * OPENVIDU_RECORDING_CUSTOM_LAYOUT=/opt/openvidu/custom-layout
openvidu-server_1  |    * OPENVIDU_RECORDING_NOTIFICATION=publisher_moderator
openvidu-server_1  |    * OPENVIDU_RECORDING_PATH=/opt/openvidu/recordings
openvidu-server_1  |    * OPENVIDU_RECORDING_PUBLIC_ACCESS=false
openvidu-server_1  |    * OPENVIDU_RECORDING_VERSION=2.9.0
openvidu-server_1  |    * OPENVIDU_SECRET=pqieD&72i1qpgB939539geegag
openvidu-server_1  |    * OPENVIDU_SESSIONS_GARBAGE_INTERVAL=900
openvidu-server_1  |    * OPENVIDU_SESSIONS_GARBAGE_THRESHOLD=3600
openvidu-server_1  |    * OPENVIDU_STREAMS_VIDEO_MAX_RECV_BANDWIDTH=1000
openvidu-server_1  |    * OPENVIDU_STREAMS_VIDEO_MAX_SEND_BANDWIDTH=1000
openvidu-server_1  |    * OPENVIDU_STREAMS_VIDEO_MIN_RECV_BANDWIDTH=300
openvidu-server_1  |    * OPENVIDU_STREAMS_VIDEO_MIN_SEND_BANDWIDTH=300
openvidu-server_1  |    * OPENVIDU_WEBHOOK=false
openvidu-server_1  |    * OPENVIDU_WEBHOOK_ENDPOINT=
openvidu-server_1  |    * OPENVIDU_WEBHOOK_EVENTS=[sessionCreated,sessionDestroyed,participantJoined,participantLeft,webrtcConnectionCreated,webrtcConnectionDestroyed,recordingStatusChanged,filterEventDispatched,mediaNodeStatusChanged]
openvidu-server_1  |    * OPENVIDU_WEBHOOK_HEADERS=[]
openvidu-server_1  |
openvidu-server_1  |
openvidu-server_1  |
openvidu-server_1  | [WARN] 2020-06-04 09:56:14,123 [main] io.openvidu.server.OpenViduServer - You have set property server.port (or SERVER_PORT). This will serve OpenVidu Server on your host at port 5443. But property HTTPS_PORT (443) still configures the port that should be used to connect to OpenVidu Server from outside. Bear this in mind when configuring a proxy in front of OpenVidu Server
openvidu-server_1  | [INFO] 2020-06-04 09:56:14,124 [main] io.openvidu.server.OpenViduServer - Using /dev/urandom for secure random generation
openvidu-server_1  | [INFO] 2020-06-04 09:56:14,336 [main] io.openvidu.server.OpenViduServer - Starting OpenViduServer on DermamedicinServerVideo with PID 19 (/openvidu-server.jar started by root in /)
openvidu-server_1  | [INFO] 2020-06-04 09:56:14,337 [main] io.openvidu.server.OpenViduServer - No active profile set, falling back to default profiles: default
openvidu-server_1  | [ERROR] 2020-06-04 09:56:16,934 [main] io.openvidu.server.config.OpenviduConfig - .env file not found at /./.env
openvidu-server_1  | [INFO] 2020-06-04 09:56:17,622 [main] org.springframework.boot.web.embedded.tomcat.TomcatWebServer - Tomcat initialized with port(s): 5443 (http)
openvidu-server_1  | [INFO] 2020-06-04 09:56:17,655 [main] org.apache.coyote.http11.Http11NioProtocol - Initializing ProtocolHandler ["http-nio-0.0.0.0-5443"]
openvidu-server_1  | [INFO] 2020-06-04 09:56:17,657 [main] org.apache.catalina.core.StandardService - Starting service [Tomcat]
openvidu-server_1  | [INFO] 2020-06-04 09:56:17,658 [main] org.apache.catalina.core.StandardEngine - Starting Servlet engine: [Apache Tomcat/9.0.30]
openvidu-server_1  | [INFO] 2020-06-04 09:56:17,804 [main] org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/] - Initializing Spring embedded WebApplicationContext
openvidu-server_1  | [INFO] 2020-06-04 09:56:17,810 [main] org.springframework.web.context.ContextLoader - Root WebApplicationContext: initialization completed in 3404 ms
openvidu-server_1  | [INFO] 2020-06-04 09:56:18,840 [main] io.openvidu.server.OpenViduServer - OpenVidu CDR service is disabled (may be enable with 'OPENVIDU_CDR=true')
openvidu-server_1  | [INFO] 2020-06-04 09:56:18,840 [main] io.openvidu.server.OpenViduServer - OpenVidu Webhook service is disabled (may be enabled with 'OPENVIDU_WEBHOOK=true')
openvidu-server_1  | [INFO] 2020-06-04 09:56:18,864 [main] io.openvidu.server.OpenViduServer - OpenVidu Server using one KMS: ws://localhost:8888/kurento
openvidu-server_1  | [INFO] 2020-06-04 09:56:18,917 [rbeatExec-e1-t0] org.kurento.jsonrpc.client.JsonRpcClientNettyWebSocket - [KurentoClient]  Connecting native client
openvidu-server_1  | [INFO] 2020-06-04 09:56:18,923 [rbeatExec-e1-t0] org.kurento.jsonrpc.client.JsonRpcClientNettyWebSocket - [KurentoClient]  Creating new NioEventLoopGroup
openvidu-server_1  | [INFO] 2020-06-04 09:56:19,438 [ntLoopGroup-2-1] org.kurento.jsonrpc.client.JsonRpcClientNettyWebSocket - [KurentoClient]  Initiating new Netty channel. Will create new handler too!
openvidu-server_1  | [INFO] 2020-06-04 09:56:19,728 [main] io.openvidu.server.recording.service.RecordingManager - OpenVidu recording service is disabled
openvidu-server_1  | [INFO] 2020-06-04 09:56:19,749 [EventExec-e2-t0] io.openvidu.server.kurento.kms.KmsManager - Kurento Client "connected" event for KMS ws://localhost:8888/kurento [org.kurento.client.KurentoClient@6c416721]
openvidu-server_1  | [INFO] 2020-06-04 09:56:20,262 [main] io.openvidu.server.coturn.CoturnCredentialsService - COTURN IP: 20.43.32.162
openvidu-server_1  | [INFO] 2020-06-04 09:56:20,264 [main] io.openvidu.server.coturn.CoturnCredentialsService - COTURN Redis DB accessible with string "ip=127.0.0.1 dbname=0 password=turn connect_timeout=30"
openvidu-server_1  | [INFO] 2020-06-04 09:56:20,265 [main] io.openvidu.server.coturn.CoturnCredentialsService - Cleaning COTURN DB...
openvidu-server_1  | [INFO] 2020-06-04 09:56:20,266 [main] io.openvidu.server.coturn.CoturnCredentialsService - Path of COTURN log files: /var/log/
openvidu-server_1  | [ERROR] 2020-06-04 09:56:20,271 [main] io.openvidu.server.coturn.CoturnCredentialsService - COTURN DB is not empty
openvidu-server_1  | [INFO] 2020-06-04 09:56:20,272 [main] io.openvidu.server.coturn.CoturnCredentialsService - Using COTURN credentials service for BASH environment
openvidu-server_1  | [INFO] 2020-06-04 09:56:20,285 [main] io.openvidu.server.core.SessionManager - Garbage collector for non active sessions initialized. Running every 900 seconds and cleaning up non active Sessions more than 3600 seconds old
openvidu-server_1  | [INFO] 2020-06-04 09:56:20,348 [main] org.springframework.scheduling.concurrent.ThreadPoolTaskScheduler - Initializing ExecutorService 'jsonrpcTaskScheduler'
openvidu-server_1  | [INFO] 2020-06-04 09:56:20,566 [main] org.hibernate.validator.internal.util.Version - HV000001: Hibernate Validator 6.0.18.Final
openvidu-server_1  | [INFO] 2020-06-04 09:56:21,088 [main] org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor - Initializing ExecutorService 'applicationTaskExecutor'
openvidu-server_1  | [INFO] 2020-06-04 09:56:21,297 [main] org.springframework.boot.autoconfigure.web.servlet.WelcomePageHandlerMapping - Adding welcome page: class path resource [static/index.html]
openvidu-server_1  | [INFO] 2020-06-04 09:56:21,779 [main] org.springframework.security.web.DefaultSecurityFilterChain - Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@55634720, org.springframework.security.web.context.SecurityContextPersistenceFilter@316bcf94, org.springframework.security.web.header.HeaderWriterFilter@f0da945, org.springframework.web.filter.CorsFilter@10e31a9a, org.springframework.security.web.authentication.logout.LogoutFilter@66f57048, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@2dc54ad4, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@3e11f9e9, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@31fa1761, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@4b0d79fc, org.springframework.security.web.session.SessionManagementFilter@ffaa6af, org.springframework.security.web.access.ExceptionTranslationFilter@194bcebf, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@27f981c6]
openvidu-server_1  | [INFO] 2020-06-04 09:56:21,872 [main] org.apache.coyote.http11.Http11NioProtocol - Starting ProtocolHandler ["http-nio-0.0.0.0-5443"]
openvidu-server_1  | [INFO] 2020-06-04 09:56:21,917 [main] org.springframework.boot.web.embedded.tomcat.TomcatWebServer - Tomcat started on port(s): 5443 (http) with context path ''
openvidu-server_1  | [INFO] 2020-06-04 09:56:21,926 [main] io.openvidu.server.OpenViduServer - Started OpenViduServer in 7.756 seconds (JVM running for 21.622)
openvidu-server_1  | [INFO] 2020-06-04 09:56:21,929 [main] io.openvidu.server.OpenViduServer -
openvidu-server_1  |
openvidu-server_1  | ----------------------------------------------------
openvidu-server_1  |
openvidu-server_1  |    OpenVidu is ready!
openvidu-server_1  |    ---------------------------
openvidu-server_1  |
openvidu-server_1  |    * OpenVidu Server: https://servidor.consulta.com/
openvidu-server_1  |
openvidu-server_1  |    * OpenVidu Dashboard: https://servidor.consulta.com/dashboard/
openvidu-server_1  |
openvidu-server_1  | ----------------------------------------------------

This the docker-compose logs -f nginx

 =======================================
nginx_1            |   =          INPUT VARIABLES            =
nginx_1            |   =======================================
nginx_1            |
nginx_1            |   Config NGINX:
nginx_1            |     - Http Port: 80
nginx_1            |     - Https Port: 443
nginx_1            |     - Allowed Access in Openvidu Dashboard: all
nginx_1            |     - Allowed Access in Openvidu API: all
nginx_1            |
nginx_1            |   Config Openvidu Application:
nginx_1            |     - Domain name: servidor.consulta.com
nginx_1            |     - Certificated: owncert
nginx_1            |     - Letsencrypt Email: user@example.com
nginx_1            |     - Openvidu Application: true
nginx_1            |     - Openvidu Application Type: CE
nginx_1            |
nginx_1            |   =======================================
nginx_1            |   =       CONFIGURATION NGINX           =
nginx_1            |   =======================================
nginx_1            |
nginx_1            |   Configure servidor.consulta.com domain...
nginx_1            |     - New configuration: owncert
nginx_1            |     - Old configuration: owncert
nginx_1            |     - Copying owmcert certificate...
nginx_1            |
nginx_1            |   =======================================
nginx_1            |   =          ALLOWED ACCESS             =
nginx_1            |   =======================================
nginx_1            |
nginx_1            |   Adding rules...
nginx_1            |
nginx_1            |   Finish Rules:
nginx_1            |     Openvidu Dashboard:
nginx_1            |            - allow all;
nginx_1            |     Openvidu API:
nginx_1            |            - allow all;
nginx_1            |
nginx_1            |   =======================================
nginx_1            |   =         START OPENVIDU PROXY        =
nginx_1            |   =======================================
nginx_1            |
nginx_1            | 2020/06/04 09:56:01 [emerg] 60#60: cannot load certificate "/etc/letsencrypt/live/servidor.consulta.com/fullchain.pem": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)
nginx_1            | nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/servidor.consulta.com/fullchain.pem": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)
nginx_1            | ==> /var/log/nginx/access.log <==
2

Hi Romen, Thank you and welcome to the OpenVidu Community

I think the error is probably caused by your files, file1.cer and file3.key, being binaries instead of base64 plain text. Please, check that both files starts with

-----BEGIN

If not, the files are binaries. You will need to convert it to .pem format.

You can use this tool for that:
https://www.sslshopper.com/ssl-converter.html (You can also use openssl for the conversion, there’s documentation in the linked webpage).

After that, just rename it to certicate.cert and certificate.key

3

Hi, thank so much for reply so fast. I have other certificate file.pem, inside its start whit —BEGIN. I upload this file and restart the server but the conecctions is refused. At the end of nginx log see the error. I understand its. Thanks so much for Replys!

|   =======================================
nginx_1            |   =          INPUT VARIABLES            =
nginx_1            |   =======================================
nginx_1            |
nginx_1            |   Config NGINX:
nginx_1            |     - Http Port: 80
nginx_1            |     - Https Port: 443
nginx_1            |     - Allowed Access in Openvidu Dashboard: all
nginx_1            |     - Allowed Access in Openvidu API: all
nginx_1            |
nginx_1            |   Config Openvidu Application:
nginx_1            |     - Domain name: servidor.consulta.com
nginx_1            |     - Certificated: owncert
nginx_1            |     - Letsencrypt Email: user@example.com
nginx_1            |     - Openvidu Application: true
nginx_1            |     - Openvidu Application Type: CE
nginx_1            |
nginx_1            |   =======================================
nginx_1            |   =       CONFIGURATION NGINX           =
nginx_1            |   =======================================
nginx_1            |
nginx_1            |   Configure servidor.consulta.com domain...
nginx_1            |     - New configuration: owncert
nginx_1            |     - Old configuration: owncert
nginx_1            |     - Owmcert certificate already exists, using them...
nginx_1            |
nginx_1            |   =======================================
nginx_1            |   =          ALLOWED ACCESS             =
nginx_1            |   =======================================
nginx_1            |
nginx_1            |   Adding rules...
nginx_1            |
nginx_1            |   Finish Rules:
nginx_1            |     Openvidu Dashboard:
nginx_1            |            - allow all;
nginx_1            |     Openvidu API:
nginx_1            |            - allow all;
nginx_1            |
nginx_1            |   =======================================
nginx_1            |   =         START OPENVIDU PROXY        =
nginx_1            |   =======================================
nginx_1            |
nginx_1            | 2020/06/05 08:19:52 [emerg] 55#55: cannot load certificate "/etc/letsencrypt/live/servidor.teleconsultadermamedicin.com/fullchain.pem": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)
nginx_1            | nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/servidor.teleconsultadermamedicin.com/fullchain.pem": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)
4

Hi, I delete the files fullchain.pem and Key in /certificates folder and /live/[myurldomain] and… Server is UP whit my onwert… THANKS SO MUCH! :relaxed:

2 Likes