event server setup with ssl fails

[diyparenting]

when attempting to run sudo -u www-data ./zmeventnotification.pl --config zmeventnotification.ini I get SSL_Cert_file errors

12/06/2019 17:00:56.325191 zmeventnotification[22942].ERR [main:620] [Failed starting server: SSL_cert_file /etc/apache2/ssl/myFile.cer can't be used: No such file or directory at /usr/share/perl5/IO/Socket/SSL.pm line 2284.]


I've tried the following:
changing filenames to shorten and remove excessive periods
tried moving the certs to ssl folder in /etc/apache2 (out of /etc/letsencrypt)
tried renaming ".cer" to ".crt" - (shouldn't matter)
tried changing owner of cert folder to www-data:www-data, www-data:root, and root:root
tried changing permissions for ssl folder to 777 - get the error above
any permissions less than 777, and I get a permission denied error (same line, same cert file)

if I disable ssl in the ini, then the event server starts fine in the console, but I want ssl

edit:
I also tried using a self signed cert as well - same issue

[asker]

This may also mean some higher level directory in the cert path does not have access permissions for www-data

[diyparenting]

all parent paths above the ssl folder have read access for all

[asker]

Then you need to look at your SSL logs.

So far, I've seen the following reasons:

1. Some directory in the hierarchy is not readable by www-data
2. There is a problem with the certificate or SSL version (you'll find that from your apache ssl logs)

[diyparenting]

thanks @asker

still fighting with it - no apache SSL errors.

12/09/2019 15:17:57.728035 zmeventnotification[11621].ERR [main:620] [Failed starting server: SSL_cert_file /my/ssl/path/to/cert.crt can't be used: No such file or directory at /usr/share/perl5/IO/Socket/SSL.pm line 2284

in SSL.pm, I've tried making some additional changes to test some stuff out... a call to cat the file works just fine (so not a read permission issue on the file for the account that is doing it). I don't know anything about perl, so the whole die-if-not thing through me for a bit since I couldn't find any examples of it - I switched it for open-or-die, and get the same results. if I remove the error handling, and just tell it to open the file, the eventnotification script completes and says it is listening on port 9000, but any attempts to communicate with it fail (tcpdump indicates syn --> rst...no ack) .

for(qw(SSL_cert_file SSL_key_file)) {
defined( my $file = $arg_hash->{$_} ) or next;
for my $f (ref($file) eq 'HASH' ? values(%$file):$file ) {
system("cat /my/ssl/path/to/cert.crt");
#die "$_ $f can't be used: $!" if ! open(my $fh,'<',$f);
open(my $fh,'<',$f) or die "$_ $f can't be used: $!";
#tried this to see if any other failures would happen if I removed error checking on this
#open(my $fh,'<',$f);
}
}


I also wrote a very basic perl script that just opens my cert file for reading, and that works without any issues.

I'm still trying to dig into it. If anyone has any other suggestions for where to look on this, I'd appreciate any direction - even if for nothing else than to just eliminate some possibilities.

[diyparenting]

resolved - problem was in my config

ssl cert was:

/path/to/ssl.crt

and should have been:
/path/to/ssl.crt

[diyparenting]

someone please delete this thread to erase my stupidity from the internet

[naseemr]

Hi I see no difference in your path, both are /path/to/ssl.crt

resolved - problem was in my config

ssl cert was:

/path/to/ssl.crt

and should have been:
/path/to/ssl.crt