Greetings. Sorry for the long email and newbie question, but I am trying to setup an https certificate using althttpd web server (https://sqlite.org/althttpd/) on an ubuntu (Linux web 5.15.0-78-generic #85-Ubuntu SMP Fri Jul 7 15:25:09 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux) server. I posted a support request on their forum, but, they must be very busy and have gotten no reposonse. I thought I would try to figure it out by myself. By the way, this was working a few weeks ago until I change the certificate from a yearly a 5 years certificate. Here is what I do: 1. run this command, openssl req -new -newkey rsa:2048 -nodes -keyout pda_net.key -out pda_net.csr 2. I use the content of pda_net.key as the key and place its content on the /etc/ssl/private.key which is going to be passed to the althttpd as the key. 3. I use the content of the pda_net.csr to get the certificate 4. Use the returned certificate (which is correct by checking it with a certificate and key matcher) from the email, and insert it in my certificate file, /etc/ssl/certificate.crt, and restart xinetd to reload althttpd with the new key and certificate. That worked before. Now, it does not work. I have done this over 10 times, in the last 10 days, and I always get: NET::ERR_CERT_AUTHORITY_INVALID These are the group, user and rights for the certificate and key: jic@web:~$ ls -l /etc/ssl total 52 -rw-rw-r-- 1 root root 2333 Aug 14 20:34 ca_bundle.crt -rw-r--r-- 1 root root 2333 Aug 14 17:39 certificate.crt drwxr-xr-x 2 root root 20480 May 26 06:40 certs -rw-r--r-- 1 root root 12419 Jul 4 2022 openssl.cnf drwx------ 2 root root 4096 May 19 2017 private -rw-r--r-- 1 root root 1704 Aug 14 17:33 private.key And this is the group, user and rights for the website files jic@web:~$ ls -l w/default.website/ total 376 drwxrwxr-x 2 jic www-data 4096 May 5 17:46 d drwxrwxr-x 2 jic www-data 4096 Dec 30 2021 f -rwxrwxr-x 1 jic www-data 1888 Apr 26 07:36 index.html -rwxrwxr-x 1 jic www-data 1710 Apr 25 16:32 index_last.html -rwxrwxr-x 1 jic www-data 1357 Feb 9 2023 indexorig.html -rwxrwxr-x 1 jic www-data 15 Aug 15 12:46 Musicos-changes.log -rwxrwxr-x 1 jic www-data 229376 Aug 13 11:42 _MusicosDB.sqlite -rwxrwxr-x 1 jic www-data 104889 Aug 11 12:59 Musicos.html -rwxrwxr-x 1 jic www-data 12288 Jul 24 2022 _Pregoneros-del-amor.sqlite -rwxrwxr-x 1 jic www-data 1359 Aug 22 2022 save_indexorig.html -rwxrwxr-x 1 jic www-data 521 May 5 07:24 test.html These are the xinetd scripts for both http and https: jic@web:~$ cat /etc/xinetd.d/http* service http { port = 80 flags = IPv4 socket_type = stream wait = no user = root server = /usr/bin/althttpd server_args = -ipshun /home/jic/w/blocked -user www-data -logfile /home/jic/w/http.log -root /home/jic/w -jail 0 bind = 192.168.0.2 } service https { port = 443 flags = IPv4 socket_type = stream wait = no user = root server = /usr/bin/althttpd server_args = -root /home/jic/w -user www-data -jail 0 -pkey /etc/ssl/private.key -cert /etc/ssl/certificate.crt bind = 192.168.0.2 } Any thoughts on what am I doing wrong? Perhaps is a simple right or user change. Thanks.
