WebSSH not liking my key/certificate

[stefan-reich]

Command:

wssh --port=8080 --sslport=4433 --certfile='/etc/letsencrypt/live/gazelle.rocks/privkey.pem' \
  --keyfile='/etc/letsencrypt/live/gazelle.rocks/cert.pem' --xheaders=False --policy=reject

Output:

I 211003 17:31:27 settings:125] RejectPolicy
Traceback (most recent call last):
  File "/usr/local/bin/wssh", line 8, in <module>
    sys.exit(main())
  File "/usr/local/lib/python3.6/dist-packages/webssh/main.py", line 48, in main
    ssl_ctx = get_ssl_context(options)
  File "/usr/local/lib/python3.6/dist-packages/webssh/settings.py", line 143, in get_ssl_context
    ssl_ctx.load_cert_chain(options.certfile, options.keyfile)
ssl.SSLError: [SSL] PEM lib (_ssl.c:3503)

I also tried with fullchain.pem instead of cert.pem, but no difference. What's wrong?

Edit: I am using my own HTTPS proxy, all good. Leaving the issue open because I think it's a good question.

[huashengdun]

Is it a certificate format problem? I used this script https://github.com/diafygi/acme-tiny to generate the key/certificate files and they worked.

[stefan-reich]

Is it a certificate format problem? I used this script https://github.com/diafygi/acme-tiny to generate the key/certificate files and they worked.

Hmm, I'm using certbot:

certbot certonly --manual --manual-public-ip-logging-ok -d *.$DOMAIN,$DOMAIN

Could you share your wssh command line maybe?

[huashengdun]

Here is a similar issue https://github.com/tornadoweb/tornado/issues/1850 .