search

trojan-gfw / trojan

An unidentifiable mechanism that helps you bypass GFW.
https://trojan-gfw.github.io/trojan/
GNU General Public License v3.0
18.83k stars 3.02k forks source link

error while running trojan: use_private_key_file: asio.ssl error #643

Open indomalex opened 2 years ago

indomalex commented 2 years ago

Trojan Version 1.16.0

Describe the ERROR My trojan cannot run. Before starting trojan.service, I've obtained SSL Certificate from The Let’s Encrypt project without any error: apt install certbot python3-certbot-nginx -y certbot certonly --nginx

Also, config.json correctly edited; cert and key path correctly specified;

80,443 ports were opened;

but got this 'asio.ssl error' unsuspected.

To Reproduce Steps to reproduce the behavior:

  1. systemctl start trojan.service but trojan cannot start, just got these error info from journalctl command: journalctl -u trojan

“fatal: use_private_key_file: asio.ssl error”

Logs Jul 07 13:58:49 racknerd systemd[1]: Started trojan. Jul 07 13:58:49 racknerd trojan[98033]: Welcome to trojan 1.16.0 Jul 07 13:58:49 racknerd trojan[98033]: [2022-07-07 13:58:49] [FATAL] fatal: use_private_key_file: asio.ssl error Jul 07 13:58:49 racknerd trojan[98033]: [2022-07-07 13:58:49] [FATAL] exiting. . . Jul 07 13:58:49 racknerd systemd[1]: trojan.service: Main process exited, code=exited, status=1/FAILURE Jul 07 13:58:49 racknerd systemd[1]: trojan.service: Failed with result 'exit-code'.

Environment Operating System: Ubuntu 22.04 LTS
Kernel: Linux 5.15.0-30-generic

oylbin commented 2 years ago

any updates? I got the same error on ubuntu 22.04 , trojan 1.16.0

oylbin commented 1 year ago

sudo /usr/bin/trojan /etc/trojan/config.json works fine.

So I took a look at /lib/systemd/system/trojan.service and changed 

User=nobody

to

User=root

Now systemctl start trojan.service worked as expeted.

JonasGroeger commented 11 months ago

You can debug permissions with namei -l $PATH

beaheey commented 1 month ago

sudo /usr/bin/trojan /etc/trojan/config.json works fine.

So I took a look at /lib/systemd/system/trojan.service and changed

User=nobody

to

User=root

Now systemctl start trojan.service worked as expeted.

it's worked for me. thanks! btw, just FYR that after changed the certificate permission for nobody, I was changed back to user=nobody for secure the service. and then reload the daemon and trojan service. it's work too. sudo chown -R nobody:nogroup /etc/letsencrypt/live/ sudo chown -R nobody:nogroup /etc/letsencrypt/archive/ sudo systemctl daemon-reload sudo systemctl restart trojan