error Kurento WebSocketTransport WebSocketTransport.cpp:192 operator()() Error while setting up tls use_private_key_file: no start line

[rohit.r...@linoy.in]

Hi.

I'm running KMS on an AWS EC2 Instance and used the cloudformer template to get it started.

Unfortunately I'm getting the following error in the Kurento log file.

error Kurento WebSocketTransport WebSocketTransport.cpp:192 operator()() Error while setting up tls use_private_key_file: no start line

The pem files have been obtained using LetsEncrypt.

I have changed the user:group permissions of all the pem files to Kurento:Kurento.

I have also tried all the pem files that LetsEncrypt provided viz., chain.pem, privkey.pem, fullchain.pem and cert.pem.

KMS is running properly. Port connectivity was checked using netcat and both 8888 and 8433 get successful connection requests.

When serving a video over port 8888, the whole thing works flawlessly. Only issue seem to be getting the secure port to run.

Below is the entirety of kurento.conf.json

{

  "mediaServer" : {

    "resources": {

    //  //Resources usage limit for raising an exception when an object creation is attempted

    //  "exceptionLimit": "0.8",

    //  // Resources usage limit for restarting the server when no objects are alive

    //  "killLimit": "0.7",

        // Garbage collector period in seconds

        "garbageCollectorPeriod": 240

    },

    "net" : {

      "websocket": {

        "port": 8888,

        "secure": {

          "port": 8433,

          "certificate": "fullchain.pem",

          "password": ""

        },

        //"registrar": {

        //  "address": "ws://localhost:9090",

        //  "localAddress": "localhost"

        //},

        "path": "kurento",

        "threads": 10

      }

    }

  }

}

Does anybody have any clue as to what I might have missed?

Thanks in advance

Regards,

Rohit Raghunath

[rohit.r...@linoy.in]

So. I have an update.

I was going through this link and it stated that the correct method to get a proper pem file is chain + cert + key.

I decided to try that since the fullchain.pem provided by LetsEncrypt was cert + key.

Unfortunately that did not work. I got a 

Error while setting up tls use_private_key_file: key values mismatch

which was nice as it had changed from

Error while setting up tls use_private_key_file: no start line

So at this point I decided to soldier on and create every possible combination of chain, cert and key.

What eventually ended up working for me cert + chain + key. I now officially have no more error messages.

Unfortunately the reason this whole thing started was I was getting unable to connect to wss://uri error whicxh stated it failed to make a connection. This error message gas now changed to 

Error in connection establishment: net::ERR_CERT_COMMON_NAME_INVALID 

Anybody have any ideas? 

[rohit.r...@linoy.in]

Fixed.

Changed the WSS URL to the one i had a certificate for instead of the IP address and that fixed the problem.

[Matthew xu]

Hi, Rohit Raghunath:

I just want to thank you so much for the information. I was desperately trying to set it up. Finally, with your information! 

I would never think about the combination to create the correct pem. 

Everything (wss) is working good on AWS ec2 ubuntu16, finally!

best,

Matt

[rohit.r...@linoy.in]

Hi Matthew,

Believe me when I say this, sitting and making those combinations one after the other was one of the most annoying things ever.

You're welcome and I'm glad I was able to assist you.

Regards,

Rohit Raghunath

[ravi ranjan]

Hey Rohit, where you changed the wss url??

[Juan Navarro]

Hi, thank you very much for sharing your experiences and the solution to this issue. I'll be adding this to the Troubleshooting section so in the future maybe some other users find the response and save some time thanks to you ;)

Regards