When nginx starts, it is free to enter the SSL certificate password

before applying for the free SSL certificate of wosign. Later, it was found that the wosign certificate does not support the single certificate and both the root domain and the www subdomain, so it is replaced with the current StartCom certificate. However, StartCom has the disadvantage of entering the password for the private key when nginx is restarted or reloaded. Although the password is very annoying, it is generally not necessary to use the input once, so I did not consider so much.

The result was a cup in a few days. In the past two weeks, the main station and git were moved to windowsazurue. After restarting the machine yesterday, I found that ssh could not connect. So I went directly to azure's customer service. After checking it, they told me that during the booting process, I got stuck in nginx:

1

It is obviously because of the certificate private key password. After some tossing, finally solved this problem.

It's actually very simple, we only need to export a private key file that does not require a private key password. Assuming the private key file is server.key, execute the following command: openssl rsa -in server.key -out server.key.unsecure

Then replace the path of server.key.unsecure with the original nginx configuration file. Certificate path: ssl_certificate /etc/ssl/server.crt;# Modify the following line to point to the generated server.key.unsecure file ssl_certificate_key /etc/ssl/server.key.unsecure;

Change nginx The status does not require a certificate password.