tls_cert_read

Diagnostic `nanook::admin::tls_cert_read`

Summary

failed to read TLS certificate `{0}`

Help

check that [admin].cert points to a readable PEM file

Details

When this fires

TlsConfig::from_pem_files could not read the certificate file at [admin].cert. Usually a typo in the path, the file does not exist, or the agent process lacks read permission.

What to check

Confirm the path is readable by the agent's user:

sudo -u nanook cat "$cert"

Relative paths resolve from the agent's launch directory; prefer absolute.
TLS material should be 0640 or stricter, owned by the agent's user or group.