tls_parse_cert

Diagnostic `nanook::admin::tls_parse_cert`

Summary

failed to parse TLS certificate PEM

Help

the file must contain one or more BEGIN CERTIFICATE blocks

Details

When this fires

rustls-pemfile could not parse the bytes at [admin].cert as a PEM certificate chain. Common causes: the file is DER instead of PEM, the file is HTML/JSON from a misconfigured download, or the BEGIN/END headers are corrupted.

What to check

Confirm the file looks like a real PEM cert:

head -1 "$cert"   # expect: -----BEGIN CERTIFICATE-----
openssl x509 -in "$cert" -noout -text | head

If you have a DER file (.cer / .crt with binary contents), convert it:

openssl x509 -inform der -in cert.der -out cert.pem

For Let's Encrypt deployments, point [admin].cert at fullchain.pem, not cert.pem, so intermediates ride along.