I have found information on
- how to install LetsEncrypt on Linux for NGINX (which works)
- how to install LetsEncrypt for SQL Server on Windows (which relies on GUI tools so is of no use), and
- how to install other certificates for SQL Server on Linux
but I can't find ANYTHING about LetsEncrypt for SQL Server on Linux. No matter what I try I get this error message:
Error: 49940, Severity: 16, State: 1.Unable to open one or more of the user-specified certificate file(s). Verify that the certificate file(s) exist with read permissions for the user and group running SQL Server.
It seems this should be possible, can anyone provide some tips?
[Edit]
I have verified that the two LetsEncrypt files have appropriate permissions. I copied and renamed them and they are pointed to by the tlscert and tlskey keys in the network section of /var/opt/mssql/mssql.conf.
[network]
tlscert = /etc/ssl/certs/mssql.pem
tlskey = /etc/ssl/private/mssql.key
tlsprotocols = 1.2
forceencryption = 1
One thing not clear to me is whether the Letsencrypt private key in .pem format needs to be extracted to a .key file, so I have tried it both ways. I get the same error either way.
These errors show up in the mssql/log/errorlog file.
Here are the resulsts asked for
ls -l /etc/ssl/certs/mssql.pem:
-rw------- 1 mssql mssql 3586 May 3 22:20 /etc/ssl/certs/mssql.pem
ls -l /etc/ssl/private/mssql.key
-rw------- 1 mssql mssql 1679 May 3 22:42 /etc/ssl/private/mssql.key
mssql.pem was originally fullchain.pem and mssql.key was originally privkey.pem, which are the files required by Nginx and which work for it.