Summary
Webserver will not start when using SSL certs, error message:
[CRIT] Error starting server, err:open cert1.key: Access is denied.
Steps to reproduce
Version: 3.10.0
Database: mysql
OS: Win10E 1703 x64
working dir: c:\mattermost\bin
Configured TLS by inputting cert1.crt, and cert1.key in the \bin directory (working dir).
Permissions on both the .key and .crt file are set to “EVERYONE” for testing. Owner is SYSTEM
MM is running as a SYSTEM service…so, should have no permissions issues.
Expected behavior
Web server runs fine when NOT using TLS/SSL.
Observed behavior
webserver fails to start, the following errors are obvserved:
[2017/07/02 06:59:36 PDT] [INFO] Loaded system translations for 'en' from 'c:\mattermost\i18n/en.json'
[2017/07/02 06:59:36 PDT] [INFO] Current version is 3.10.0 (3.10.0/Wed Jun 14 21:04:02 UTC 2017/8b83e9d4279718c8f9797c6a9c081245231cbba0/none)
[2017/07/02 06:59:36 PDT] [INFO] Enterprise Enabled: false
[2017/07/02 06:59:36 PDT] [INFO] Current working directory is c:\mattermost\bin
[2017/07/02 06:59:36 PDT] [INFO] Loaded config file from c:\mattermost\config\config.json
[2017/07/02 06:59:36 PDT] [INFO] Server is initializing...
[2017/07/02 06:59:36 PDT] [INFO] Pinging SQL master database
[2017/07/02 06:59:37 PDT] [DEBG] Deleting any unused pre-release features
[2017/07/02 06:59:37 PDT] [DEBG] Initializing user API routes
[2017/07/02 06:59:37 PDT] [DEBG] Initializing team API routes
[2017/07/02 06:59:37 PDT] [DEBG] Initializing channel API routes
[2017/07/02 06:59:37 PDT] [DEBG] Initializing post API routes
[2017/07/02 06:59:37 PDT] [DEBG] Initializing file API routes
[2017/07/02 06:59:37 PDT] [DEBG] api.system.init.debug
[2017/07/02 06:59:37 PDT] [DEBG] Initializing webhook API routes
[2017/07/02 06:59:37 PDT] [DEBG] Initializing preference API routes
[2017/07/02 06:59:37 PDT] [DEBG] api.saml.init.debug
[2017/07/02 06:59:37 PDT] [DEBG] Initializing compliance API routes
[2017/07/02 06:59:37 PDT] [DEBG] Initializing cluster API routes
[2017/07/02 06:59:37 PDT] [DEBG] Initializing LDAP API routes
[2017/07/02 06:59:37 PDT] [DEBG] Initializing brand API routes
[2017/07/02 06:59:37 PDT] [INFO] Initializing job API routes
[2017/07/02 06:59:37 PDT] [DEBG] Initializing command API routes
[2017/07/02 06:59:37 PDT] [DEBG] Initializing status API routes
[2017/07/02 06:59:37 PDT] [DEBG] Initializing web socket API routes
[2017/07/02 06:59:37 PDT] [DEBG] Initializing emoji API routes
[2017/07/02 06:59:37 PDT] [DEBG] Initializing OAuth API routes
[2017/07/02 06:59:37 PDT] [DEBG] Initializing reactions api routes
[2017/07/02 06:59:37 PDT] [DEBG] Initializing WebRTC API routes
[2017/07/02 06:59:37 PDT] [DEBG] Initializing open graph protocol api routes
[2017/07/02 06:59:37 PDT] [DEBG] Initializing user API routes
[2017/07/02 06:59:37 PDT] [DEBG] Initializing team API routes
[2017/07/02 06:59:37 PDT] [DEBG] Initializing channel API routes
[2017/07/02 06:59:37 PDT] [DEBG] Initializing post API routes
[2017/07/02 06:59:37 PDT] [DEBG] Initializing web socket API routes
[2017/07/02 06:59:37 PDT] [DEBG] Initializing file API routes
[2017/07/02 06:59:37 PDT] [DEBG] Initializing command API routes
[2017/07/02 06:59:37 PDT] [DEBG] Initializing admin API routes.
[2017/07/02 06:59:37 PDT] [DEBG] Initializing general API routes
[2017/07/02 06:59:37 PDT] [DEBG] Initializing OAuth API routes
[2017/07/02 06:59:37 PDT] [DEBG] Initializing webhook API routes
[2017/07/02 06:59:37 PDT] [DEBG] Initializing preference API routes
[2017/07/02 06:59:37 PDT] [DEBG] Initializing license API routes
[2017/07/02 06:59:37 PDT] [DEBG] Initializing emoji API routes
[2017/07/02 06:59:37 PDT] [DEBG] Initializing status API routes
[2017/07/02 06:59:37 PDT] [DEBG] Initializing WebRTC API routes
[2017/07/02 06:59:37 PDT] [DEBG] Initializing reactions api routes
[2017/07/02 06:59:37 PDT] [DEBG] Initializing deprecated API routes
[2017/07/02 06:59:37 PDT] [DEBG] Parsing server templates at c:\mattermost\templates/
[2017/07/02 06:59:37 PDT] [DEBG] Email batching job starting. Checking for pending emails every 30 seconds.
[2017/07/02 06:59:37 PDT] [DEBG] Initializing user WebSocket API routes
[2017/07/02 06:59:37 PDT] [DEBG] Initializing system WebSocket API routes
[2017/07/02 06:59:37 PDT] [DEBG] Initializing status WebSocket API routes
[2017/07/02 06:59:37 PDT] [DEBG] wsapi.webtrc.init.debug
[2017/07/02 06:59:37 PDT] [INFO] Starting 16 websocket hubs
[2017/07/02 06:59:37 PDT] [DEBG] Hub for index 0 is starting with goroutine 2097
[2017/07/02 06:59:37 PDT] [DEBG] Hub for index 1 is starting with goroutine 2098
[2017/07/02 06:59:37 PDT] [DEBG] Hub for index 2 is starting with goroutine 2099
[2017/07/02 06:59:37 PDT] [DEBG] Hub for index 3 is starting with goroutine 2100
[2017/07/02 06:59:37 PDT] [DEBG] Hub for index 4 is starting with goroutine 2101
[2017/07/02 06:59:37 PDT] [DEBG] Hub for index 5 is starting with goroutine 2102
[2017/07/02 06:59:37 PDT] [DEBG] Hub for index 6 is starting with goroutine 2103
[2017/07/02 06:59:37 PDT] [DEBG] Hub for index 7 is starting with goroutine 2104
[2017/07/02 06:59:37 PDT] [DEBG] Hub for index 8 is starting with goroutine 2105
[2017/07/02 06:59:37 PDT] [DEBG] Hub for index 9 is starting with goroutine 2106
[2017/07/02 06:59:37 PDT] [DEBG] Hub for index 10 is starting with goroutine 2107
[2017/07/02 06:59:37 PDT] [DEBG] Hub for index 11 is starting with goroutine 2108
[2017/07/02 06:59:37 PDT] [DEBG] Hub for index 12 is starting with goroutine 2109
[2017/07/02 06:59:37 PDT] [DEBG] Hub for index 13 is starting with goroutine 2110
[2017/07/02 06:59:37 PDT] [DEBG] Hub for index 14 is starting with goroutine 2111
[2017/07/02 06:59:37 PDT] [DEBG] Initializing web routes
[2017/07/02 06:59:37 PDT] [DEBG] Hub for index 15 is starting with goroutine 2112
[2017/07/02 06:59:37 PDT] [DEBG] Using client directory at c:\mattermost\webapp\dist/
[2017/07/02 06:59:37 PDT] [DEBG] Email batching job starting. Checking for pending emails every 30 seconds.
[2017/07/02 06:59:37 PDT] [INFO] Starting Server...
[2017/07/02 06:59:37 PDT] [INFO] Server is listening on :8065
[2017/07/02 06:59:37 PDT] [INFO] Starting jobs
[2017/07/02 06:59:37 PDT] [DEBG] Cleaning up token store.
[2017/07/02 06:59:37 PDT] [CRIT] Error starting server, err:open cert1.key: Access is **denied**.
Config.json:
"ServiceSettings": {
"SiteURL": "http://mydomain.com:8065",
"LicenseFileLocation": "",
"ListenAddress": ":8065",
"ConnectionSecurity": "TLS",
"TLSCertFile": "cert1.crt",
"TLSKeyFile": "cert1.key",
"UseLetsEncrypt": false,
"LetsEncryptCertificateCacheFile": "./config/letsencrypt.cache",
"Forward80To443": false,
"ReadTimeout": 300,
"WriteTimeout": 300,
"MaximumLoginAttempts": 10,
"GoroutineHealthThreshold": -1,
"GoogleDeveloperKey": "",
"EnableOAuthServiceProvider": true,
"EnableIncomingWebhooks": true,
"EnableOutgoingWebhooks": true,
"EnableCommands": true,
"EnableOnlyAdminIntegrations": true,
"EnablePostUsernameOverride": true,
"EnablePostIconOverride": true,
"EnableLinkPreviews": false,
"EnableTesting": true,
"EnableDeveloper": true,
"EnableSecurityFixAlert": true,
"EnableInsecureOutgoingConnections": true,
"EnableMultifactorAuthentication": false,
"EnforceMultifactorAuthentication": false,
"AllowCorsFrom": "",
"SessionLengthWebInDays": 30,
"SessionLengthMobileInDays": 30,
"SessionLengthSSOInDays": 30,
"SessionCacheInMinutes": 10,
"WebsocketSecurePort": 443,
"WebsocketPort": 80,
"WebserverMode": "gzip",
"EnableCustomEmoji": false,
"RestrictCustomEmojiCreation": "all",
"RestrictPostDelete": "all",
"AllowEditPost": "always",
"PostEditTimeLimit": 300,
"TimeBetweenUserTypingUpdatesMilliseconds": 5000,
"EnablePostSearch": true,
"EnableUserTypingMessages": true,
"EnableUserStatuses": true,
"ClusterLogTimeoutMilliseconds": 2000