nginx permission denied to certificate files for ssl configuration

Solution 1:

You probably have SELinux in enforcing mode (the default for Fedora):

sestatus -v

If this is the case, check the audit logs, you should find the access error:

ausearch -m avc -ts today | audit2allow

You also probably moved the filed instead of copying it, so the security context of the file might be wrong.

ls -lrtZ /etc/nginx/demo.* 

and correct it if needed:

restorecon -v -R /etc/nginx

Solution 2:

I guess it's SELinux that denies permission. Check their SELinux context. Theirs should be httpd_config_t. If not, run

restorecon /etc/nginx/demo.*

or

chcon httpd_config_t /etc/nginx/demo.*

as root.

You can check logs under /var/log/audit/ to see if it's SELinux that denies permission. You can also run

setenforce 0

to set SELinux into permissive mode. This way, SELinux still generates AVC messages (in /var/log/audit/) but permits access.