解决 nginx 问题 [emerg] BIO_new_file failed (SSL: error:0200100D:system>

用命令启动 nginx 遇到错误，如下：

$ systemctl start nginx
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xe" for details.

根据提示，查看一下错误详情：

$ systemctl status nginx.service
● nginx.service - The nginx HTTP and reverse proxy server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Fri 2021-06-25 10:52:50 UTC; 33s ago
  Process: 16659 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=1/FAILURE)
  Process: 16658 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)

Jun 25 10:52:50 centos-s-1vcpu-2gb-sgp1-01 systemd[1]: Starting The nginx HTTP and reverse proxy server...
Jun 25 10:52:50 centos-s-1vcpu-2gb-sgp1-01 nginx[16659]: nginx: [emerg] BIO_new_file("/etc/nginx/conf.d/ssl/awaimai.com.pem") failed (SSL: error:0200100D:system>
Jun 25 10:52:50 centos-s-1vcpu-2gb-sgp1-01 nginx[16659]: nginx: configuration file /etc/nginx/nginx.conf test failed
Jun 25 10:52:50 centos-s-1vcpu-2gb-sgp1-01 systemd[1]: nginx.service: Control process exited, code=exited status=1
Jun 25 10:52:50 centos-s-1vcpu-2gb-sgp1-01 systemd[1]: nginx.service: Failed with result 'exit-code'.
Jun 25 10:52:50 centos-s-1vcpu-2gb-sgp1-01 systemd[1]: Failed to start The nginx HTTP and reverse proxy server.

看起来像是 SSL 证书文件的问题，其实上不是，主要还是 Linux 安全策略的问题。

解决方法：关闭 selinux 防火墙，操作：

$ setenforce 0

然后在启动一次，就可以了。

如果再提示文件没权限，复制文件给 nginx 用户组就搞定了。

什么是 SELinux 呢？它是『 Security Enhanced Linux 』的缩写，安全强化的 Linux 的工具。

参考资料：

• 第十七章、程序管理与 SELinux 初探
• NGINX SSL certificate permission SSL error :0200100D:system