Using $host variable in ssl_certificate path

dimitre nginx-forum at
Wed Oct 20 17:27:50 UTC 2021

I'm now using Nginx 1.21.
I've noticed Nginx actually runs with variable in ssl certificate path, but
the certificate itself doesn't run.
ssl_certificate /etc/letsencrypt/live/$host/fullchain.pem; # managed by
ssl_certificate_key /etc/letsencrypt/live/$host/privkey.pem; # managed by

I double checked the $host variable using a special header and curl, to know
if $host variable is the exact value of my folder there, and it is correct.

add_header  X-Host $host;

Now checking Nginx error.log it indicates maybe it is because file
2021/10/20 17:16:07 [error] 2408#2408: *412 cannot load certificate
"/etc/letsencrypt/live/XXXXX/fullchain.pem": BIO_new_file() failed (SSL:
error:0200100D:system library:fopen:Permission
error:2006D002:BIO routines:BIO_new_file:system lib) while SSL handshaking,
client:, server:

But strangely enough it runs OK if I don't use the $host variable. I would
like to keep permissions so when Certbot updates I don't have any

Posted at Nginx Forum:,292653,292656#msg-292656

More information about the nginx mailing list