SSL error with Consul


I generated SSL self-signed certificates with openssl.
I would like to use them in consul.

When I start consul, I have this error message:

WARNING: LAN keyring exists but -encrypt given, using keyring
WARNING: WAN keyring exists but -encrypt given, using keyring
bootstrap = true: do not enable unless necessary
==> Starting Consul agent...
           Version: 'v1.6.2'
           Node ID: 'c2bb6349-5549-7d5d-8086-bccb398a7836'
         Node name: 'consul-app-dc1-01'
        Datacenter: 'global' (Segment: '<all>')
            Server: true (Bootstrap: true)
       Client Addr: [] (HTTP: 80, HTTPS: 443, gRPC: -1, DNS: 8600)
      Cluster Addr: (LAN: 8301, WAN: 8302)
           Encrypt: Gossip: true, TLS-Outgoing: true, TLS-Incoming: false, Auto-Encrypt-TLS: false

==> Log data will now stream in as it occurs:

==> Error starting agent: Failed to load cert/key pair: tls: private key does not match public key
    2020/01/20 13:48:56 [INFO] agent: Exit code: 1

If I check the cert with openssl:

openssl verify -CAfile ca-chain.cert.pem xxxxxx.cert.pem OK

Any ideas what’s wrong ?

This issues was resolved on the mailing list. The private key did not match the certificate.