# 不可用: grpc: 未找到 TLS 证书: /etc/ssl/certs/server.crt

- **ID:** `grpc/grpc-tls-certificate-not-found`
- **领域:** grpc
- **类别:** config_error
- **验证级别:** ai_generated
- **修复率:** 95%

## 根因

指定的 TLS 证书文件路径不存在，或因权限或路径错误而无法访问。

## 版本兼容性

| 版本 | 状态 | 引入 | 弃用 |
|------|------|------|------|
| grpc-go 1.60.0 | active | — | — |
| grpc-java 1.59.0 | active | — | — |
| OpenSSL 3.0.12 | active | — | — |

## 解决方案

1. ```
   Verify the certificate file exists and has correct permissions. Run:
  ls -la /etc/ssl/certs/server.crt
  If missing, generate or copy the certificate. Example using OpenSSL:
  openssl req -x509 -newkey rsa:4096 -keyout /etc/ssl/certs/server.key -out /etc/ssl/certs/server.crt -days 365 -nodes
  Then update the gRPC server config to point to the correct paths.
   ```
2. ```
   If using a custom path, set the GRPC_GO_TLS_CERT_FILE and GRPC_GO_TLS_KEY_FILE environment variables before starting the server:
  export GRPC_GO_TLS_CERT_FILE=/path/to/cert.pem
  export GRPC_GO_TLS_KEY_FILE=/path/to/key.pem
  ./your_server
   ```

## 无效尝试

- **** — The error is about the server certificate, not the root CA; changing root path doesn't help if server cert path is wrong. (85% 失败率)
- **** — This bypasses security but does not fix the missing certificate; the server still fails to start with TLS. (90% 失败率)