Realm Object Server - SSL configuration causes ROS

Ubuntu 16.04 / ROS v1.3.0

I am attempting to configure my ROS to use secure SSL connections.

If I do not make any changes to the configuration.yml - ROS is fine. I can sync and use the dashboard as I would expect.

I have obtained an SSL cert from Letsencrypt. I used the CertBot in standalone mode so that I did not have to install or configure Nginx. (My preference is to not install yet another tech/layer - keep it clean!)

I have the following certificates/key stored in this folder: /etc/letsencrypt/live/data.mydomain.net/cert.pem /etc/letsencrypt/live/data.mydomain.net/chain.pem /etc/letsencrypt/live/data.mydomain.net/fullchain.pem /etc/letsencrypt/live/data.mydomain.net/privkey.pem

As soon as I enable HTTPS in the configuration.yml I am unable to launch ROS.

There are no error messages written to: /var/log/realm-object-server.log

Here is a copy of the proxy section of configuration.yml.

  http:
    ## Whether or not to enable the HTTP proxy module. It enables multiplexing requests
    ## by forwarding incoming requests on a single port to all services.
    # enable: true

    ## The address/interface on which the HTTP proxy module should listen. This defaults
    ## to 127.0.0.1. If you wish to listen on all available interfaces,
    ## uncomment the following line.
    # listen_address: '::'

    ## The port that the HTTP proxy module should bind to.
    # listen_port: 9080

  https:
    ## Whether or not to enable the HTTPS proxy module. It enables multiplexing requests
    ## by forwarding incoming requests on a single port to all services.
    ## Note that even if it enabled, the HTTPS proxy will only start if supplied
    ## with a valid pair of certificates through certificate_path and private_key_path below.
    enable: true

    ## The path to the certificate and private keys (in PEM format) that will be used
    ## to set up the HTTPS server accepting connections.
    ## These configuration options are MANDATORY to start the HTTPS proxy module.
    certificate_path: '/etc/letsencrypt/live/data.mydomain.net/fullchain.pem'
    private_key_path: '/etc/letsencrypt/live/data.mydomain.net/privkey.pem'

    ## The address/interface on which the HTTPS proxy module should listen. This defaults
    ## to 127.0.0.1. If you wish to listen on all available interfaces,
    ## uncomment the following line.
    # listen_address: '::'

    ## The port that the HTTPS proxy module should bind to.
    listen_port: 9443

As I mention. The issue appears to be that as soon as I configure HTTPS the ROS server fails to start. If I disable the HTTPS then the ROS server starts without issue.

The reason I believe ROS is failing to start is - if I attempt curl 127.0.0.1:9080 or curl 127.0.0.1:9443 from the terminal I get the message curl: (7) Failed to connect to 127.0.0.1 port 9443: Connection refused

I'd love to hear your ideas/thoughts/suggestions on how I can get this to work. Cheers. Ian

Thanks to user @Radu - the answer was Permissions.

The realm user did not have permission to read the .pem files.

I picked up the answer from this answer. Https Proxy for Realm Object Server not working

@Radu - is the man!