Web Safety Sync Fails with Crypto/TLS error

If you have manually generated the Root CA PEM file for HTTPS decryption it might be possible for the Web Safety Sync daemon to fail to start - although the HTTPS decryption in itself works normally. The error usually contains the following message.

Web Safety Sync cannot start, error: crypto/tls: failed to parse private key

This happens when PEM file contains unexpected order of Private Key and Certificate. For the Web Safety Sync daemon to work correctly the myca.pem file should have the Private Key first, followed by the Certificate.

If you open the /opt/websafety/etc/myca.pem file in any text editor the -----BEGIN PRIVATE KEY----- section should be first, followed by the -----BEGIN CERTIFICATE----- section.

The issue https://github.com/diladele/websafety/issues/1936 contains more information why this might happen.