curl访问etcd报错unable to set private key file

[appdeploy@1a32vla0168zzzz cfssl]$ curl -i https://xxx.xxx.xxx.5:2379/health --cacert /app/etcd/cfssl/ca.pem --cert /app/etcd/cfssl/server.pem --key /app/etcd/cfssl/server-key.pem --cert-type PEM
curl: (58) unable to set private key file: '/app/etcd/cfssl/server-key.pem' type PEM
[appdeploy@1a32vla0168zzzz cfssl]$ ll /app/etcd/cfssl/ca.pem
-rw-r--r-- 1 root root 1294 Aug  1 17:39 /app/etcd/cfssl/ca.pem
[appdeploy@1a32vla0168zzzz cfssl]$ ll /app/etcd/cfssl/server.pem
-rw-r--r-- 1 root root 1379 Aug  2 00:32 /app/etcd/cfssl/server.pem
[appdeploy@1a32vla0168zzzz cfssl]$ ll /app/etcd/cfssl/server-key.pem
-rw------- 1 root root 1679 Aug  2 00:32 /app/etcd/cfssl/server-key.pem

仔细检查后，猜测或许是密钥文件权限不够，切换到root用户，再次访问就ok了

[root@1a32vla0168zzzz cfssl]# curl -i https://xxx.xxx.xxx.5:2379/health --cacert /app/etcd/cfssl/ca.pem --cert /app/etcd/cfssl/server.pem --key /app/etcd/cfssl/server-key.pem --cert-type PEM
HTTP/2 200 
access-control-allow-headers: accept, content-type, authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: *
content-type: text/plain; charset=utf-8
content-length: 29
date: Thu, 04 Aug 2022 13:26:03 GMT

{"health":"true","reason":""}[