problem with connecting

Hi, I have an issue configuring ejabber. For the most part, I have just uncommented the access examples in the configuration file, but I have also looked at the documentation to see if I can spot any errors. I can't connect with unencrypted, STARTTLS or SSL (to begin with, I think it would be best to support all connection methods). I believe the rest of my config file works, but for consistency I'll paste it all.

Here's one example from ejabberd.log with STARTTLS on 5222

** Reason for termination =
** {{badmatch,{error,"SSL_CTX_use_PrivateKey_file failed: error:0906D06C:PEM routines:PEM_read_bio:no start line"}},

But I have also seen these two with various network settings on the client: (IP addresses obfuscated)

I(<0.648.0>:ejabberd_listener:90): (#Port<0.697>) Accepted connection {{10,10,10,10},1485} -> {{10,10,10,11},5223}

I(<0.551.0>:ejabberd_listener:90): (#Port<0.700>) Accepted connection {{10,10,10,10},1486} -> {{10,10,10,11},5222}

%%
%% BEGIN CONFIG
%%

{acl, admin, {user, "admin", "example.com"}}.

{acl, local, {user_regexp, ""}}.

{access, configure, [{allow, admin}]}.

{access, register, [{allow, all}]}.

{welcome_message,
{"Welcome!",
"foo"
"bar"}}.

{access, announce, [{allow, admin}]}.

{access, c2s, [{deny, blocked},
{allow, all}]}.

{shaper, normal, {maxrate, 1000}}.

{shaper, fast, {maxrate, 50000}}.

{access, c2s_shaper, [{none, admin},
{normal, all}]}.

{access, muc_admin, [{allow, admin}]}.

{access, muc, [{allow, all}]}.

{access, local, [{allow, local}]}.

{auth_method, ldap}.
{ldap_servers, ["ldap.example.com"]}. % List of LDAP servers
{ldap_uidattr, "uid"}. % LDAP attribute that holds user ID
{ldap_base, "o=company,dc=example,dc=com"}. % Search base of LDAP directory
{ldap_rootdn, ""}. % LDAP manager
{ldap_password, ""}. % Password to LDAP manager

{hosts, ["example.com"]}.

{language, "en"}.

% Ordinary client-2-server service
[{5222, ejabberd_c2s, [{access, c2s},
{max_stanza_size, 65536},
starttls, {certfile, "/etc/ejabberd/jabber.example.com-crt.pem"},
{shaper, c2s_shaper}]},
% SSL-enabled client-2-server service
{5223, ejabberd_c2s, [{access, c2s},
{max_stanza_size, 65536},
tls, {certfile, "/etc/ejabberd/jabber.example.com-crt.pem"},
{shaper, c2s_shaper}]},
% Server-2-server service
{5269, ejabberd_s2s_in, [{shaper, s2s_shaper},
{max_stanza_size, 131072}]},
% HTTP service (You may choose options HTTP-polling and Web-administering)
% When commenting out, be careful with commas
{5280, ejabberd_http, [http_poll, web_admin]}
]}.

% Use STARTTLS+Dialback for S2S connections
{s2s_use_starttls, true}.
{s2s_certfile, "/etc/ejabberd/jabber.example.com-crt.pem"}.

% If SRV lookup fails, then port 5269 is used to communicate with remote server

{outgoing_s2s_port, 5269}.

% Used modules:
{modules,
[
{mod_adhoc, []},
{mod_announce, [{access, announce}]}, % Depends on mod_adhoc
{mod_register, [{access, register}]},
{mod_roster, []},
{mod_privacy, []},
{mod_configure, []}, % Depends on mod_adhoc
{mod_configure2, []},
{mod_disco, [{extra_domains, ["example.com"]}]},
{mod_stats, []},
{mod_vcard, []},
{mod_offline, []},
{mod_echo, []},
{mod_private, []},
{mod_irc, []},
% Default options for mod_muc:
% host: "conference." ++ ?MYNAME
% access: all
% access_create: all
% access_admin: none (only room creator has owner privileges)
{mod_muc, [{access, muc},
{access_create, muc},
{access_admin, muc_admin}]},
{mod_muc_log, []},
% {mod_shared_roster, []},
{mod_pubsub, []},
{mod_time, []},
{mod_last, []},
{mod_version, []}
]}.

% vim:set ft=erlang:
% Local Variables:
% mode: erlang
% End:

%%%
%%% END CONFIG
%%%