[Nut-upsuser] Invalid directive CERTFILE /etc/nut/keys/gold.pem on Debian stretch

[Roger Price]

I tried adding SSL/TLS support to NUT following the User Manual chapter 9.5 
"Configuring SSL".  I got as far as generating a self-signed private key and a 
certificate (public key) in a single file gold.pem which has the form

   -----BEGIN CERTIFICATE-----
   MIID3DCCA...
   -----END CERTIFICATE-----
   -----BEGIN PRIVATE KEY-----
   MIIEvQIBA...
   -----END PRIVATE KEY-----

I updated upsd.conf to

   # upsd.conf
   LISTEN 0.0.0.0 3493
   CERTFILE /etc/nut/keys/gold.pem

but when I restart nut-server.service I get the message

   Jul 04 10:49:05 maria upsd[4744]: upsd.conf: invalid directive CERTFILE
                                     /etc/nut/keys/gold.pem
   Jul 04 10:49:05 maria upsd[4744]: listening on 0.0.0.0 port 3493

My first reaction was to check the spelling of CERTFILE, but it looks ok.  I 
then checked that nut 2.7.4 on Debian is compiled with SSL/TLS support

   DEB_CONFIGURE_EXTRA_FLAGS := --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH) \
    	                     --with-ssl --with-nss \
   	                     --with-cgi \
   ...

so now I'm stuck for ideas.  Any suggestion would be much appreciated.

Roger