PKCS12_parse: unsupported - when running a ruby application as a service on the server

Question

In my ruby application, I am creating Apple wallet passes. The application actually works well, but when I try to start it as a service (/etc/systemd/system), it is failing. I can see that almost everything is working, but it fails when I want to parse the p12 certificate.

My function to sign the manifest file

def sign_manifest(serial_number)
    temporary_path = "./passes/#{CUSTOMER}_#{serial_number}"
    certificate_path = "./certs/Zertifikate.p12"
    wwdr_path = "./certs/WWDR.pem"
    manifest_path = "./passes/#{CUSTOMER}_#{serial_number}/manifest.json"
    
  puts "Signing the manifest"
  # Import the certificates
  p12_certificate = OpenSSL::PKCS12::new(File.read(certificate_path), "")
  wwdr_certificate = OpenSSL::X509::Certificate.new(File.read(wwdr_path))
  
  # Sign the data
  flag = OpenSSL::PKCS7::BINARY|OpenSSL::PKCS7::DETACHED
  signed = OpenSSL::PKCS7::sign(p12_certificate.certificate, p12_certificate.key, File.read(manifest_path), [wwdr_certificate], flag)
  
  # Create an output path for the signed data
  signature_url = temporary_path + "/signature"
  
  # Write out the data
  File.open(signature_url, "w") do |f|
    f.syswrite signed.to_der
  end
end

Manually start with the command line

When I start the application manually with the command

ruby passGenerator.rb -p 20001 -o 0.0.0.0

on my server, it is working well, no issues.

Start as a service

The service itself looks like:

# wallet.service

[Unit]
Description = Apple Wallet Pass Generator
After = network.target

[Service]
WorkingDirectory = /var/www/html/passGenerator
ExecStart = ruby /var/www/html/passGenerator/passGenerator.rb -p 20001 -o 0.0.0.0

[Install]
WantedBy = multi-user.target

and start it with:

systemctl start wallet

I can start the service, and the server is running, but as soon as I want to create a new pass and come to this function, it crashes with the error:

PKCS12_parse: unsupported in the line of p12_certificate = OpenSSL::PKCS12::new(File.read(certificate_path), "“)

(In the code snippet line 9)

I first thought about the relative paths, but everything else works with the relative paths. Can anybody explain why that is happening?