SSL certificate not loaded

I have a strange problem with SLL.

I purchased a SSL cert and combined the intermediary files into one:
cat www_mydomain_com.crt PositiveSSLCA2.crt AddTrustExternalCARoot.crt

mydomain-budle.crt

In the server conf I have the following:

server
{
listen 80;
listen 443 ssl;

server_name www.mydomain.com;
root /var/www/mydomain/;

ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
ssl_certificate /etc/nginx/conf/mydomain-bundle.crt;
ssl_certificate_key /etc/nginx/conf/server.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_verify_depth 2;

}

SSL doesn’t work and error log shows
no “ssl_certificate” is defined in server listening on SSL port while
SSL
handshaking, client: x.x.x.x, server: 0.0.0.0:443

What’s wrong? Of course, the file exists, I restarted the server. I
tried
everything I could think of (absolute path, I added ssl_verify_depth,
verified that in the crt file the END/BEGIN blocks are on separate
lines)

Posted at Nginx Forum:

Hello!

On Tue, Oct 15, 2013 at 09:13:52AM -0400, gaspy wrote:

listen 80;
ssl_session_timeout 10m;
verified that in the crt file the END/BEGIN blocks are on separate lines)
The message suggests you have another server{} listening on the
same port, without ssl_certificate defined, and it’s selected
based on SNI.


Maxim D.
http://nginx.org/en/donation.html

The message suggests you have another server{} listening on the
same port, without ssl_certificate defined, and it’s selected
based on SNI.

Hi Maxim and thanks for the quick reply.

I have another server block just for redirect, I disabled SSL on it but
the
problem persists.
Here’s how the other block looks like:

server
{
listen 80;
#listen 443 ssl;
server_name mydomain.com;
return 301 $scheme://www.mydomain.com$request_uri;
}

If it helps, I’m using nginx/1.1.19 on Ubuntu 12.04 32bit / XEN VPS.

Posted at Nginx Forum:

Hello!

On Tue, Oct 15, 2013 at 11:14:42AM -0400, gaspy wrote:

server
{
listen 80;
#listen 443 ssl;
server_name mydomain.com;
return 301 $scheme://www.mydomain.com$request_uri;
}

If the problem persists, it means that you either didn’t reloaded
the configuration or there is one more server{} block. Just for
testing you may want to configure ssl_certificate at http{} level.


Maxim D.
http://nginx.org/en/donation.html

Maxim D. Wrote:

return          301 $scheme://www.mydomain.com$request_uri;

}

If the problem persists, it means that you either didn’t reloaded
the configuration or there is one more server{} block. Just for
testing you may want to configure ssl_certificate at http{} level.

Maxim, it works now. I re-enabled SSL on this redirection server block
and
added the certificates to it. Reloaded and all is fine.
It’s strange because previously that server was listening only to port
80
(see that the 443 part was commented).
Anyway, all is well now, thanks.

Posted at Nginx Forum: