Forum: NGINX SSL certificate not loaded

2974d09ac2541e892966b762aad84943?d=identicon&s=25 gaspy (Guest)
on 2013-10-15 15:14
(Received via mailing list)
I have a strange problem with SLL.

I purchased a SSL cert and combined the intermediary files into one:
cat www_mydomain_com.crt PositiveSSLCA2.crt AddTrustExternalCARoot.crt
>>
mydomain-budle.crt

In the server conf I have the following:

server
{
  listen      80;
  listen       443 ssl;

  server_name    www.mydomain.com;
  root      /var/www/mydomain/;

  ssl_protocols    SSLv3 TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers      AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
  ssl_certificate    /etc/nginx/conf/mydomain-bundle.crt;
  ssl_certificate_key  /etc/nginx/conf/server.key;
  ssl_session_cache  shared:SSL:10m;
  ssl_session_timeout  10m;
  ssl_verify_depth 2;
...
}

SSL doesn't work and error log shows
no "ssl_certificate" is defined in server listening on SSL port while
SSL
handshaking, client: x.x.x.x, server: 0.0.0.0:443

What's wrong? Of course, the file exists, I restarted the server. I
tried
everything I could think of (absolute path, I added ssl_verify_depth,
verified that in the crt file the END/BEGIN blocks are on separate
lines)

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,243713,243713#msg-243713
A8108a0961c6087c43cda32c8616dcba?d=identicon&s=25 Maxim Dounin (Guest)
on 2013-10-15 15:49
(Received via mailing list)
Hello!

On Tue, Oct 15, 2013 at 09:13:52AM -0400, gaspy wrote:

>   listen      80;
>   ssl_session_timeout  10m;
> verified that in the crt file the END/BEGIN blocks are on separate lines)
The message suggests you have another server{} listening on the
same port, without ssl_certificate defined, and it's selected
based on SNI.

--
Maxim Dounin
http://nginx.org/en/donation.html
2974d09ac2541e892966b762aad84943?d=identicon&s=25 gaspy (Guest)
on 2013-10-15 17:15
(Received via mailing list)
> The message suggests you have another server{} listening on the
> same port, without ssl_certificate defined, and it's selected
> based on SNI.

Hi Maxim and thanks for the quick reply.

I have another server block just for redirect, I disabled SSL on it but
the
problem persists.
Here's how the other block looks like:

server
{
    listen          80;
  #listen       443 ssl;
    server_name     mydomain.com;
    return          301 $scheme://www.mydomain.com$request_uri;
}

If it helps, I'm using nginx/1.1.19 on Ubuntu 12.04 32bit / XEN VPS.

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,243713,243721#msg-243721
A8108a0961c6087c43cda32c8616dcba?d=identicon&s=25 Maxim Dounin (Guest)
on 2013-10-15 17:43
(Received via mailing list)
Hello!

On Tue, Oct 15, 2013 at 11:14:42AM -0400, gaspy wrote:

> server
> {
>     listen          80;
>   #listen       443 ssl;
>     server_name     mydomain.com;
>     return          301 $scheme://www.mydomain.com$request_uri;
> }

If the problem persists, it means that you either didn't reloaded
the configuration or there is one more server{} block.  Just for
testing you may want to configure ssl_certificate at http{} level.

--
Maxim Dounin
http://nginx.org/en/donation.html
2974d09ac2541e892966b762aad84943?d=identicon&s=25 gaspy (Guest)
on 2013-10-16 16:26
(Received via mailing list)
Maxim Dounin Wrote:
-------------------------------------------------------

> >     return          301 $scheme://www.mydomain.com$request_uri;
> > }
>
> If the problem persists, it means that you either didn't reloaded
> the configuration or there is one more server{} block.  Just for
> testing you may want to configure ssl_certificate at http{} level.

Maxim, it works now. I re-enabled SSL on this redirection server block
and
added the certificates to it. Reloaded and all is fine.
It's strange because previously that server was listening only to port
80
(see that the 443 part was commented).
Anyway, all is well now, thanks.

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,243713,243764#msg-243764
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.