how to correct choosing wrong certificate
May 24, 2017 03:37AM

i am new to nginx. the server script called "easyengine" for easy wordpress installation is using LEMP stack. So please bear with my novice experience.

What happened is, after latest apt-get update and upgrade Debian on my server, cloudflare started to threw 525 error regarding to SSL on my sites which using ssl.

I took out one of sites from Cloudflare. So currently i have 1 broken website for 525 error and 1 broken website which is picking wrong certificate. It picks certificate of my another site in my vps.

What should be the correct steps to correct this errors?

Thank you in advance,
Re: how to correct choosing wrong certificate
May 25, 2017 05:57AM
You'll need to show the config files.

Jim Ohlstein
Re: how to correct choosing wrong certificate
May 25, 2017 07:12AM
Hi Jim, thanks for reaching out.

For the site that looking for wrong certificate and calling for wrong site (first alphabetical site) config files.

Main nginx.conf as follows

user www-data;
worker_processes auto;
worker_rlimit_nofile 100000;
pid /run/;

events {
worker_connections 4096;
multi_accept on;

http {
# EasyEngine Settings

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 30;
types_hash_max_size 2048;

server_tokens off;
reset_timedout_connection on;
#add_header X-Powered-By "EasyEngine 3.7.4";
add_header rt-Fastcgi-Cache $upstream_cache_status;

# Limit Request
limit_req_status 403;
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;

# Proxy Settings
# set_real_ip_from proxy-server-ip;
# real_ip_header X-Forwarded-For;

fastcgi_read_timeout 300;
client_max_body_size 100m;

# SSL Settings

ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
ssl_prefer_server_ciphers on;
ssl_ciphers ***i remove this part for public posting***;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

# Basic Settings
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;

include /etc/nginx/mime.types;
default_type application/octet-stream;

# Logging Settings

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log debug;

# Log format Settings
log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
'$http_host "$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';

# Gzip Settings

gzip on;
gzip_disable "msie6";

gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;

# Virtual Host Configs

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;

and config file for probematic sites in sites-available

server {

listen 80;
listen [::]:80;


access_log /var/log/nginx/ rt_cache;
error_log /var/log/nginx/;

root /var/www/;

index index.php index.html index.htm;
include common/wpfc-php7.conf;
include common/wpcommon-php7.conf;
include common/locations-php7.conf;

default file in sites-available

server {
listen 80 default_server;
listen [::]:80 default_server;

server_name _;

location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;

and also in folder that conf includes php7.conf

location / {
try_files $uri $uri/ /index.php?$args;
location ~ \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass php7;


in snippets folder fastcgi-php.conf :

# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+\.php)(/.+)$;

# Check that the PHP script exists before passing it
try_files $fastcgi_script_name =404;

# Bypass the fact that try_files resets $fastcgi_path_info
# see:
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;

fastcgi_index index.php;
include fastcgi.conf;
Re: how to correct choosing wrong certificate
May 25, 2017 08:05AM
Something seems to be missing. Where are you defining 'ssl_certificate' and 'ssl_certificate_key'?

Jim Ohlstein
Re: how to correct choosing wrong certificate
May 25, 2017 10:53AM
ah indeed. i was just trying to disable https and because of that i had removed the row where includes the folder who has ssl.conf

#include /var/www/*.conf;


in that folder there is a ssl.conf (which i disabled by putting .disabled extension)

here is its content

listen 443 ssl http2;
ssl on;
ssl_certificate /etc/letsencrypt/live/;
ssl_certificate_key /etc/letsencrypt/live/;
Re: how to correct choosing wrong certificate
May 25, 2017 11:05AM
also this easyengine automation script creates lots of conf file and since i don't know exaclty which would be related, i just shared mightbe related conf i include the other files names in jpgs for you to look at the names.
open | download - etc-nginx.jpg (15.8 KB)
open | download - etc-nginx-common.jpg (16 KB)
open | download - etc-nginx-conf.d.jpg (5.2 KB)
Re: how to correct choosing wrong certificate
May 26, 2017 06:29AM
OK, assuming you are using a valid certificate from Letsencrypt, check '/etc/letsencrypt/live/' directory for other possible paths. If you have a valid certificate it should be in there. You might need to regenerate your certificates and reload nginx.

Jim Ohlstein
Re: how to correct choosing wrong certificate
May 26, 2017 03:05PM
yes i have valid certificate. so should i enable the row where includes the folder who has ssl.conf

( this one >> #include /var/www/*.conf )

and regenerate the certificate (which is valid until july by the way) ?
Re: how to correct choosing wrong certificate
May 27, 2017 07:11AM
hello, i want to give an update.i regenerated the certificates and i duplicated the nginx site conf files from a working site in the same server. then changed site references . and now it is working. i don't know if i forgot space or another character in config files. and it is now working. thanks for reaching out.
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 72
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready