Welcome! Log In Create A New Profile

Nginx serving self-signed cert instead of the one defined in conf

Forum List Message List New Topic Print View

Arno0x0x

August 11, 2015 01:27PM

Registered: 9 years ago
Posts: 9

Hello,

I'm facing a strange issue since I upgraded from Nginx 1.6.2 to 1.8.0. My configuration files have been kept identicals, as well as my official SSL certificates.

The problem is Nginx keeps on serving a self-signed certificate (dunno where it takes it from) instead of my proper certificates that I defined in the config file. Here's the server section SSL config bits :

------------------------------------------------------------------------------------
server {
listen 443 ssl; ## listen for ipv4; this line is default and implied
#listen [::]:80 default_server ipv6only=on; ## listen for ipv6

server_name my_fqdn;

ssl_certificate /etc/nginx/ssl/gandi/my_fqdn.crt;
ssl_certificate_key /etc/nginx/ssl/gandi/my_fqdn.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'AES256+EECDH:AES256+EDH';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;

...
------------------------------------------------------------------------------------

This configuration works fine on my other server with nginx 1.6.2.

I tried to increase error log to the debug level, but I get stricly no error message when starting Nginx (I was hoping for some clue like "nginx cannot read the file / path of the defined certs .... but nothing).

The config file checks is fine :
------------------------------------------------------------------------------------
sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
------------------------------------------------------------------------------------

Example with openssl client :

------------------------------------------------------------------------------------
openssl s_client -connect myfqdn:443
CONNECTED(00000003)
depth=0 C = EU, ST = NoWhere, O = Internet Widgits Pty Ltd, CN = myfqdn
verify error:num=18:self signed certificate
verify return:1
depth=0 C = EU, ST = NoWhere, O = Internet Widgits Pty Ltd, CN = myfqdn
verify return:1
---
Certificate chain
0 s:/C=EU/ST=NoWhere/O=Internet Widgits Pty Ltd/CN=myfqdn
i:/C=EU/ST=NoWhere/O=Internet Widgits Pty Ltd/CN=myfqdn
---
Server certificate
etc....
------------------------------------------------------------------------------------

I'm lost. Any help is welcomed !

Regards,
Arno

Reply Quote

RSS

Subject	Author	Posted
Nginx serving self-signed cert instead of the one defined in conf	Arno0x0x	August 11, 2015 01:27PM
Re: Nginx serving self-signed cert instead of the one defined in conf	Maxim Dounin	August 11, 2015 02:02PM
Re: Nginx serving self-signed cert instead of the one defined in conf	Arno0x0x	August 11, 2015 02:21PM
Re: Nginx serving self-signed cert instead of the one defined in conf	Arno0x0x	August 12, 2015 05:56AM