Hello everyone,
I am using Nginx in a production environment since some years, but I am
almost a newbie with SSL certificates and connections. A the moment I have
a configuration with two levels:
1. A first level Nginx that operate as load balancer
2. Two second level Nginx: the first host a web site and it do not need a
SSL connection, the second hosts an Owncloud instance and it need a SSL
connection.
I am using Certbot and Let's Encrypt to generate signed certificates. A the
moment I have certificates installed in both levels and until last month
this configuration was working. After certificates renewal (every three
months) I am getting an ERR_CERT_DATE_INVALID and I can not access to
Owncloud. Only second level certificate has been renewed.
But if I try to connect directly to second level Nginx, I do not get any
error and I can access to Owncloud.
This is first level Nginx config:
upstream cloud {
server 10.39.0.52;
}
upstream cloud_ssl {
server 10.39.0.52:443;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name cloud.diakont.it cloud.diakont.srl;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl on;
server_name cloud.diakont.it cloud.diakont.srl;
include snippets/cloud.diakont.it.conf;
include snippets/ssl-params.conf;
error_log /var/log/nginx/cloudssl.diakont.it.error.log info;
access_log /var/log/nginx/cloudssl.diakont.it.access.log;
location / {
proxy_pass https://cloud_ssl/;
proxy_redirect default;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
}
I would like to set first level Nginx to establish a SSL connection with
Owncloud without having to renew the certificates on both levels. Is it
possible? How do I have to change my config?
Thanks in advance.
Meph
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
