Welcome! Log In Create A New Profile

Advanced

ssl_trusted_certificate doesn't accept @server_name variable

June 03, 2019 05:42AM
The following works as advertised in my vhost server block

ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/mydomain.com/chain.pem;

To better automate vhosts en mass I tried using the $server_name variable

server_name mydomain.com;

ssl_certificate /etc/letsencrypt/live/$server_name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$server_name/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/$server_name/chain.pem;

Nginx failed but this works

server_name mydomain.com;

ssl_certificate /etc/letsencrypt/live/$server_name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$server_name/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/mydomain.com/chain.pem;

If ssl_certificate and ssl_certificate accept the $server_name variable then how come ssl_trusted_certificate doesn't?

Heres the error on Ubuntu 18.04.2 running Nginx 1.17.0 source compiled with OpenSSL 1.1.1c

Jun 03 05:34:22 cloud systemd[1]: Starting The NGINX HTTP and reverse proxy server...
Jun 03 05:34:22 cloud nginx[12646]: nginx: [emerg] SSL_CTX_load_verify_locations("/etc/letsencrypt/live/$server_name/chain.pem") failed (SSL: error:02001002:system library:
Jun 03 05:34:22 cloud nginx[12646]: nginx: configuration file /etc/nginx/nginx.conf test failed
Jun 03 05:34:22 cloud systemd[1]: nginx.service: Control process exited, code=exited status=1
Jun 03 05:34:22 cloud systemd[1]: nginx.service: Failed with result 'exit-code'.
Jun 03 05:34:22 cloud systemd[1]: Failed to start The NGINX HTTP and reverse proxy server.

ssl_certificate and ssl_certificate_key parse the variable $server_name and the correct path to the domain's SSL certs are validated.

Seems odd to me. Thanks for any explanation
~Gary
Subject Author Posted

ssl_trusted_certificate doesn't accept @server_name variable

devCU June 03, 2019 05:42AM

Re: ssl_trusted_certificate doesn't accept @server_name variable

Maxim Dounin June 03, 2019 08:48AM

Re: ssl_trusted_certificate doesn't accept @server_name variable

devCU June 03, 2019 01:55PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 51
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready