nginx dynamic ssl_certificate/_key

Falci

8/10/23, 10:06 PM

Not sure what's happening, but this one works:

ssl_certificate /etc/ssl/tld/$ssl_server_name/ssl.crt;

and this one fails:

set $cert $ssl_server_name;
ssl_certificate /etc/ssl/tld/$cert/ssl.crt;

The real case is: my certs are located in folder by TLD (don't ask):

map $ssl_server_name $tld {
   ~^(.+\.)*(.+)$      $2;
   default $ssl_server_name;
}

But it seems like I can only use $ssl_server_name. Anything else fails.

*1 cannot load certificate "/etc/ssl/tld//ssl.crt": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/ssl/tld//ssl.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file) while SSL handshaking, client: 192.168.136.xxx, server: 0.0.0.0:443

nginx -v
nginx version: nginx/1.18.0 (Ubuntu)

0 + 0

nginx

Richard Smith

8/11/23, 6:40 AM

Have you tried using a named capture? For example: `~^(.+\.)*(?<myname>.+)$ $myname;`

Falci

8/11/23, 6:47 AM

Just tried. It fails. Note that even "set $cert $ssl_server_name;" fails

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: nginx dynamic ssl_certificate/_key

TH: nginx แบบไดนามิก ssl_certificate/_key

RO: nginx dynamic ssl_certificate/_key

RU: nginx динамический ssl_certificate/_key

VI: nginx động ssl_certificate/_key

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.