Join Log in
Score:0
Shan Robertson avatar Server

no "ssl_certificate" is defined in server

es flag
Shan Robertson

Trying to get my routine webserver set up, and running into this roadblock, no matter what I try it's not working, something i've done hundreds of times and i'm out of ideas.

Typical webserver setup, centos 8 with a node process running on pm2, firewall-cmd with http, https and the port of my app, App works fine when visiting http://ip:port.

I've directed the domain to the server and confirmed it's pointing to the server and resolved.

The problem comes when trying to setup nginx with a let's encrypt cert, /var/log/nginx/error.log is giving the error no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking when visiting the domain in the browser. Below are my nginx conf files.

nginx.conf

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;
}

default.conf

server {
  listen       80 default_server;
  listen       443 ssl default_server;
  listen       [::]:80 default_server;
  listen       [::]:443 ssl default_server;

  server_name  _;

  root          /var/www/;
  index index.html index.htm index.nginx-debian.html;

  include /etc/nginx/default.d/*.conf;

  location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
    add_header Access-Control-Allow-Origin "*";
    expires 7d;
    access_log off;
  }

  location / {
    try_files $uri $uri/ =404;
  }

  error_page 404 /404.html;
      location = /40x.html {
  }

  error_page 500 502 503 504 /50x.html;
      location = /50x.html {
  }

  #return 301 http://$host$request_uri;
}

mywebsite.conf

server {
  server_name www.mywebsite.com;
  return 301 https://mywebsite.com;

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/mywebsite.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mywebsite.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    if ($host = mywebsite.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


  listen 80;
  server_name mywebsite.com;
  return 301 https://$host$request_uri;


}

server {
  listen 443 ssl;
  server_name mywebsite.com;

  location / {
          proxy_set_header        Host $host;
          proxy_set_header        X-Real-IP $remote_addr;
          proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header        X-Forwarded-Proto $scheme;
          proxy_pass              "http://127.0.0.1:3100";
          proxy_redirect http:// https://;
  }

    ssl_certificate /etc/letsencrypt/live/mywebsite.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mywebsite.com/privkey.pem; # managed by Certbot
}
server {
    if ($host = www.mywebsite.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


  listen 80;
  server_name www.mywebsite.com;
    return 404; # managed by Certbot
}

All files exist, nginx config is without errors. Any ideas? Let me know if you need more info.

202
1 + 0
Score:0
avatar Server
us flag
Tero Kilkanen

Your default virtual host is configured to listen to both IPv4 and IPv6:

listen       80 default_server;
listen       443 ssl default_server;
listen       [::]:80 default_server;
listen       [::]:443 ssl default_server;

However, your other vhosts only listen to IPv4:

listen 443 ssl; # managed by Certbot
listen 80;
listen 443 ssl;
listen 80;

Since the default vhost doesn't have any SSL keys configured, it means that when connecting via IPv6, there is nothing for nginx to use.

To fix the issue, add listen directives for IPv6 to your other virtual hosts.

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.