the problem with SSL

A

alex11

Verified User
Joined
Jun 20, 2015
Messages
26
Don`t open sites on https

centos 7
directadmin latest

SSL=1
letsencrypt=1
enable_ssl_sni=1

your.hostname.com:2222 - ssl green, ok

What could be the problem?
 
alex11 said:
Don`t open sites on https

centos 7
directadmin latest

SSL=1
letsencrypt=1
enable_ssl_sni=1

your.hostname.com:2222 - ssl green, ok

What could be the problem?
Click to expand...

You used / followed the manual for letsencrypt, making/generating certificates no error?

APACHE version 2.4.25?
HTTP2 ?
 
Hello,

The provided information is not sufficient to make even a guess. Kindly provide a real domain name privately or via PM so that we could check and help you. Without it hardly can we help you.
 
What exactly? You have the both errors for all sites? You have wrong CERT for all sites?

The first error might be related to software misconfiguration or outdated versions.
I don't know where you've got the second error from. It's an application level error most likely.

What OpenSSL version?

Code: 
openssl version
?

Code: 
nginx -V

And show nginx.conf for a domain softepil.com.


Kindly put output results between CODE tags (formating in the reply form).
 
OpenSSL 1.0.1e-fips 11 Feb 2013

nginx version: nginx/1.10.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --user=nginx --group=nginx --prefix=/usr --sbin-path=/usr/sbin --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --http-log-path=/var/log/nginx/access_log --error-log-path=/var/log/nginx/error_log --with-ipv6 --without-mail_imap_module --without-mail_smtp_module --with-http_ssl_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_dav_module --with-cc-opt=''-D FD_SETSIZE=32768''

Code: 
# Auto generated nginx config file by DirectAdmin version 1.51.1
# Modifying this file is not recommended as any changes you make will be
# overwritten when the user makes any changes to their website

# For global config changes that affect all Users, see this guide:
# http://help.directadmin.com/item.php?id=558
# For local config changes that only affect one User, see this guide:
# http://help.directadmin.com/item.php?id=3


server
{
        listen 185.41.186.152:80;
        server_name softepil.com www.softepil.com ;
        access_log /var/log/nginx/domains/softepil.com.log;
        access_log /var/log/nginx/domains/softepil.com.bytes bytes;
        error_log /var/log/nginx/domains/softepil.com.error.log;
        root /home/softe933/domains/softepil.com/public_html;
        index index.php index.html index.htm;
        location /
        {
                # access_log off;
                proxy_buffering off;
                proxy_pass http://185.41.186.152:8080;
                proxy_set_header X-Client-IP      $remote_addr;
                proxy_set_header X-Accel-Internal /nginx_static_files;
                proxy_set_header Host             $host;
                proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
        }
        location /nginx_static_files/
        {
                # access_log  /var/log/nginx/access_log_proxy;
                alias       /home/softe933/domains/softepil.com/public_html/;
                internal;
        }
        include /etc/nginx/webapps.conf;
}

server
{
        listen 185.41.186.152:443 ssl;
        server_name softepil.com www.softepil.com ;
        access_log /var/log/nginx/domains/softepil.com.log;
        access_log /var/log/nginx/domains/softepil.com.bytes bytes;
        error_log /var/log/nginx/domains/softepil.com.error.log;
        root /home/softe933/domains/softepil.com/private_html;
        index index.php index.html index.htm;
        ssl on;
        ssl_certificate /etc/httpd/conf/ssl.crt/server.crt.combined;
        ssl_certificate_key /etc/httpd/conf/ssl.key/server.key;
        location /
        {
                # access_log off;
                proxy_buffering off;
                proxy_pass https://185.41.186.152:8081;
                proxy_set_header X-Client-IP      $remote_addr;
                proxy_set_header X-Accel-Internal /nginx_static_files;
                proxy_set_header Host             $host;
                proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
        }
        location /nginx_static_files/
        {
                # access_log  /var/log/nginx/access_log_proxy;
                alias       /home/softe933/domains/softepil.com/private_html/;
                internal;
        }
        include /etc/nginx/webapps.ssl.conf;
}

server
{
        listen 185.41.186.152:80;
        server_name moguta.softepil.com www.moguta.softepil.com ;
        access_log /var/log/nginx/domains/softepil.com.moguta.log;
        access_log /var/log/nginx/domains/softepil.com.moguta.bytes bytes;
        error_log /var/log/nginx/domains/softepil.com.moguta.error.log;
        root /home/softe933/domains/softepil.com/public_html/moguta;
        index index.php index.html index.htm;
        location /
        {
                # access_log off;
                proxy_buffering off;
                proxy_pass http://185.41.186.152:8080;
                proxy_set_header X-Client-IP      $remote_addr;
                proxy_set_header X-Accel-Internal /nginx_static_files;
                proxy_set_header Host             $host;
                proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
        }
        location /nginx_static_files/
        {
                # access_log  /var/log/nginx/access_log_proxy;
                alias       /home/softe933/domains/softepil.com/public_html/moguta/;
                internal;
        }
        include /etc/nginx/webapps.conf;
}

server
{
        listen 185.41.186.152:443 ssl;
        server_name moguta.softepil.com www.moguta.softepil.com ;
        access_log /var/log/nginx/domains/softepil.com.moguta.log;
        access_log /var/log/nginx/domains/softepil.com.moguta.bytes bytes;
        error_log /var/log/nginx/domains/softepil.com.moguta.error.log;
        root /home/softe933/domains/softepil.com/private_html/moguta;
        index index.php index.html index.htm;
        ssl on;
        ssl_certificate /etc/httpd/conf/ssl.crt/server.crt.combined;
        ssl_certificate_key /etc/httpd/conf/ssl.key/server.key;
        location /
        {
                # access_log off;
                proxy_buffering off;
                proxy_pass https://185.41.186.152:8081;
                proxy_set_header X-Client-IP      $remote_addr;
                proxy_set_header X-Accel-Internal /nginx_static_files;
                proxy_set_header Host             $host;
                proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
        }
        location /nginx_static_files/
        {
                # access_log  /var/log/nginx/access_log_proxy;
                alias       /home/softe933/domains/softepil.com/private_html/moguta/;
                internal;
        }
        include /etc/nginx/webapps.ssl.conf;
}
 
Last edited:
Your domains are configured to use server's SSL cert:

Code: 
        ssl_certificate /etc/httpd/conf/ssl.crt/server.crt.combined;
        ssl_certificate_key /etc/httpd/conf/ssl.key/server.key;

You need to generate individual SSL cert for every domain, or add domains in server's SSL cert and re-issue it.
 
zEitEr said:
Your domains are configured to use server's SSL cert:

Code: 
        ssl_certificate /etc/httpd/conf/ssl.crt/server.crt.combined;
        ssl_certificate_key /etc/httpd/conf/ssl.key/server.key;

You need to generate individual SSL cert for every domain, or add domains in server's SSL cert and re-issue it.
Click to expand...

For each domain was created by an individual SSL certificate. Everything worked.

I reinstalled the server and restored everything from backups
 
Check SSL page for a domain in Directadmin, what do you see there? Is a domain configured to use individual cert from LE or a server's SSL cert?
 
You must log in or register to reply here.
Back
Top