Repeated include /etc/includes/ssl.conf Passes configtest, fails SSL Handshake

Matt Silverlock matt at
Wed Jul 30 02:14:05 UTC 2014

Hi all,

Had a chat with a helpful person on IRC but both are stumped as to why my configuration passes a check (nginx -t) but fails to properly handle SSL.

– I’ve split a couple of repetitive blocks out into /etc/nginx/includes/ssl.conf (-rw-r--r-- root:root - same as nginx.conf - should not be a problem)
– Doing so results in SSL handshake issues (and the connection fails appropriately)
– My cert covers both the root domain and www
– An excerpt of my configuration is here: — but the relevant part is below:
 # re-direct non-www https to https
    server {
        listen 443 ssl;

        include /etc/nginx/includes/ssl.conf;
        return 301$request_uri;

    server {
        listen 443 ssl default_server;

        include /etc/nginx/includes/ssl.conf;
        root /srv/www/;

        error_page 502 503 504 /5xx.html;

        # rest of config (proxy pass to Go server)
        # STS header in location block, etc.
If I move the include directive (effectively removing the duplication) into the http block and put the ssl_certificate and ssl_certificate_key directives into each of the two (2) server blocks instead of includes/ssl.conf, all is well. But this conflicts with the documentation (as I interpret it) and still results in some duplicated configuration.

Ideally I want to drop the entire “SSL config” for these two domains into a includes file that I can then just import into the server blocks. If that’s not entirely possible, that’s okay — but configs I’ve seen out in the wild ( seem to do what I’m trying to achieve :)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list