Repeated include /etc/includes/ssl.conf Passes configtest, fails SSL Handshake

Maxim Dounin mdounin at
Thu Jul 31 14:37:11 UTC 2014


On Wed, Jul 30, 2014 at 10:14:05AM +0800, Matt Silverlock wrote:

> Hi all,
> Had a chat with a helpful person on IRC but both are stumped as 
> to why my configuration passes a check (nginx -t) but fails to 
> properly handle SSL.
> – I’ve split a couple of repetitive blocks out into 
> /etc/nginx/includes/ssl.conf (-rw-r--r-- root:root - same as 
> nginx.conf - should not be a problem)
> – Doing so results in SSL handshake issues (and the connection 
> fails appropriately)


> If I move the include directive (effectively removing the 
> duplication) into the http block and put the ssl_certificate and 
> ssl_certificate_key directives into each of the two (2) server 
> blocks instead of includes/ssl.conf, all is well. But this 
> conflicts with the documentation (as I interpret it) and still 
> results in some duplicated configuration.

It's good idea to show _full_ config which shows 
the problem.  The snipped you've showed looks fine and expected to 
work, but it's easy to make things wrong by some hardly noticeable 
mistake - e.g., missing semicolon.

It's also a good idea to take a look into error log - it may have 
something for you.

BTW, as long as there is only one certificate, it's expected to work 
fine with all ssl options at http{} levels.  You don't need to 
put ssl_certificate and ssl_certificate_key into server{} blocks.

Maxim Dounin

More information about the nginx mailing list