Proxy pass and SSL certificates

Mephysto On Hell mephystoonhell at
Thu May 3 08:30:20 UTC 2018

Hello everyone,
I am using Nginx in a production environment since some years, but I am
almost a newbie with SSL certificates and connections. A the moment I have
a configuration with two levels:

1. A first level Nginx that operate as load balancer
2. Two second level Nginx: the first host a web site and it do not need a
SSL connection, the second hosts an Owncloud instance and it need a SSL

I am using Certbot and Let's Encrypt to generate signed certificates. A the
moment I have certificates installed in both levels and until last month
this configuration was working. After certificates renewal (every three
months) I am getting an ERR_CERT_DATE_INVALID and I can not access to
Owncloud. Only second level certificate has been renewed.

But if I try to connect directly to second level Nginx, I do not get any
error and I can access to Owncloud.

This is first level Nginx config:

upstream cloud {

upstream cloud_ssl {

server {
        listen 80 default_server;
        listen [::]:80 default_server;
        return 301 https://$server_name$request_uri;

server {
        listen 443 ssl default_server;
        listen [::]:443 ssl default_server;
        ssl on;
        include snippets/;
        include snippets/ssl-params.conf;

        error_log  /var/log/nginx/ info;
        access_log /var/log/nginx/;

        location / {
                proxy_pass https://cloud_ssl/;
                proxy_redirect default;
                proxy_set_header        X-Real-IP $remote_addr;
                proxy_set_header        X-Forwarded-For
                proxy_set_header        Host $host;

I would like to set first level Nginx to establish a SSL connection with
Owncloud without having to renew the certificates on both levels. Is it
possible? How do I have to change my config?

Thanks in advance.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list