<div dir="ltr"><div class="gmail_default" style="font-size:small;color:rgb(51,51,153)">Out of thin air, I suspect it is a certificate problem.<br></div><div class="gmail_default" style="font-size:small;color:rgb(51,51,153)">You seem to have configured *the same* certificate (and private key) for those 2 domains. Since certificates are generally tied to a single domain, that could explain errors.<br><br></div><div class="gmail_default" style="font-size:small;color:rgb(51,51,153)">Another idea: have you checked nginx has been built with SNI support and you client also supports it? Problems with SNI would mean the default server certificate (since you did not define a default server for your IP address/port pair, nginx would pick up the first block containing a 'listen' directive configured for it) would be presented whatever domain you are trying to access, ending up with certificate/domain mismatch.<br></div><div class="gmail_default" style="font-size:small;color:rgb(51,51,153)">See <a href="http://nginx.org/en/docs/http/configuring_https_servers.html">http://nginx.org/en/docs/http/configuring_https_servers.html</a>.<br></div><div class="gmail_extra"><div><div class="gmail_signature"><font size="1"><span style="color:rgb(102,102,102)">---<br></span><b><span style="color:rgb(102,102,102)">B. R.</span></b><span style="color:rgb(102,102,102)"></span></font></div></div>
<br><div class="gmail_quote">On Sun, Jul 12, 2015 at 6:33 PM, flechamobile <span dir="ltr"><<a href="mailto:nginx-forum@nginx.us" target="_blank">nginx-forum@nginx.us</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I found myself with the same problem and found the cause (and obvious<br>
solution).<br>
<br>
On my nginx server I run various website and they all have their own server<br>
{} config block in separate files under 'sites-available' folder.<br>
Some sites are on different IP's and some are on the same IP.<br>
<br>
Now the cause of the problem was because I'd had set 2 server blocks<br>
listening on the same IP on SSL for different server_names like so:<br>
<br>
server {<br>
listen <a href="http://37.230.101.215:443" rel="noreferrer" target="_blank">37.230.101.215:443</a> ssl spdy;<br>
server_name <a href="http://www.domain1.com" rel="noreferrer" target="_blank">www.domain1.com</a> *.<a href="http://domain1.com" rel="noreferrer" target="_blank">domain1.com</a>;<br>
<br>
ssl on;<br>
ssl_certificate /etc/ssl/cert.crt;<br>
ssl_certificate_key /etc/ssl/key.key;<br>
ssl_session_cache shared:SSL:10m;<br>
ssl_session_timeout 10m;<br>
<br>
..etc<br>
}<br>
<br>
and for another site the same:<br>
<br>
server {<br>
listen <a href="http://37.230.101.215:443" rel="noreferrer" target="_blank">37.230.101.215:443</a> ssl spdy;<br>
server_name <a href="http://www.domain2.com" rel="noreferrer" target="_blank">www.domain2.com</a> *.<a href="http://domain2.com" rel="noreferrer" target="_blank">domain2.com</a>;<br>
<br>
ssl on;<br>
ssl_certificate /etc/ssl/cert.crt;<br>
ssl_certificate_key /etc/ssl/key.key;<br>
ssl_session_cache shared:SSL:10m;<br>
ssl_session_timeout 10m;<br>
<br>
..etc<br>
}<br>
<br>
When you do this it gives the exact same error as this thread is about..<br>
might be something to check.<br>
<br>
Posted at Nginx Forum: <a href="http://forum.nginx.org/read.php?2,256373,260227#msg-260227" rel="noreferrer" target="_blank">http://forum.nginx.org/read.php?2,256373,260227#msg-260227</a><br>
<br>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx</a><br>
</blockquote></div><br></div></div>