<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from text --><style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style>
</head>
<body>
<div dir="auto">
<div dir="auto">I misread. NGINX doesnt see the certs exist meaning whatever user is running it doesnt have permissions. Make sure your user running NGINX has access down the whole folder chain.</div>
<div dir="auto"><br>
</div>
<div dir="auto"><br>
</div>
<div dir="auto"><br>
</div>
<div id="x_composer_signature" dir="auto">
<div dir="auto" style="font-size:12px; color:#575757">Sent from my Galaxy</div>
</div>
<div dir="auto"><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>-------- Original message --------</div>
<div>From: Victor Oppenheimer <victor@camb.com> </div>
<div>Date: 2/11/24 17:17 (GMT-05:00) </div>
<div>To: Jeremy Cocks via nginx <nginx@nginx.org> </div>
<div>Subject: SSL issue </div>
<div><br>
</div>
</div>
<font size="2"><span style="font-size:11pt;">
<div class="PlainText">Thank you so much for the help you have provided me with<br>
nginx on my Windows 2016 server thus far.<br>
<br>
I'm now attempting to add serving https files to my<br>
configuration. Although I want to eventually support<br>
a number of servers being browsed for both http and https<br>
pages, I am starting with my oppsprops.com website.<br>
<br>
I generated an SSL certificate and private key for the website.<br>
<br>
I stored them at the following paths:<br>
C:\nginx\conf\ssl\certs\oppsprops_com.crt<br>
and<br>
C:\nginx\conf\ssl\keys\oppsprops.com.private.key<br>
<br>
I then tried to start nginx with various versions of my<br>
nginx.config file with differing results as described below.<br>
<br>
I suspect that this only needs a small tweak ... but would appreciate<br>
some guidance in addressing the issue.<br>
<br>
Thanks,<br>
Victor<br>
<br>
The following full nginx.config file with commented SSL<br>
configuration statements serves <a href="http:\\oppsprops.com">http:\\oppsprops.com</a><br>
successfully.<br>
<br>
# directives in the 'main' context<br>
<br>
# serves all sites http not https<br>
# uses Adobe Tomcat to serve PDFs which must be in proper case<br>
<br>
worker_processes auto;<br>
events { # events context/block<br>
# configuration of connection processing<br>
}<br>
<br>
http { # http context specific to HTTP affecting all virtual servers<br>
server_names_hash_bucket_size 64; # avoid multiple server_Name entry <br>
errors<br>
<br>
server { # configure oppsprops server<br>
listen 80;<br>
# listen 443 ssl;<br>
server_name oppsprops.com <a href="http://www.oppsprops.com">www.oppsprops.com</a>;<br>
<br>
# ssl_certificate c:/nginx/conf/ssl/certs/oppsprops_com.crt;<br>
# ssl_certificate_key c:/nginx/conf/ssl/keys/oppsprops.com.private.key;<br>
<br>
location /{ # process oppsprops domain using Adobe Tomcat<br>
proxy_pass <a href="http://127.0.0.1:8080/vo/">http://127.0.0.1:8080/vo/</a>;<br>
} # end of location block<br>
} # end of OppsProps server block<br>
<br>
server { # configuration of clearwaterescapes HTTP server<br>
server_name clearwaterescapes.com <a href="http://www.clearwaterescapes.com">
www.clearwaterescapes.com</a>;<br>
listen 80;<br>
<br>
# avoid errors when favicon.ico file is missing<br>
location = /favicon.ico {<br>
access_log off;<br>
log_not_found off;<br>
return 204;<br>
}<br>
<br>
location / {<br>
# send <a href="http://clearwaterescapes.com">http://clearwaterescapes.com</a> to Adobe Tomcat<br>
proxy_pass <a href="http://127.0.0.1:8080/vo/Clearwater/">http://127.0.0.1:8080/vo/Clearwater/</a>;<br>
} # end of location block<br>
} # end of clearwaterescapes server block<br>
<br>
server { # configure freshpondrentals server<br>
server_name FreshPondRentals.com <a href="http://www.freshpondrentals.com">www.freshpondrentals.com</a>;<br>
listen 80;<br>
<br>
# rewrite ^(.*)$ /$1 permanent; # Make incoming URLs lowercase<br>
<br>
# avoid errors when favicon.ico file is missing<br>
location = /favicon.ico {<br>
access_log off;<br>
log_not_found off;<br>
return 204;<br>
}<br>
<br>
location / {<br>
# proxy freshpondrentals pages to Adobe Tomcat<br>
proxy_pass <a href="http://127.0.0.1:8080/vo/camb/">http://127.0.0.1:8080/vo/camb/</a>;<br>
} # end of location block<br>
} # end of freshpondrentals server block<br>
<br>
server { # configure yogisource HTTP port 80 server<br>
server_name yogisource.com <a href="http://www.yogisource.com">www.yogisource.com</a>;<br>
listen 80;<br>
<br>
location / {<br>
proxy_pass <a href="http://yogisource.com:81/">http://yogisource.com:81/</a>;<br>
} # end of location block<br>
<br>
} # end of yogisource server block<br>
<br>
} # end of http block<br>
<br>
<br>
______________________________________<br>
Modifying the nginx.config file above to include the following statements<br>
produce the following error.log file errors and nginx fails to start<br>
<br>
server { # configure oppsprops server<br>
listen 80;<br>
listen 443 ssl;<br>
server_name oppsprops.com <a href="http://www.oppsprops.com">www.oppsprops.com</a>;<br>
ssl_certificate conf/ssl/certs/oppsprops_com.crt;<br>
ssl_certificate_key conf/ssl/keys/oppsprops.com.private.key;<br>
<br>
2024/02/11 14:34:08 [emerg] 14600#11064: cannot load certificate <br>
"C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt": BIO_new_file() failed <br>
(SSL: error:02001003:system library:fopen:No such <br>
process:fopen('C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt','r') <br>
error:2006D080:BIO routines:BIO_new_file:no such file)<br>
2024/02/11 14:34:10 [emerg] 9048#12520: cannot load certificate <br>
"C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt": BIO_new_file() failed <br>
(SSL: error:02001003:system library:fopen:No such <br>
process:fopen('C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt','r') <br>
error:2006D080:BIO routines:BIO_new_file:no such file)<br>
2024/02/11 14:34:14 [emerg] 6620#16260: cannot load certificate <br>
"C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt": BIO_new_file() failed <br>
(SSL: error:02001003:system library:fopen:No such <br>
process:fopen('C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt','r') <br>
error:2006D080:BIO routines:BIO_new_file:no such file)<br>
2024/02/11 14:34:22 [emerg] 13008#12828: cannot load certificate <br>
"C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt": BIO_new_file() failed <br>
(SSL: error:02001003:system library:fopen:No such <br>
process:fopen('C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt','r') <br>
error:2006D080:BIO routines:BIO_new_file:no such file)<br>
2024/02/11 14:34:38 [emerg] 13928#1068: cannot load certificate <br>
"C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt": BIO_new_file() failed <br>
(SSL: error:02001003:system library:fopen:No such <br>
process:fopen('C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt','r') <br>
error:2006D080:BIO routines:BIO_new_file:no such file)<br>
2024/02/11 14:35:10 [emerg] 3664#8660: cannot load certificate <br>
"C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt": BIO_new_file() failed <br>
(SSL: error:02001003:system library:fopen:No such <br>
process:fopen('C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt','r') <br>
error:2006D080:BIO routines:BIO_new_file:no such file)<br>
<br>
<br>
_________<br>
Modifying the nginx.config file above to include the following statements<br>
produces no error.log errors but fails to load the page with a browser<br>
error of:<br>
This site can’t be reached<br>
oppsprops.com refused to connect.<br>
<br>
server { # configure oppsprops server<br>
listen 80;<br>
listen 443 ssl;<br>
server_name oppsprops.com <a href="http://www.oppsprops.com">www.oppsprops.com</a>;<br>
ssl_certificate ssl/certs/oppsprops_com.crt;<br>
ssl_certificate_key ssl/keys/oppsprops.com.private.key;<br>
<br>
location /{ # process oppsprops domain using Adobe Tomcat<br>
proxy_pass <a href="http://127.0.0.1:8080/vo/">http://127.0.0.1:8080/vo/</a>;<br>
} # end of location block<br>
} # end of OppsProps server block<br>
<br>
_________________<br>
Modifying the nginx.config file above to include the following statements<br>
also produces no error.log errors but fails to load the page with a<br>
browser error of:<br>
<br>
This site can’t be reached<br>
oppsprops.com refused to connect.<br>
<br>
server { # configure oppsprops server<br>
listen 80;<br>
listen 443 ssl;<br>
server_name oppsprops.com <a href="http://www.oppsprops.com">www.oppsprops.com</a>;<br>
ssl_certificate /ssl/certs/oppsprops_com.crt;<br>
ssl_certificate_key /ssl/keys/oppsprops.com.private.key;<br>
<br>
location /{ # process oppsprops domain using Adobe Tomcat<br>
proxy_pass <a href="http://127.0.0.1:8080/vo/">http://127.0.0.1:8080/vo/</a>;<br>
} # end of location block<br>
} # end of OppsProps server block<br>
______________________________<br>
Modifying the nginx.config file above to include the following statements<br>
also produces no error.log errors but fails to load the page with a<br>
browser error of:<br>
This site can’t be reached<br>
oppsprops.com refused to connect.<br>
<br>
server { # configure oppsprops server<br>
listen 80;<br>
listen 443 ssl;<br>
server_name oppsprops.com <a href="http://www.oppsprops.com">www.oppsprops.com</a>;<br>
<br>
ssl_certificate c:/nginx/conf/ssl/certs/oppsprops_com.crt;<br>
ssl_certificate_key c:/nginx/conf/ssl/keys/oppsprops.com.private.key;<br>
<br>
location /{ # process oppsprops domain using Adobe Tomcat<br>
proxy_pass <a href="http://127.0.0.1:8080/vo/">http://127.0.0.1:8080/vo/</a>;<br>
} # end of location block<br>
} # end of OppsProps server block<br>
_______________________________________________<br>
nginx mailing list<br>
nginx@nginx.org<br>
<a href="https://mailman.nginx.org/mailman/listinfo/nginx">https://mailman.nginx.org/mailman/listinfo/nginx</a><br>
</div>
</span></font>
</body>
</html>