Nginx serving self-signed cert instead of the one defined in conf
Maxim Dounin
mdounin at mdounin.ru
Tue Aug 11 17:59:59 UTC 2015
Hello!
On Tue, Aug 11, 2015 at 01:27:23PM -0400, Arno0x0x wrote:
> Hello,
>
> I'm facing a strange issue since I upgraded from Nginx 1.6.2 to 1.8.0. My
> configuration files have been kept identicals, as well as my official SSL
> certificates.
>
> The problem is Nginx keeps on serving a self-signed certificate (dunno where
> it takes it from) instead of my proper certificates that I defined in the
> config file. Here's the server section SSL config bits :
>
> ------------------------------------------------------------------------------------
> server {
> listen 443 ssl; ## listen for ipv4; this line is default and implied
> #listen [::]:80 default_server ipv6only=on; ## listen for ipv6
>
> server_name my_fqdn;
>
> ssl_certificate /etc/nginx/ssl/gandi/my_fqdn.crt;
> ssl_certificate_key /etc/nginx/ssl/gandi/my_fqdn.key;
> ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
> ssl_ciphers 'AES256+EECDH:AES256+EDH';
> ssl_prefer_server_ciphers on;
> ssl_session_cache shared:SSL:10m;
>
> ...
> ------------------------------------------------------------------------------------
>
> This configuration works fine on my other server with nginx 1.6.2.
The configuration snippet you've provided is just a snippet for a
single server block, not a full configuration. Depending on other
server{} blocks it may or may not work.
Most notably, the "listen" directive doesn't have "default_server"
parameter. That is, if there is another server{} block defined
for the same listening socket in the configuration, it may be used
as a default one instead (assuming that server is defined first).
Try looking into your full configuration, nginx.conf. When
questions arise, it usally means that the configuration contains
something like "include /path/to/files/*.conf;" - and you have to
examine all files matching a given mask.
--
Maxim Dounin
http://nginx.org/
More information about the nginx
mailing list