Using $host variable in ssl_certificate path
dimitre
nginx-forum at forum.nginx.org
Wed Oct 20 17:27:50 UTC 2021
I'm now using Nginx 1.21.
I've noticed Nginx actually runs with variable in ssl certificate path, but
the certificate itself doesn't run.
ssl_certificate /etc/letsencrypt/live/$host/fullchain.pem; # managed by
Certbot
ssl_certificate_key /etc/letsencrypt/live/$host/privkey.pem; # managed by
Certbot
I double checked the $host variable using a special header and curl, to know
if $host variable is the exact value of my folder there, and it is correct.
add_header X-Host $host;
Now checking Nginx error.log it indicates maybe it is because file
permissions
2021/10/20 17:16:07 [error] 2408#2408: *412 cannot load certificate
"/etc/letsencrypt/live/XXXXX/fullchain.pem": BIO_new_file() failed (SSL:
error:0200100D:system library:fopen:Permission
denied:fopen('/etc/letsencrypt/live/XXXX/fullchain.pem','r')
error:2006D002:BIO routines:BIO_new_file:system lib) while SSL handshaking,
client: 54.236.1.11, server: 0.0.0.0:443
But strangely enough it runs OK if I don't use the $host variable. I would
like to keep permissions so when Certbot updates I don't have any
surprises.
Thanks
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,292653,292656#msg-292656
More information about the nginx
mailing list