Certificate Error

lists lists at lazygranch.com
Thu Dec 15 03:55:07 UTC 2022


You can inspect the certificate at

https://www.ssllabs.com/ssltest/

Maybe you will get lucky and it will help you find out what is wrong. 





	  Original Message  	


From: softwareinfojam at gmail.com
Sent: December 14, 2022 7:02 PM
To: nginx at nginx.org
Reply-to: nginx at nginx.org
Subject: Certificate Error


Hi All,
I would really appreciate some help with this sticky problem. I am
using nginx as a reverse proxy. I have version 1.20.1 running on
FreeBSD 13.1. Today I set up for a new domain. I got a wildcard
certificate for mydomain.com from GoDaddy. I put the paths in
nginx.conf but when I run nginx -t
I get the following error: nginx:
[emerg] SSL_CTX_use_PrivateKey("/usr/local/etc/nginx/ssl/domain.com.key")
failed (SSL: error:0B080074:x509 certificate
routines:X509_check_private_key:key values mismatch)
nginx: configuration file /usr/local/etc/nginx /nginx.conf test failed

When I ran the test below to check the Public and Private keys, I get
back the same checksum so I guess the Certs must be ok.
# openssl rsa -modulus -in domain.com.key -noout | md5sum
# openssl x509 -modulus -in domain.com.crt -noout | md5sum

This is the relevant section in my nginx.conf
   server {
         if ($country_access = no) {
         return 403;
         }
         listen 443 ssl http2;
         server_tokens off;
         more_clear_headers Server;
         server_name this.domain.com;
         ssl_certificate ssl/gd_bundle-g2-g1.crt;
         ssl_certificate_key ssl/domain.com.key;
         ssl_dhparam ssl/dhparams.pem;
         ssl_ecdh_curve secp384r1;
         ssl_stapling on;
         ssl_stapling_verify on;
         ssl_trusted_certificate ssl/domain.com.crt;
         resolver 8.8.8.8 8.8.4.4 valid=300s;
         resolver_timeout 10s;
         ssl_protocols TLSv1.3 TLSv1.2;
         ssl_prefer_server_ciphers on;
         ssl_ciphers
'EECDH+AESGCM:EDH+AESGCM:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA38
         ssl_session_cache shared:SSL:1m;
         ssl_session_timeout 1h;
         ssl_session_tickets off;
         add_header Strict-Transport-Security
"max-age=31536000;includeSubDomains" always;
         access_log /var/log/nginx/access.log main;
         log_not_found on;
        }
_______________________________________________
nginx mailing list
nginx at nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx


More information about the nginx mailing list