Certificate Error
Software Info
softwareinfojam at gmail.com
Thu Dec 15 03:02:04 UTC 2022
Hi All,
I would really appreciate some help with this sticky problem. I am
using nginx as a reverse proxy. I have version 1.20.1 running on
FreeBSD 13.1. Today I set up for a new domain. I got a wildcard
certificate for mydomain.com from GoDaddy. I put the paths in
nginx.conf but when I run nginx -t
I get the following error: nginx:
[emerg] SSL_CTX_use_PrivateKey("/usr/local/etc/nginx/ssl/domain.com.key")
failed (SSL: error:0B080074:x509 certificate
routines:X509_check_private_key:key values mismatch)
nginx: configuration file /usr/local/etc/nginx /nginx.conf test failed
When I ran the test below to check the Public and Private keys, I get
back the same checksum so I guess the Certs must be ok.
# openssl rsa -modulus -in domain.com.key -noout | md5sum
# openssl x509 -modulus -in domain.com.crt -noout | md5sum
This is the relevant section in my nginx.conf
server {
if ($country_access = no) {
return 403;
}
listen 443 ssl http2;
server_tokens off;
more_clear_headers Server;
server_name this.domain.com;
ssl_certificate ssl/gd_bundle-g2-g1.crt;
ssl_certificate_key ssl/domain.com.key;
ssl_dhparam ssl/dhparams.pem;
ssl_ecdh_curve secp384r1;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate ssl/domain.com.crt;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 10s;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers
'EECDH+AESGCM:EDH+AESGCM:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA38
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 1h;
ssl_session_tickets off;
add_header Strict-Transport-Security
"max-age=31536000;includeSubDomains" always;
access_log /var/log/nginx/access.log main;
log_not_found on;
}
More information about the nginx
mailing list