SSL issue

Victor Oppenheimer victor at camb.com
Mon Feb 12 00:45:22 UTC 2024 

Thanks for your response.  I'm an administrator on the computer and 
nginx is running on my account. So, it does seem likely that the problem 
is "permissions" as I have "full control" permission for the folders.

--- Victor

On 2/11/2024 5:51 PM, Thomas Ward via nginx wrote:
> I misread.  NGINX doesnt see the certs exist meaning whatever user is 
> running it doesnt have permissions. Make sure your user running NGINX 
> has access down the whole folder chain.
>
>
>
> Sent from my Galaxy
>
>
>
> -------- Original message --------
> From: Victor Oppenheimer <victor at camb.com>
> Date: 2/11/24 17:17 (GMT-05:00)
> To: Jeremy Cocks via nginx <nginx at nginx.org>
> Subject: SSL issue
>
> Thank you so much for the help you have provided me with
> nginx on my Windows 2016 server thus far.
>
> I'm now  attempting to add serving https files to my
> configuration.  Although I want to eventually support
> a number of servers being browsed for both http and https
> pages, I am starting with my oppsprops.com website.
>
> I generated an SSL certificate and private key for the website.
>
> I stored them at the following paths:
>      C:\nginx\conf\ssl\certs\oppsprops_com.crt
>      and
>      C:\nginx\conf\ssl\keys\oppsprops.com.private.key
>
> I then tried to start nginx with various versions of my
> nginx.config file with differing results as described below.
>
> I suspect that this only needs a small tweak ... but would appreciate
> some guidance in addressing the issue.
>
> Thanks,
>      Victor
>
> The following full nginx.config file with commented SSL
> configuration statements serves http:\\oppsprops.com 
> <http:\\oppsprops.com>
> successfully.
>
> # directives in the 'main' context
>
> # serves all sites http not https
> # uses Adobe Tomcat to serve PDFs which must be in proper case
>
> worker_processes auto;
> events {    # events context/block
>       # configuration of connection processing
>              }
>
>   http {    # http context specific to HTTP affecting all virtual servers
>    server_names_hash_bucket_size 64;  # avoid multiple server_Name entry
> errors
>
>    server {  # configure oppsprops server
>      listen              80;
> #    listen              443 ssl;
>      server_name oppsprops.com www.oppsprops.com 
> <http://www.oppsprops.com>;
>
> #    ssl_certificate c:/nginx/conf/ssl/certs/oppsprops_com.crt;
> #    ssl_certificate_key c:/nginx/conf/ssl/keys/oppsprops.com.private.key;
>
>      location /{  # process oppsprops domain using Adobe Tomcat
>          proxy_pass http://127.0.0.1:8080/vo/;
>          } # end of location block
>      } # end of OppsProps server block
>
>     server {    # configuration of clearwaterescapes HTTP server
>      server_name clearwaterescapes.com www.clearwaterescapes.com 
> <http://www.clearwaterescapes.com>;
>      listen 80;
>
>      # avoid errors when favicon.ico file is missing
>      location = /favicon.ico {
>          access_log off;
>          log_not_found off;
>          return 204;
>      }
>
>       location / {
>        # send http://clearwaterescapes.com to Adobe Tomcat
>        proxy_pass http://127.0.0.1:8080/vo/Clearwater/;
>        } # end of location block
>    } # end of clearwaterescapes server block
>
>    server {    # configure freshpondrentals server
>      server_name FreshPondRentals.com www.freshpondrentals.com 
> <http://www.freshpondrentals.com>;
>      listen 80;
>
>      # rewrite ^(.*)$ /$1 permanent;  # Make incoming URLs lowercase
>
>      # avoid errors when favicon.ico file is missing
>      location = /favicon.ico {
>          access_log off;
>          log_not_found off;
>          return 204;
>      }
>
>      location / {
>        # proxy freshpondrentals pages to Adobe Tomcat
>        proxy_pass http://127.0.0.1:8080/vo/camb/;
>        } # end of location block
>    } # end of freshpondrentals server block
>
>    server { # configure yogisource HTTP port 80 server
>      server_name yogisource.com www.yogisource.com 
> <http://www.yogisource.com>;
>      listen 80;
>
>      location / {
>        proxy_pass http://yogisource.com:81/;
>        } # end of location block
>
>    } # end of yogisource server block
>
> } # end of http block
>
>
> ______________________________________
> Modifying the nginx.config file above to include the following statements
> produce the following error.log file errors and nginx fails to start
>
>    server {  # configure oppsprops server
>      listen              80;
>      listen              443 ssl;
>      server_name oppsprops.com www.oppsprops.com 
> <http://www.oppsprops.com>;
>      ssl_certificate     conf/ssl/certs/oppsprops_com.crt;
>      ssl_certificate_key conf/ssl/keys/oppsprops.com.private.key;
>
> 2024/02/11 14:34:08 [emerg] 14600#11064: cannot load certificate
> "C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt": BIO_new_file() failed
> (SSL: error:02001003:system library:fopen:No such
> process:fopen('C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt','r')
> error:2006D080:BIO routines:BIO_new_file:no such file)
> 2024/02/11 14:34:10 [emerg] 9048#12520: cannot load certificate
> "C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt": BIO_new_file() failed
> (SSL: error:02001003:system library:fopen:No such
> process:fopen('C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt','r')
> error:2006D080:BIO routines:BIO_new_file:no such file)
> 2024/02/11 14:34:14 [emerg] 6620#16260: cannot load certificate
> "C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt": BIO_new_file() failed
> (SSL: error:02001003:system library:fopen:No such
> process:fopen('C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt','r')
> error:2006D080:BIO routines:BIO_new_file:no such file)
> 2024/02/11 14:34:22 [emerg] 13008#12828: cannot load certificate
> "C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt": BIO_new_file() failed
> (SSL: error:02001003:system library:fopen:No such
> process:fopen('C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt','r')
> error:2006D080:BIO routines:BIO_new_file:no such file)
> 2024/02/11 14:34:38 [emerg] 13928#1068: cannot load certificate
> "C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt": BIO_new_file() failed
> (SSL: error:02001003:system library:fopen:No such
> process:fopen('C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt','r')
> error:2006D080:BIO routines:BIO_new_file:no such file)
> 2024/02/11 14:35:10 [emerg] 3664#8660: cannot load certificate
> "C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt": BIO_new_file() failed
> (SSL: error:02001003:system library:fopen:No such
> process:fopen('C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt','r')
> error:2006D080:BIO routines:BIO_new_file:no such file)
>
>
> _________
> Modifying the nginx.config file above to include the following statements
> produces no error.log errors but fails to load the page with a browser
> error of:
>      This site can’t be reached
>      oppsprops.com refused to connect.
>
>    server {  # configure oppsprops server
>      listen              80;
>      listen              443 ssl;
>      server_name oppsprops.com www.oppsprops.com 
> <http://www.oppsprops.com>;
>      ssl_certificate     ssl/certs/oppsprops_com.crt;
>      ssl_certificate_key ssl/keys/oppsprops.com.private.key;
>
>      location /{  # process oppsprops domain using Adobe Tomcat
>          proxy_pass http://127.0.0.1:8080/vo/;
>          } # end of location block
>      } # end of OppsProps server block
>
> _________________
> Modifying the nginx.config file above to include the following statements
> also produces no error.log errors but fails to load the page with a
> browser error of:
>
>      This site can’t be reached
>      oppsprops.com refused to connect.
>
>   server {  # configure oppsprops server
>      listen              80;
>      listen              443 ssl;
>      server_name oppsprops.com www.oppsprops.com 
> <http://www.oppsprops.com>;
>      ssl_certificate     /ssl/certs/oppsprops_com.crt;
>      ssl_certificate_key /ssl/keys/oppsprops.com.private.key;
>
>      location /{  # process oppsprops domain using Adobe Tomcat
>          proxy_pass http://127.0.0.1:8080/vo/;
>          } # end of location block
>      } # end of OppsProps server block
> ______________________________
> Modifying the nginx.config file above to include the following statements
> also produces no error.log errors but fails to load the page with a
> browser error of:
>      This site can’t be reached
>      oppsprops.com refused to connect.
>
>    server {  # configure oppsprops server
>      listen              80;
>      listen              443 ssl;
>      server_name oppsprops.com www.oppsprops.com 
> <http://www.oppsprops.com>;
>
>      ssl_certificate c:/nginx/conf/ssl/certs/oppsprops_com.crt;
>      ssl_certificate_key c:/nginx/conf/ssl/keys/oppsprops.com.private.key;
>
>      location /{  # process oppsprops domain using Adobe Tomcat
>          proxy_pass http://127.0.0.1:8080/vo/;
>          } # end of location block
>      } # end of OppsProps server block
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20240211/9528c782/attachment-0001.htm>

More information about the nginx mailing list