When adding SSL certificate to the page and trying use command:
This is the configuration I'm using:
server { listen 80 default_server; server_name piotrzak.design; rewrite ^/(.*) permanent; listen [::]:80 default_server; server_name piotrzak.design; ssl_certificate /home/pz/piotrzak.design.chained.pem; ssl_certificate_key /home/pz/piotrzak.design.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; # SSL configuration # listen 443 ssl default_server; listen [::]:443 ssl default_server; # # Note: You should disable gzip for SSL traffic. # See: # # Read up on ssl_ciphers to ensure a secure configuration. # See: # # Self signed certs generated by the ssl-cert package # Don't use them in a production server! # # include snippets/snakeoil.conf; root /home/pz/Potfolio-v.1.0.1; # Add index.php to the list if you are using PHP index index.html index.htm index.nginx-debian.html; server_name piotrzak.design; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. autoindex on; try_files $uri $uri/ =404; root /home/pz/Portfolio-v.1.0.1; proxy_pass proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; }Where should i find solution for this type of error?
Edit:
1) Input: systemctl -l status nginx
Output:
nginx.service - A high performance web server and a reverse proxy server Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Fri 2018-08-17 19:51:40 UTC; 2h 11min ago Process: 16205 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=1/FAILURE) Process: 16481 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=1/FAILURE) Main PID: 1637 (code=exited, status=0/SUCCESS)2) Input : sudo nginx -t
Output :
nginx: [emerg] BIO_new_file("/home/sammy/piotrzak.design.chained.crt") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/home/sammy/piotrzak.design.chained.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failedThank you, this command show me where is error, i need to correct path, when i did it the next error is:
1) Input : sudo nginx -t
Output :
nginx: [emerg] PEM_read_bio_X509_AUX("/home/pz/piotrzak.design.chained.crt") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)
nginx: configuration file /etc/nginx/nginx.conf test failedEdit #2:
Hmm, currently certificate provides 4 files:
a) CSR
b) Private key
c) Intermediate certificate (Here are 4 keys)
d) SSL certificate
So, creating :
domain.key - private key
domain.pem - certificate
intermediate.pem - copy here one key from intermediate
41 Answer
The message Expecting: TRUSTED CERTIFICATE indicates a problem with the certificate file at ("/home/pz/piotrzak.design.chained.crt")
The fact that your crt file has 'chained' in the name looks like the problem.
I suggest changing the file name from crt to pem, and see if NGINX likes that better.
If that fails, does your chained file contain only the public certificate and the intermediate certificate? If not, I would try a pem with only those two certs.
3
