I’m facing a strange issue since I upgraded from Nginx 1.6.2 to 1.8.0.
My
configuration files have been kept identicals, as well as my official
SSL
certificates.
The problem is Nginx keeps on serving a self-signed certificate (dunno
where
it takes it from) instead of my proper certificates that I defined in
the
config file. Here’s the server section SSL config bits :
server {
listen 443 ssl; ## listen for ipv4; this line is default and implied #listen [::]:80 default_server ipv6only=on; ## listen for ipv6
This configuration works fine on my other server with nginx 1.6.2.
I tried to increase error log to the debug level, but I get stricly no
error
message when starting Nginx (I was hoping for some clue like "nginx
cannot
read the file / path of the defined certs … but nothing).
The config file checks is fine :
sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Example with openssl client :
openssl s_client -connect myfqdn:443
CONNECTED(00000003)
depth=0 C = EU, ST = NoWhere, O = Internet Widgits Pty Ltd, CN = myfqdn
verify error:num=18:self signed certificate
verify return:1
depth=0 C = EU, ST = NoWhere, O = Internet Widgits Pty Ltd, CN = myfqdn
verify return:1
This configuration works fine on my other server with nginx 1.6.2.
The configuration snippet you’ve provided is just a snippet for a
single server block, not a full configuration. Depending on other
server{} blocks it may or may not work.
Most notably, the “listen” directive doesn’t have “default_server”
parameter. That is, if there is another server{} block defined
for the same listening socket in the configuration, it may be used
as a default one instead (assuming that server is defined first).
Try looking into your full configuration, nginx.conf. When
questions arise, it usally means that the configuration contains
something like “include /path/to/files/*.conf;” - and you have to
examine all files matching a given mask.
Thanks for your answer. Alas ! I check all config files in my /etc/nginx
directory, there’s only one containing the server{} directive (for the
sake
of it, I added the default_server to the listen directive, but it
doesn’t
change anything) :
sites-available/myfqdn:# server {
sites-available/myfqdn:server {
sites-available/myfqdn: listen 443 ssl default_server; ## listen for
ipv4;
this line is default and implied
sites-available/lmyfqdn: #listen [::]:80 default_server ipv6only=on;
listen for ipv6
sites-available/myfqdn: server_name myfqdn;
sites-available/myfqdn: ssl_prefer_server_ciphers on;
sites-available/myfqdn: # redirect server error pages to the static
page
/50x.html
Could it be possible that nginx reads some other config files from
another
location than /etc/nginx ?
What are my other options (some more debug info would be useful to check
where nginx gets its config from).
