Nginx serving self-signed cert instead of the one defined in conf

Tue, 11 Aug 2015 10:28:07 -0700 

Hello,

I'm facing a strange issue since I upgraded from Nginx 1.6.2 to 1.8.0. My
configuration files have been kept identicals, as well as my official SSL
certificates.

The problem is Nginx keeps on serving a self-signed certificate (dunno where
it takes it from) instead of my proper certificates that I defined in the
config file. Here's the server section SSL config bits :

------------------------------------------------------------------------------------
server {
        listen   443 ssl; ## listen for ipv4; this line is default and implied
        #listen   [::]:80 default_server ipv6only=on; ## listen for ipv6

        server_name my_fqdn;

        ssl_certificate /etc/nginx/ssl/gandi/my_fqdn.crt;
        ssl_certificate_key /etc/nginx/ssl/gandi/my_fqdn.key;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers 'AES256+EECDH:AES256+EDH';
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:10m;

        ...
------------------------------------------------------------------------------------

This configuration works fine on my other server with nginx 1.6.2.

I tried to increase error log to the debug level, but I get stricly no error
message when starting Nginx (I was hoping for some clue like "nginx cannot
read the file / path of the defined certs .... but nothing).

The config file checks is fine :
------------------------------------------------------------------------------------
sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
------------------------------------------------------------------------------------

Example with openssl client :

------------------------------------------------------------------------------------
openssl s_client -connect myfqdn:443
CONNECTED(00000003)
depth=0 C = EU, ST = NoWhere, O = Internet Widgits Pty Ltd, CN = myfqdn
verify error:num=18:self signed certificate
verify return:1
depth=0 C = EU, ST = NoWhere, O = Internet Widgits Pty Ltd, CN = myfqdn
verify return:1
---
Certificate chain
 0 s:/C=EU/ST=NoWhere/O=Internet Widgits Pty Ltd/CN=myfqdn
   i:/C=EU/ST=NoWhere/O=Internet Widgits Pty Ltd/CN=myfqdn
---
Server certificate
etc....
------------------------------------------------------------------------------------

I'm lost. Any help is welcomed !

Regards,
Arno

Posted at Nginx Forum: 
http://forum.nginx.org/read.php?2,260935,260935#msg-260935

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply via email to