SSL issue
Thank you so much for the help you have provided me with
nginx on my Windows 2016 server thus far.
I'm now attempting to add serving https files to my
configuration. Although I want to eventually support
a number of servers being browsed for both http and https
pages, I am starting with my oppsprops.com website.
I generated an SSL certificate and private key for the website.
I stored them at the following paths:
C:\nginx\conf\ssl\certs\oppsprops_com.crt
and
C:\nginx\conf\ssl\keys\oppsprops.com.private.key
I then tried to start nginx with various versions of my
nginx.config file with differing results as described below.
I suspect that this only needs a small tweak ... but would appreciate
some guidance in addressing the issue.
Thanks,
Victor
The following full nginx.config file with commented SSL
configuration statements serves http:\\oppsprops.com
successfully.
# directives in the 'main' context
# serves all sites http not https
# uses Adobe Tomcat to serve PDFs which must be in proper case
worker_processes auto;
events { # events context/block
# configuration of connection processing
}
http { # http context specific to HTTP affecting all virtual servers
server_names_hash_bucket_size 64; # avoid multiple server_Name entry
errors
server { # configure oppsprops server
listen 80;
# listen 443 ssl;
server_name oppsprops.com www.oppsprops.com;
# ssl_certificate c:/nginx/conf/ssl/certs/oppsprops_com.crt;
# ssl_certificate_key c:/nginx/conf/ssl/keys/oppsprops.com.private.key;
location /{ # process oppsprops domain using Adobe Tomcat
proxy_pass http://127.0.0.1:8080/vo/;
} # end of location block
} # end of OppsProps server block
server { # configuration of clearwaterescapes HTTP server
server_name clearwaterescapes.com www.clearwaterescapes.com;
listen 80;
# avoid errors when favicon.ico file is missing
location = /favicon.ico {
access_log off;
log_not_found off;
return 204;
}
location / {
# send http://clearwaterescapes.com to Adobe Tomcat
proxy_pass http://127.0.0.1:8080/vo/Clearwater/;
} # end of location block
} # end of clearwaterescapes server block
server { # configure freshpondrentals server
server_name FreshPondRentals.com www.freshpondrentals.com;
listen 80;
# rewrite ^(.*)$ /$1 permanent; # Make incoming URLs lowercase
# avoid errors when favicon.ico file is missing
location = /favicon.ico {
access_log off;
log_not_found off;
return 204;
}
location / {
# proxy freshpondrentals pages to Adobe Tomcat
proxy_pass http://127.0.0.1:8080/vo/camb/;
} # end of location block
} # end of freshpondrentals server block
server { # configure yogisource HTTP port 80 server
server_name yogisource.com www.yogisource.com;
listen 80;
location / {
proxy_pass http://yogisource.com:81/;
} # end of location block
} # end of yogisource server block
} # end of http block
__
Modifying the nginx.config file above to include the following statements
produce the following error.log file errors and nginx fails to start
server { # configure oppsprops server
listen 80;
listen 443 ssl;
server_name oppsprops.com www.oppsprops.com;
ssl_certificate conf/ssl/certs/oppsprops_com.crt;
ssl_certificate_key conf/ssl/keys/oppsprops.com.private.key;
2024/02/11 14:34:08 [emerg] 14600#11064: cannot load certificate
"C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt": BIO_new_file() failed
(SSL: error:02001003:system library:fopen:No such
process:fopen('C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt','r')
error:2006D080:BIO routines:BIO_new_file:no such file)
2024/02/11 14:34:10 [emerg] 9048#12520: cannot load certificate
"C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt": BIO_new_file() failed
(SSL: error:02001003:system library:fopen:No such
process:fopen('C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt','r')
error:2006D080:BIO routines:BIO_new_file:no such file)
2024/02/11 14:34:14 [emerg] 6620#16260: cannot load certificate
"C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt": BIO_new_file() failed
(SSL: error:02001003:system library:fopen:No such
process:fopen('C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt','r')
error:2006D080:BIO routines:BIO_new_file:no such file)
2024/02/11 14:34:22 [emerg] 13008#12828: cannot load certificate
"C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt": BIO_new_file() failed
(SSL: error:02001003:system library:fopen:No such
process:fopen('C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt','r')
error:2006D080:BIO routines:BIO_new_file:no such file)
2024/02/11 14:34:38 [emerg] 13928#1068: cannot load certificate
"C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt": BIO_new_file() failed
(SSL: error:02001003
RE: SSL issue
your SSL listen commands are commented out and so are your cert declarations.
Uncomment them and restart your nginx and see if that fixes it
Sent from my Galaxy
Original message
From: Victor Oppenheimer
Date: 2/11/24 17:17 (GMT-05:00)
To: Jeremy Cocks via nginx
Subject: SSL issue
Thank you so much for the help you have provided me with
nginx on my Windows 2016 server thus far.
I'm now attempting to add serving https files to my
configuration. Although I want to eventually support
a number of servers being browsed for both http and https
pages, I am starting with my oppsprops.com website.
I generated an SSL certificate and private key for the website.
I stored them at the following paths:
C:\nginx\conf\ssl\certs\oppsprops_com.crt
and
C:\nginx\conf\ssl\keys\oppsprops.com.private.key
I then tried to start nginx with various versions of my
nginx.config file with differing results as described below.
I suspect that this only needs a small tweak ... but would appreciate
some guidance in addressing the issue.
Thanks,
Victor
The following full nginx.config file with commented SSL
configuration statements serves http:\\oppsprops.com
successfully.
# directives in the 'main' context
# serves all sites http not https
# uses Adobe Tomcat to serve PDFs which must be in proper case
worker_processes auto;
events {# events context/block
# configuration of connection processing
}
http {# http context specific to HTTP affecting all virtual servers
server_names_hash_bucket_size 64; # avoid multiple server_Name entry
errors
server { # configure oppsprops server
listen 80;
#listen 443 ssl;
server_name oppsprops.com www.oppsprops.com;
#ssl_certificate c:/nginx/conf/ssl/certs/oppsprops_com.crt;
#ssl_certificate_key c:/nginx/conf/ssl/keys/oppsprops.com.private.key;
location /{ # process oppsprops domain using Adobe Tomcat
proxy_pass http://127.0.0.1:8080/vo/;
} # end of location block
} # end of OppsProps server block
server {# configuration of clearwaterescapes HTTP server
server_name clearwaterescapes.com
www.clearwaterescapes.com;
listen 80;
# avoid errors when favicon.ico file is missing
location = /favicon.ico {
access_log off;
log_not_found off;
return 204;
}
location / {
# send http://clearwaterescapes.com to Adobe Tomcat
proxy_pass http://127.0.0.1:8080/vo/Clearwater/;
} # end of location block
} # end of clearwaterescapes server block
server {# configure freshpondrentals server
server_name FreshPondRentals.com
www.freshpondrentals.com;
listen 80;
# rewrite ^(.*)$ /$1 permanent; # Make incoming URLs lowercase
# avoid errors when favicon.ico file is missing
location = /favicon.ico {
access_log off;
log_not_found off;
return 204;
}
location / {
# proxy freshpondrentals pages to Adobe Tomcat
proxy_pass http://127.0.0.1:8080/vo/camb/;
} # end of location block
} # end of freshpondrentals server block
server { # configure yogisource HTTP port 80 server
server_name yogisource.com www.yogisource.com;
listen 80;
location / {
proxy_pass http://yogisource.com:81/;
} # end of location block
} # end of yogisource server block
} # end of http block
__
Modifying the nginx.config file above to include the following statements
produce the following error.log file errors and nginx fails to start
server { # configure oppsprops server
listen 80;
listen 443 ssl;
server_name oppsprops.com www.oppsprops.com;
ssl_certificate conf/ssl/certs/oppsprops_com.crt;
ssl_certificate_key conf/ssl/keys/oppsprops.com.private.key;
2024/02/11 14:34:08 [emerg] 14600#11064: cannot load certificate
"C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt": BIO_new_file() failed
(SSL: error:02001003:system library:fopen:No such
process:fopen('C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt','r')
error:2006D080:BIO routines:BIO_new_file:no such file)
2024/02/11 14:34:10 [emerg] 9048#12520: cannot load certificate
"C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt": BIO_new_file() failed
(SSL: error:02001003:system library:fopen:No such
process:fopen('C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt','r')
error:2006D080:BIO routines:BIO_new_file:no such file)
2024/02/11 14:34:14 [emerg] 6620#16260: cannot load certificate
"C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt": BIO_new_file() failed
(SSL: error:02001003:system library:fopen:No such
process:fopen('C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt','r')
error:2006D080:BIO routines:
RE: SSL issue
I misread. NGINX doesnt see the certs exist meaning whatever user is running
it doesnt have permissions. Make sure your user running NGINX has access down
the whole folder chain.
Sent from my Galaxy
Original message
From: Victor Oppenheimer
Date: 2/11/24 17:17 (GMT-05:00)
To: Jeremy Cocks via nginx
Subject: SSL issue
Thank you so much for the help you have provided me with
nginx on my Windows 2016 server thus far.
I'm now attempting to add serving https files to my
configuration. Although I want to eventually support
a number of servers being browsed for both http and https
pages, I am starting with my oppsprops.com website.
I generated an SSL certificate and private key for the website.
I stored them at the following paths:
C:\nginx\conf\ssl\certs\oppsprops_com.crt
and
C:\nginx\conf\ssl\keys\oppsprops.com.private.key
I then tried to start nginx with various versions of my
nginx.config file with differing results as described below.
I suspect that this only needs a small tweak ... but would appreciate
some guidance in addressing the issue.
Thanks,
Victor
The following full nginx.config file with commented SSL
configuration statements serves http:\\oppsprops.com
successfully.
# directives in the 'main' context
# serves all sites http not https
# uses Adobe Tomcat to serve PDFs which must be in proper case
worker_processes auto;
events {# events context/block
# configuration of connection processing
}
http {# http context specific to HTTP affecting all virtual servers
server_names_hash_bucket_size 64; # avoid multiple server_Name entry
errors
server { # configure oppsprops server
listen 80;
#listen 443 ssl;
server_name oppsprops.com www.oppsprops.com;
#ssl_certificate c:/nginx/conf/ssl/certs/oppsprops_com.crt;
#ssl_certificate_key c:/nginx/conf/ssl/keys/oppsprops.com.private.key;
location /{ # process oppsprops domain using Adobe Tomcat
proxy_pass http://127.0.0.1:8080/vo/;
} # end of location block
} # end of OppsProps server block
server {# configuration of clearwaterescapes HTTP server
server_name clearwaterescapes.com
www.clearwaterescapes.com;
listen 80;
# avoid errors when favicon.ico file is missing
location = /favicon.ico {
access_log off;
log_not_found off;
return 204;
}
location / {
# send http://clearwaterescapes.com to Adobe Tomcat
proxy_pass http://127.0.0.1:8080/vo/Clearwater/;
} # end of location block
} # end of clearwaterescapes server block
server {# configure freshpondrentals server
server_name FreshPondRentals.com
www.freshpondrentals.com;
listen 80;
# rewrite ^(.*)$ /$1 permanent; # Make incoming URLs lowercase
# avoid errors when favicon.ico file is missing
location = /favicon.ico {
access_log off;
log_not_found off;
return 204;
}
location / {
# proxy freshpondrentals pages to Adobe Tomcat
proxy_pass http://127.0.0.1:8080/vo/camb/;
} # end of location block
} # end of freshpondrentals server block
server { # configure yogisource HTTP port 80 server
server_name yogisource.com www.yogisource.com;
listen 80;
location / {
proxy_pass http://yogisource.com:81/;
} # end of location block
} # end of yogisource server block
} # end of http block
__
Modifying the nginx.config file above to include the following statements
produce the following error.log file errors and nginx fails to start
server { # configure oppsprops server
listen 80;
listen 443 ssl;
server_name oppsprops.com www.oppsprops.com;
ssl_certificate conf/ssl/certs/oppsprops_com.crt;
ssl_certificate_key conf/ssl/keys/oppsprops.com.private.key;
2024/02/11 14:34:08 [emerg] 14600#11064: cannot load certificate
"C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt": BIO_new_file() failed
(SSL: error:02001003:system library:fopen:No such
process:fopen('C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt','r')
error:2006D080:BIO routines:BIO_new_file:no such file)
2024/02/11 14:34:10 [emerg] 9048#12520: cannot load certificate
"C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt": BIO_new_file() failed
(SSL: error:02001003:system library:fopen:No such
process:fopen('C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt','r')
error:2006D080:BIO routines:BIO_new_file:no such file)
2024/02/11 14:34:14 [emerg] 6620#16260: cannot load certificate
"C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt": BIO_new_file() failed
(SSL: error:02001003:system library:fopen:No such
process:fopen('C:\nginx/conf/conf/ssl/certs/oppsprops_c
Re: SSL issue
Thanks for your response. I'm an administrator on the computer and
nginx is running on my account. So, it does seem likely that the problem
is "permissions" as I have "full control" permission for the folders.
--- Victor
On 2/11/2024 5:51 PM, Thomas Ward via nginx wrote:
I misread. NGINX doesnt see the certs exist meaning whatever user is
running it doesnt have permissions. Make sure your user running NGINX
has access down the whole folder chain.
Sent from my Galaxy
Original message
From: Victor Oppenheimer
Date: 2/11/24 17:17 (GMT-05:00)
To: Jeremy Cocks via nginx
Subject: SSL issue
Thank you so much for the help you have provided me with
nginx on my Windows 2016 server thus far.
I'm now attempting to add serving https files to my
configuration. Although I want to eventually support
a number of servers being browsed for both http and https
pages, I am starting with my oppsprops.com website.
I generated an SSL certificate and private key for the website.
I stored them at the following paths:
C:\nginx\conf\ssl\certs\oppsprops_com.crt
and
C:\nginx\conf\ssl\keys\oppsprops.com.private.key
I then tried to start nginx with various versions of my
nginx.config file with differing results as described below.
I suspect that this only needs a small tweak ... but would appreciate
some guidance in addressing the issue.
Thanks,
Victor
The following full nginx.config file with commented SSL
configuration statements serves http:\\oppsprops.com
successfully.
# directives in the 'main' context
# serves all sites http not https
# uses Adobe Tomcat to serve PDFs which must be in proper case
worker_processes auto;
events { # events context/block
# configuration of connection processing
}
http { # http context specific to HTTP affecting all virtual servers
server_names_hash_bucket_size 64; # avoid multiple server_Name entry
errors
server { # configure oppsprops server
listen 80;
# listen 443 ssl;
server_name oppsprops.com www.oppsprops.com
;
# ssl_certificate c:/nginx/conf/ssl/certs/oppsprops_com.crt;
# ssl_certificate_key c:/nginx/conf/ssl/keys/oppsprops.com.private.key;
location /{ # process oppsprops domain using Adobe Tomcat
proxy_pass http://127.0.0.1:8080/vo/;
} # end of location block
} # end of OppsProps server block
server { # configuration of clearwaterescapes HTTP server
server_name clearwaterescapes.com www.clearwaterescapes.com
;
listen 80;
# avoid errors when favicon.ico file is missing
location = /favicon.ico {
access_log off;
log_not_found off;
return 204;
}
location / {
# send http://clearwaterescapes.com to Adobe Tomcat
proxy_pass http://127.0.0.1:8080/vo/Clearwater/;
} # end of location block
} # end of clearwaterescapes server block
server { # configure freshpondrentals server
server_name FreshPondRentals.com www.freshpondrentals.com
;
listen 80;
# rewrite ^(.*)$ /$1 permanent; # Make incoming URLs lowercase
# avoid errors when favicon.ico file is missing
location = /favicon.ico {
access_log off;
log_not_found off;
return 204;
}
location / {
# proxy freshpondrentals pages to Adobe Tomcat
proxy_pass http://127.0.0.1:8080/vo/camb/;
} # end of location block
} # end of freshpondrentals server block
server { # configure yogisource HTTP port 80 server
server_name yogisource.com www.yogisource.com
;
listen 80;
location / {
proxy_pass http://yogisource.com:81/;
} # end of location block
} # end of yogisource server block
} # end of http block
__
Modifying the nginx.config file above to include the following statements
produce the following error.log file errors and nginx fails to start
server { # configure oppsprops server
listen 80;
listen 443 ssl;
server_name oppsprops.com www.oppsprops.com
;
ssl_certificate conf/ssl/certs/oppsprops_com.crt;
ssl_certificate_key conf/ssl/keys/oppsprops.com.private.key;
2024/02/11 14:34:08 [emerg] 14600#11064: cannot load certificate
"C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt": BIO_new_file() failed
(SSL: error:02001003:system library:fopen:No such
process:fopen('C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt','r')
error:2006D080:BIO routines:BIO_new_file:no such file)
2024/02/11 14:34:10 [emerg] 9048#12520: cannot load certificate
"C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt": BIO_new_file() failed
(SSL: error:02001003:system library:fopen:No such
process:fopen('C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt','r')
err
Re: SSL issue
Rereading from my computer, and sorry for the partial snippet/quote,
your entire path is being prepended with `C:\nginx/conf/` so your
setting that triggers this of `conf/ssl/...` is not proper. Your
configuration root is `C:\nginx\conf` already, so either change your
configuration lines to just have `ssl/...` instead of `conf/ssl/...` or
use Full Paths to the files directly (i.e.
`C:/nginx/conf/ssl/certs/oppsprops_com.crt`) instead of relative pathing.
Thomas
On 2/11/24 19:45, Victor Oppenheimer wrote:
2024/02/11 14:34:08 [emerg] 14600#11064: cannot load certificate
"C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt": BIO_new_file() failed
(SSL: error:02001003:system library:fopen:No such
process:fopen('C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt','r')
error:2006D080:BIO routines:BIO_new_file:no such file)
2024/02/11 14:34:10 [emerg] 9048#12520: cannot load certificate
"C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt": BIO_new_file() failed
(SSL: error:02001003:system library:fopen:No such
process:fopen('C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt','r')
error:2006D080:BIO routines:BIO_new_file:no such file)
2024/02/11 14:34:14 [emerg] 6620#16260: cannot load certificate
"C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt": BIO_new_file() failed
(SSL: error:02001003:system library:fopen:No such
process:fopen('C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt','r')
error:2006D080:BIO routines:BIO_new_file:no such file)
2024/02/11 14:34:22 [emerg] 13008#12828: cannot load certificate
"C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt": BIO_new_file() failed
(SSL: error:02001003:system library:fopen:No such
process:fopen('C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt','r')
error:2006D080:BIO routines:BIO_new_file:no such file)
2024/02/11 14:34:38 [emerg] 13928#1068: cannot load certificate
"C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt": BIO_new_file() failed
(SSL: error:02001003:system library:fopen:No such
process:fopen('C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt','r')
error:2006D080:BIO routines:BIO_new_file:no such file)
2024/02/11 14:35:10 [emerg] 3664#8660: cannot load certificate
"C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt": BIO_new_file() failed
(SSL: error:02001003:system library:fopen:No such
process:fopen('C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt','r')
error:2006D080:BIO routines:BIO_new_file:no such file)
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
