Question

UPdating the servers Erased Nginx and caused issues, please help

so last weekend I updated and upgraded the severs. In order for the server to keep the updates I had to upgrade the server. Upon doing so it erased my nginx configuration. I had set it up again However, I clearly missed a step. What did I do wrong?

when I do nginx -t

I get this: ginx: [emerg] cannot load certificate “/etc/nginx/certificate/nginx-certificate.crt”: PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) nginx: configuration file /etc/nginx/nginx.conf test failed

We don’t have ssl certificates yet. BUt by next weekend we should have them.

This is my nginx configuration (we are gonna use wild card certificates)

server {
        listen 80;
        listen [::]:80;
        server_name *.kosherup.xyz;
        return 301 https://$host$request_uri;
}


server {
        listen 443 ssl default_server;
        listen [::]:443 ssl default_server;

        ssl_certificate /etc/nginx/certificate/nginx-certificate.crt;
        ssl_certificate_key /etc/nginx/certificate/nginx.key;

		ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
  		ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
  		ssl_prefer_server_ciphers on;

        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

        root /var/www/api.kosherup.xyz/html;

        index index.html index.htm index.nginx-debian.html;
        server_name *.kosherup.xyz;

        location /socket.io {
            proxy_pass http://localhost:4000;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
            proxy_set_header Host $host;
        }

        location /v1 {
                    proxy_pass http://localhost:4000;
           }
}


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Hi there,

It looks like the /etc/nginx/certificate/nginx-certificate.crt and the certificate key are missing. You would need to go to your SSL vendor and get your SSL key and certificate and add them to your server in each cert file respectively.

In the meantime, what you could do is configure your Nginx so that it could handle HTTP traffic by removing the server block for port 443 and updating the one for port 80:

server {
        listen 80;
        listen [::]:80;


        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

        root /var/www/api.kosherup.xyz/html;

        index index.html index.htm index.nginx-debian.html;
        server_name *.kosherup.xyz;

        location /socket.io {
            proxy_pass http://localhost:4000;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
            proxy_set_header Host $host;
        }

        location /v1 {
                    proxy_pass http://localhost:4000;
           }
}

Alternatively, if you don’t have your SSL certificate files, what you could do is use the above server block and then issue a new SSL by using Let’s Encrypt:

https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04

Let me know how it goes!

Best,

Bobby