so last weekend I updated and upgraded the severs. In order for the server to keep the updates I had to upgrade the server. Upon doing so it erased my nginx configuration. I had set it up again However, I clearly missed a step. What did I do wrong?
when I do nginx -t
I get this: ginx: [emerg] cannot load certificate “/etc/nginx/certificate/nginx-certificate.crt”: PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) nginx: configuration file /etc/nginx/nginx.conf test failed
We don’t have ssl certificates yet. BUt by next weekend we should have them.
This is my nginx configuration (we are gonna use wild card certificates)
server {
listen 80;
listen [::]:80;
server_name *.kosherup.xyz;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_certificate /etc/nginx/certificate/nginx-certificate.crt;
ssl_certificate_key /etc/nginx/certificate/nginx.key;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
root /var/www/api.kosherup.xyz/html;
index index.html index.htm index.nginx-debian.html;
server_name *.kosherup.xyz;
location /socket.io {
proxy_pass http://localhost:4000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}
location /v1 {
proxy_pass http://localhost:4000;
}
}
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Hi there,
It looks like the
/etc/nginx/certificate/nginx-certificate.crt
and the certificate key are missing. You would need to go to your SSL vendor and get your SSL key and certificate and add them to your server in each cert file respectively.In the meantime, what you could do is configure your Nginx so that it could handle HTTP traffic by removing the server block for port 443 and updating the one for port 80:
Alternatively, if you don’t have your SSL certificate files, what you could do is use the above server block and then issue a new SSL by using Let’s Encrypt:
https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04
Let me know how it goes!
Best,
Bobby