Hi! First of all, thanks for this amazing community!
I am having an issue that on last week our domain certificate expired. We renewed it and everything is alright when it comes to accessing the website using a browser. But when accessing a POST request from our second server, or even through a Cron curl request originating from the application server itself, I need to the request ignoring the certificate.
On Axios I need to pass rejectUnauthorized: true, and on Curl CLI request I need to pass the -k or --insecure param so it ignore the certificate.
Ignoring the certificate, everything works fine, but I don't feel like this is the correct solution. Before the certificate renewall this was not an issue, that's why I'm concerned about.
I'm using certbot 2.3.0, and Ubuntu 22.04.1 LTS
Nginx version: nginx/1.18.0 (Ubuntu)
I can login to a root shell on my machine: yes
Good eye and it might just be the Securi firewall cert is wrong. But, it's possible Securi is just a pass-thru for "normal" http(s) requests and the nginx is also involved.
curl -Ik https://[redacted]
HTTP/2 200
server: nginx
x-sucuri-cache: MISS
Whereas a "faulty" http(s) request gets this
HTTP/1.1 400 Bad Request
Server: Sucuri/Cloudproxy
The issue was exactly what you guys found. My domain is behind an Anti-DDoS and firewall service named Sucuri. Everything was well set on my nginx, but when I renewed the certificate, I uploaded the cert.pem file in Sucuri settings. I thought it would be sufficient, but now reading your answers I could find that I should have uploaded the fullchain.pem, as Sucuri is on the middle. I just uploaded the correct pem file on Sucuri and everything is working without the need of ignoring the certificate now!