Can't login to the website after installing certificate successfully

My domain is: example.cloud

I ran this command: N/A

It produced this output: N/A

My web server is (include version): nginx/1.16.1

The operating system my web server runs on is (include version): CentOS Linux release 7.5.1804 (Core)

My hosting provider, if applicable, is: Azure

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 1.7.0

I just installed the LetsEncrypt certificate successfully as you can see. The static pages are working fine but whenever I try to login, the API hits an error in the Safari console log with this “Failed to load resource: The certificate for this server is invalid. You might be connecting to a server that is pretending to be “api.example.cloud”, which could put your confidential information at risk.

On Chrome, I see this in the console:
POST https://api.example.cloud/apis/v1/login net::ERR_CERT_COMMON_NAME_INVALID

This is how my nginx.conf looks like:
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/

user root;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
#include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    #include /etc/nginx/conf.d/*.conf;

    server {
        #listen       80;
        #listen       [::]:80;
        server_name  api.example.cloud www.api.example.cloud;
        proxy_read_timeout 600s;
        location /apis/media/images {
           #add_header Access-Control-Allow-Origin *;
           alias /home/example_PROD/Images/;
        }

        location / {
                proxy_pass http://127.0.0.1:10000/;
        }

    #listen [::]:443 ssl ipv6only=on; # managed by Certbot
    #listen 443 ssl; # managed by Certbot
    #ssl_certificate /etc/letsencrypt/live/example.cloud/fullchain.pem; # managed by Certbot
    #ssl_certificate_key /etc/letsencrypt/live/example.cloud/privkey.pem; # managed by Certbot
    #include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    #ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    }


    server {
        server_name  example.cloud;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
	    try_files $uri /index.html;
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    
    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.cloud/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.cloud/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

# Settings for a TLS enabled server.
#
#    server {
#        listen       443 ssl http2 default_server;
#        listen       [::]:443 ssl http2 default_server;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        ssl_certificate "/etc/pki/nginx/server.crt";
#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
#        ssl_session_cache shared:SSL:1m;
#        ssl_session_timeout  10m;
#        ssl_ciphers HIGH:!aNULL:!MD5;
#        ssl_prefer_server_ciphers on;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        location / {
#        }
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
#    }




    server {
    server_name www.example.cloud; # managed by Certbot
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
	    try_files $uri /index.html;
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    
    listen [::]:443 ssl ; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.cloud/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.cloud/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot



}


    server {
    if ($host = example.cloud) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  example.cloud;
    return 404; # managed by Certbot


}


    server {
    if ($host = www.example.cloud) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        listen       80 ;
        listen       [::]:80 ;
    server_name www.example.cloud;
    return 404; # managed by Certbot


}}

Hi @aningbo

the result is expected.

There is no port 443 server block with api.weme.cloud.

So the standard server block with the wrong certificate is used.

And checking your domain - https://check-your-website.server-daten.de/?q=api.weme.cloud#ct-logs - there is no certificate created.

Why is there

a #? So the listen doesn’t work.

  • Create a working port 80 vHost, test it with a special index file to see, if that (and not the standard) server block answers
  • if yes, create one certificate with both domain names and install it.

No. Looks like you have only created a certificate with your main domain, not with your api subdomain.

2 Likes

Thank you @JuergenAuer. I was testing and added # to both the listen. I’ll remove it.

Since I created a certificate for example.cloud and www.example.cloud and not for api.example.cloud, can I go ahead and follow this tutorial and install it for api.example.cloud and www.api.example.cloud in the current state? If not, kindly let me know the steps.

Tutorial I used: https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-centos-7

Please: I can’t know that.

  • Your configuration may be buggy
  • The tutorial may be wrong
  • The tutorial may not work with your configuration
  • You are doing something wrong

Conclusion: It’s your job to try it and it’s your job to use the correct documentation.

1 Like

Got it working finally. Thanks to you for pointing out :slight_smile:

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.