I obtained a certificate with certbot like sudo certbot --nginx -d pvapp-2021.umwelt-campus.de.
And included the paths to the certificate to my two nginx config files (one for the frontend and one as reverse proxy for node) like:
When now making requests to my backend (e.g. logging in) I get the error: Failed to load resource: net::ERR_CERT_DATE_INVALID tho the certificate definitely is valid.
Do I need a extra certificate for my backend? If yes, how would I do this?
What else could cause the error?
Appreciate all help.
Running sudo certbot renew --dry-run failed too.
Output of sudo certbot certificates
Found the following certs:
Certificate Name: pvapp-2021.umwelt-campus.de
Expiry Date: 2021-06-06 12:54:49+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/pvapp-2021.umwelt-campus.de/fullchain.pem
Private Key Path: /etc/letsencrypt/live/pvapp-2021.umwelt-campus.de/privkey.pem
The site "pvapp-2021.umwelt-campus.de " is currently serving the valid certificate, so if you are having issues - I do not know why. Sometimes web browsers cache the old certificates and cause issues. Sometimes nginx does not restart properly, so Certbot would see the new certificate but nginx does not use it yet - but in that case, the valid certificate would not be served to the global internet like it is now.
You only need one certificate per domain. If your backend is on a different domain, it will need it's own certificate.
There could also be issues from your application's design. The domain you listed above, however, is successfully terminating SSL with a valid LetsEncrypt R3 certificate.
All right, good to know that I just need one certificate. I run the same app with self-signhed certificates (there I use one cert for the front- and one for the backend tho) on a dev Server and it's running. So the problem could rather be related to letsencrypt.
If I can provide more information, just tell me. I need this to be solved...
The error could either be generated by your proxied appserver or nginx, and has to do with the proxy_pass configuration and the appserver's configuration. That is well beyond the scope of help you'llget here..
It's impossible to tell what your "backend" is or why your chose those directives in the proxypass. I'm guessing you're trying to do websockets with nginx though (the benefits of being an nginx early adopter is being able to guess this stuff!).
If that's the case, I would try removing this directive, and have the appserver expect http traffic.
If you want the appserver to keep https traffic, then you'll have to do a bit more configuration of the proxypass and appserver settings, and ensuring they're all processing the certs correctly. You'll need to look to an nginx forum or whatever framework you built your appserver with.