Letsencrypt certificate is not valid

I generated a certificate ( dehydrated) for mywebsite the last week and it was working. Suddenly, yesterday it is blocked and I get the message that my certificate is not valid. I regenerated a new certificate but I get the same problem.
Whenever I acces to my website I got 502 bad gateway error. The output of my error.log is:

2019/12/22 21:14:19 [error] 4599#0: *566 upstream SSL certificate verify error: (2:unable to get issuer certificate) while SSL handshaking to upstream, client: 37.165.218.70, server: , request: β€œGET /content/1 HTTP/2.0”, upstream: β€œhttps://192.168.1.45:443/content/1”, host: β€œjcp-connect.fr”, referrer: β€œhttps://jcp-connect.fr/”
2019/12/22 21:14:47 [error] 4599#0: *566 upstream SSL certificate verify error: (2:unable to get issuer certificate) while SSL handshaking to upstream, client: 37.165.218.70, server: , request: β€œGET /category/1 HTTP/2.0”, upstream: β€œhttps://192.168.1.45:443/category/1”, host: β€œjcp-connect.fr”, referrer: β€œhttps://jcp-connect.fr/content/4”
2019/12/22 21:19:18 [error] 30984#0: *2 upstream SSL certificate verify error: (2:unable to get issuer certificate) while SSL handshaking to upstream, client: 65.19.128.70, server: , request: β€œHEAD / HTTP/1.1”, upstream: β€œhttps://192.168.1.45:443/”, host: β€œjcp-connect.fr”
2019/12/22 21:19:19 [error] 30984#0: *4 upstream SSL certificate verify error: (2:unable to get issuer certificate) while SSL handshaking to upstream, client: 65.19.128.70, server: , request: β€œHEAD / HTTP/1.1”, upstream: β€œhttps://192.168.1.45:443/”, host: β€œjcp-connect.fr”

My web server is (include version): nginx-1.17.5

The operating system my web server runs on is (include version):openwrt

Hi @amelroua

checking

and

I see your website. No error, looks ok. May be only a local problem.

This is almost certainly the problem–your Let’s Encrypt certificate is valid for a hostname, not for an IP address.

I get the 502 bad gateway when I put https://jcp-connect.fr/content/1

Looking at jcp-connect.fr looks good (certificate is also okay, showing for jcp-connect.fr)
But, https://jcp-connect.fr/content/1 returns 502 bad gateway, and https://jcp-connect.fr/content/4 returns bad gateway.

Now it works. There was only a Bad Gateway error, not a certificate error.

1 Like

Now, I disabled the certificate verification and it works, I need to perform an authentication between the proxy and the backend server but I don’t know why it works for some contents and it is not for other contents?

You have created that system, so you have created that difference. Find it and fix it.

It was working for some contents because they are stored in the cache. Now, I cleaned the cache and I got only 502 bad gateway for all my contents and my error. log gives:
[error] 4201#0: *14 upstream SSL certificate verify error: (2:unable to get issuer certificate) while SSL handshaking to upstream,

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.