NGINX don't use my lets encrypt certificate


#1

My domain is: secure.schett.net

My web server is (include version): NGINX

The operating system my web server runs on is (include version): RHEL7

My hosting provider, if applicable, is: -

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Config

server {
if ($host = secure.schett.net) {
return 301 https://$host$request_uri;
} # managed by Certbot

listen 80;
listen [::]:80;
server_name secure.schett.net;
return 301 https://$server_name$request_uri;

}
server {
server_name secure.schett.net;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/secure.schett.net/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/secure.schett.net/privkey.pem; # managed by Certbot
ssl_client_certificate /etc/letsencrypt/live/secure.schett.net/fullchain.pem;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m;
ssl_verify_client on;
ssl_verify_depth 2;

include snippets/ssl-params.conf;

root /srv/www/secure.schett.net/public_web;
index index.php;
location / {
try_files $uri uri/ /index.html =404; autoindex on; } location ~ /.well-known { allow all; } location ~ \.php {
include /etc/nginx/fastcgi_params;

    fastcgi_pass  127.0.0.1:9000;

    fastcgi_index index.php;

    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

}

}


#2

Hi @schettnico

there is a certificate. But it looks wrong:

CN=178.191.11.117
	06.01.2019
	16.01.2038
	178.191.11.117, fritz.box, www.fritz.box, 
myfritz.box, www.myfritz.box, fritz.nas, 
www.fritz.nas - 7 entries

So it looks that your fritz box terminates the ssl instead of a port forwarding.

Then follows a http status 400 - bad request.

So check your router settings.


closed #3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.