Nginx issue ssl

Help
1

Hi,

I have a big problem for transform all website in ssl, indeed i have an error for all browser when i go to my website but i don’t understand why ;(
So i hope that you can help me.

My domain is: aerolurcy.fr

I ran this command: certbot certonly –d yourdomain.com

It produced this output:
No problem all cert file generated

My web server is (include version): Nginx

The operating system my web server runs on is (include version): Debian 8

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

This is my config where they are all virtualhost but i have listed only 1 but it is exactly the same.
server{
listen 51.255.130.204:443 ssl;
listen [::]:443;

      server_name aerolurcy.fr;

      root /var/www/aerolurcy;
      index index.php;
    
    # Par défaut les certificats générés avec certbot vont dans /etc/letsencrypt/live/
 # Il faut évidement remplacer le chemin par celui correspondant au domaine
ssl_certificate /etc/letsencrypt/live/aerolurcy.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/aerolurcy.fr/privkey.pem;

   # Les protocoles SSL utilisés
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

 # Activer le ciphers et mettre ceux autorisés (je vous laisse faire de plus amples        recherches pour ça ;) ) 
  ssl_prefer_server_ciphers on;
  ssl_ciphers 'DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-CAMELLIA256-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-CAMELLIA128-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA256';

 ssl_session_cache shared:SSL:10m;
 ssl_session_timeout 10m;

ssl_dhparam /etc/nginx/dhparam.pem;
  

     location / {
     try_files $uri $uri/ /index.php?$args;
     }

    location ~ \.php$ {
    try_files $uri =404;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;}

   server{...}
2

What errors are you seeing? The certificate setup looks good, so I’m guessing it’s probably a mixed content issue, but whynopadlock.com is failing to run those tests, possibly due to a broken redirect.

1 Like
3

thanks for your answer.
I have this error in firefox: SSL_ERROR_BAD_CERT_DOMAIN
in IE DLG_FLAGS_SEC_CERT_CN_INVALID
IN Chrome NET:ERR_CERT_COMMON_NAME_INVALID

I have only a link in http, i will change this tonight for view.
Thanks

4

Hi @help,

You got a certificate that only covers aerolurcy.fr, not www.aerolurcy.fr. These are separate names. They can both be covered by the same certificate, but you need to request both as part of that certificate.

You can add an additional -d option when running Certbot, like -d aerolurcy.fr -d www.aerolurcy.fr.

Right now your certificate is correctly configured on aerolurcy.fr, but the web server returns a redirect to https://www.aerolurcy.fr/, which is not a name that your certificate applies to. That’s the reason for the browser error.

1 Like
5

Yes effectively you are right thanks you very much

6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.