Nginx + Wordpress - sec_error_unknown_issuer

vernorlamont · November 18, 2015, 1:13pm

I changed my code and now it’s working. Still, I don’t have idea why TLS 1.2 and TLS 1.1 is not working (Nginx 1.8.0).

My code:

server {
    listen 80;
    server_name www.marzycielskapoczta.pl;
    return 301 https://marzycielskapoczta.pl$request_uri;
}


server {
    listen 443 ssl;
    server_name www.marzycielskapoczta.pl;
    root /disk2/wordpress;
    # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
    ssl_certificate /etc/letsencrypt/live/www.marzycielskapoczta.pl/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/www.marzycielskapoczta.pl/privkey.pem;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;

    # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
    ssl_dhparam /etc/ssl/certs/dhparam.pem;

    # intermediate configuration. tweak to your needs.
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
    ssl_prefer_server_ciphers on;

    # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
    add_header Strict-Transport-Security max-age=15768000;

    # OCSP Stapling ---
    # fetch OCSP records from URL in ssl_certificate and cache them
    ssl_stapling on;
    ssl_stapling_verify on;

    ## verify chain of trust of OCSP response using Root CA and Intermediate certs
    ssl_trusted_certificate /etc/letsencrypt/live/www.marzycielskapoczta.pl/fullchain.pem;

}

server {
    listen 443;
    root /disk2/wordpress;
    server_name marzycielskapoczta.pl;
    index index.php;
    access_log off;
    error_log /var/log/nginx/mp.error.log;
    location = /favicon.ico {
    log_not_found off;
    access_log off;
    }

Topic		Replies	Views
Certbot + Nginx + Ubuntu 16.04 Server	14	4087	November 17, 2017
This site can’t provide a secure connection ERR_SSL_PROTOCOL_ERROR Server	17	123473	May 19, 2016
Firefox 42 sec_error_unknown_issuer \| lighttpd Server	8	8367	December 5, 2015
After installing Let's Encrypt on Wordpress [Welcome to Nginx] page appear Help	4	901	December 21, 2019
How to test "certificate name mismatch" problem and fix? Help	27	11781	October 23, 2019

Nginx + Wordpress - sec_error_unknown_issuer

Related topics