No SSL Certificate is defined

CezarApulchro · April 21, 2024, 2:06pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: https://itcmedbr.com

I ran this command: itcmedbr.com

It produced this output:[error] 98861#0: *12 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: xxx.xxx.xxx.xxx, server: 0.0.0.0:80

My web server is (include version):wildfly 31

The operating system my web server runs on is (include version):Linux Centos 8 OS: Rocky 8.9 GreenObsidian

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):nginx version: nginx/1.14.1

MikeMcQ · April 21, 2024, 2:53pm

What URL are you using when you get the error?

Because my test requests to HTTP (port 80) are blocked and HTTPS (port 443) are not configured properly.

But, HTTP requests using port 8080 work fine and reach your wildfly server.

HTTPS requests to port 8443 also reach your wildfly but it uses a self-signed cert and not your Let's Encrypt cert. I don't know anything about wildfly but you need to review its docs on how to configure HTTPS and certificates. Or post this question on the wildfly community forum.
https://community.jboss.org/en/wildfly

You have gotten some Let's Encrypt certs in the past two months (link here). Have you ever gotten this working properly?

Osiris · April 21, 2024, 5:16pm

Then the best thing to do is to define a "SSL Certificate"!

A little bit more context would be nice..

rg305 · April 21, 2024, 11:07pm

Your nginx configuration has issues:

curl -Ii http://itcmedbr.com/
curl: (52) Empty reply from server

curl -Ii https://itcmedbr.com/
curl: (35) error:0A00010B:SSL routines::wrong version number

curl -Ii http://itcmedbr.com:443/
HTTP/1.1 502 Bad Gateway
Server: nginx/1.14.1
Date: Sun, 21 Apr 2024 23:05:12 GMT
Content-Type: text/html
Content-Length: 3404
Connection: keep-alive
ETag: "60c1d6af-d4c"

AND/OR
There may also be a problem with the port forwarding/NAT.

CezarApulchro · April 22, 2024, 10:29am

My nginx.conf

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
        listen       80 default_server;

        listen       [::]:80 default_server;
        server_name  _;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }

    server {
    listen 80 ssl http2;
    listen [::]:80 ssl http2;

    server_name itcmedbr.com; # managed by Certbot
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
            resolver itcmedbr.com [::1]:5353;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-NginX-Proxy true;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_pass http://itcmedbr.com:80;
            proxy_set_header Host $http_host;
            proxy_pass_header Server;
            proxy_cache_bypass $http_upgrade;

        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/itcmedbr.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/itcmedbr.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

    server {
    if ($host = itcmedbr.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    return 404; # managed by Certbot


}}
----------------------------------

rg305 · April 22, 2024, 11:04am

SSL should be on port 443 only.

Each vhost should only service secure OR insecure content.
One vhost is serving content on port 80 and 443:

CezarApulchro:

    server {
    listen 80 ssl http2;
    listen [::]:80 ssl http2;
    server_name itcmedbr.com; # managed by Certbot
    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443; # managed by Certbot

CezarApulchro · April 22, 2024, 12:24pm

After made the changes problem still the same.

MikeMcQ · April 22, 2024, 12:41pm

That should look like

listen 443 ssl;

MikeMcQ · April 22, 2024, 12:56pm

And the above server block should look like below

    server {
    listen 80;
    listen [::]:80;
    server_name itcmedbr.com;

    if ($host = itcmedbr.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    return 404; # managed by Certbot
}

rg305 · April 22, 2024, 2:59pm

Please show the new config file.

CezarApulchro · April 22, 2024, 9:58pm

After made the changes problem still the same.

Osiris · April 22, 2024, 10:20pm

Why do you repeat yourself when asked a very clear question at your previous post with the same text?

Bruce5051 · April 22, 2024, 10:22pm

And for general nginx information you might find nginx documentation and https://forum.nginx.org/ helpful.

Bruce5051 · April 22, 2024, 10:57pm

HTTP on Port 80: check.

$ curl -Ii http://itcmedbr.com:80/.well-known/acme-challenge/sometestfile
HTTP/1.1 400 Bad Request
Server: nginx/1.14.1
Date: Mon, 22 Apr 2024 22:54:29 GMT
Content-Type: text/html
Content-Length: 271
Connection: close

HTTP on Port 443: yep

$ curl -Ii http://itcmedbr.com:443/.well-known/acme-challenge/sometestfile
HTTP/1.1 400 Bad Request
Server: nginx/1.14.1
Date: Mon, 22 Apr 2024 22:54:36 GMT
Content-Type: text/html
Content-Length: 271
Connection: keep-alive

HTTPS on Port 443: FAILING!

$ curl -Ii https://itcmedbr.com:443/.well-known/acme-challenge/sometestfile
curl: (35) error:0A00010B:SSL routines::wrong version number

And WOW HTTPS on Port 80 is happening, but shouldn't be

$ curl -Ii https://itcmedbr.com:80/.well-known/acme-challenge/sometestfile
HTTP/2 400
server: nginx/1.14.1
date: Mon, 22 Apr 2024 23:01:51 GMT
content-type: text/html
content-length: 271

https://letsdebug.net/itcmedbr.com/1896120 show this as well.

HttpOnHttpsPort
ERROR
A validation request to this domain resulted in an HTTP request being made to a port that expects to receive HTTPS requests. This could be the result of an incorrect redirect (such as to http://example.com:443/) or it could be the result of a webserver misconfiguration, such as trying to enable SSL on a port 80 virtualhost.
@0ms: Making a request to http://itcmedbr.com/.well-known/acme-challenge/letsdebug-test (using initial IP 186.202.57.170)
@0ms: Dialing 186.202.57.170
@3736ms: Server response: HTTP 400 Bad Request

Bruce5051 · April 22, 2024, 11:00pm

Here is a list of issued certificates crt.sh | itcmedbr.com, the latest being 2024-04-15.

Why not just serve this certificate crt.sh | 12733412008?

CezarApulchro · April 23, 2024, 10:03pm

Hi Bruce, I've a certificate generated by certbot I believe that my problem is in my standalone.xml file if you type itcmedbr.com:80 you will see the nginx welcome page and the symbol of view site information in the bar command. Below is the error generated when I call my domain in the browser.

2024-04-23 18:34:04,038 INFO  [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-2) WFLYJCA0018: Started Driver service with driver-name = itcmedbr.war_com.mysql.cj.jdbc.Driver_8_0
2024-04-23 18:34:05,460 INFO  [org.hibernate.cache.internal.RegionFactoryInitiator] (ServerService Thread Pool -- 80) HHH000025: Second-level cache region factory [org.infinispan.hibernate.cache.v62.InfinispanRegionFactory]
2024-04-23 18:34:05,765 INFO  [org.hibernate.envers.boot.internal.EnversServiceImpl] (ServerService Thread Pool -- 80) Envers integration enabled? : true
2024-04-23 18:34:06,560 INFO  [org.jboss.as.jpa] (ServerService Thread Pool -- 80) WFLYJPA0010: Starting Persistence Unit (phase 2 of 2) Service 'itcmedbr.war#itcmedbr_PU'
2024-04-23 18:34:48,284 INFO  [jakarta.enterprise.resource.webcontainer.faces.config] (ServerService Thread Pool -- 96) Initializing Mojarra 4.0.5 for context '/itcmedbr'
2024-04-23 18:34:57,838 INFO  [org.wildfly.extension.undertow] (ServerService Thread Pool -- 96) WFLYUT0021: Registered web context: '/itcmedbr' for server 'default-server'
2024-04-23 18:35:00,389 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
    ("subsystem" => "undertow"),
    ("server" => "default-server"),
    ("host" => "default-host"),
    ("filter-ref" => "server-header")
]) - failure description: {
    "WFLYCTL0412: Required services that are not installed:" => ["jboss.undertow.filter.server-header"],
    "WFLYCTL0180: Services with missing/unavailable dependencies" => ["service jboss.undertow.server.default-server.default-host.filter-ref.server-header is missing [jboss.undertow.filter.server-header]"]
}
2024-04-23 18:35:00,397 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
    ("subsystem" => "undertow"),
    ("server" => "default-server"),
    ("host" => "default-host"),
    ("filter-ref" => "x-powered-by-header")
]) - failure description: {
    "WFLYCTL0412: Required services that are not installed:" => ["jboss.undertow.filter.x-powered-by-header"],
    "WFLYCTL0180: Services with missing/unavailable dependencies" => ["service jboss.undertow.server.default-server.default-host.filter-ref.x-powered-by-header is missing [jboss.undertow.filter.x-powered-by-header]"]
}
2024-04-23 18:35:00,745 INFO  [org.jboss.as.server] (ServerService Thread Pool -- 45) WFLYSRV0010: Deployed "itcmedbr.war" (runtime-name : "itcmedbr.war")
2024-04-23 18:35:00,792 INFO  [org.jboss.as.controller] (Controller Boot Thread) WFLYCTL0183: Service status report
WFLYCTL0184:    New missing/unsatisfied dependencies:
      service jboss.undertow.filter.server-header (missing) dependents: [service jboss.undertow.server.default-server.default-host.filter-ref.server-header] 
      service jboss.undertow.filter.x-powered-by-header (missing) dependents: [service jboss.undertow.server.default-server.default-host.filter-ref.x-powered-by-header] 

2024-04-23 18:35:01,219 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("internal-model-validation") failed - address: ([]) - failure description: "WFLYCTL0446: ssl-context or alternative(s) [security-realm] is required"
2024-04-23 18:35:01,260 FATAL [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0056: Server boot has failed in an unrecoverable manner; exiting. See previous messages for details. - Server configuration file in use: standalone.xml
2024-04-23 18:35:01,640 INFO  [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-2) WFLYJCA0019: Stopped Driver service with driver-name = itcmedbr.war_com.mysql.cj.jdbc.Driver_8_0
2024-04-23 18:35:01,799 INFO  [org.jboss.as.mail.extension] (MSC service thread 1-1) WFLYMAIL0002: Unbound mail session [java:jboss/mail/Default]
2024-04-23 18:35:01,857 INFO  [org.wildfly.extension.undertow] (ServerService Thread Pool -- 21) WFLYUT0022: Unregistered web context: '/itcmedbr' from server 'default-server'
2024-04-23 18:35:02,063 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-1) WFLYUT0019: Host default-host stopping
2024-04-23 18:35:02,429 INFO  [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-1) WFLYJCA0010: Unbound data source [java:jboss/datasources/ExampleDS]
2024-04-23 18:35:02,432 INFO  [org.jboss.as.jpa] (ServerService Thread Pool -- 40) WFLYJPA0011: Stopping Persistence Unit (phase 2 of 2) Service 'itcmedbr.war#itcmedbr_PU'

I don't know if this forum is the locate to post this problem.

rg305 · April 24, 2024, 1:43am

This doesn't seem to be the location for such a problem/request for help.

This has nothing to do with LE:

"WFLYCTL0412: Required services that are not installed:" => ["jboss.undertow.filter.server-header"],
"WFLYCTL0180: Services with missing/unavailable dependencies" => ["service jboss.undertow.server.default-server.default-host.filter-ref.server-header is missing [jboss.undertow.filter.server-header]"]