Problem with nginx and letsencrypt


#1

Hello,
i got the following problem:

i got the certificats for my website (debian, nginx), but my config dont work
what iam doing wrong?

`server {
listen 80;
server_name myWebsite.net www.myWebsite.net;
return 301 https://$host$request_uri;
}

server {
listen 443 ssl;
server_name myWebsite.net www.myWebsite.net;

root /var/www;
index index.html index.htm index.php;

ssl on;
ssl_certificate /etc/letsencrypt/live/myWebsite.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/myWebsite.net/privkey.pem;


ssl_session_timeout 5m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_session_cache shared:SSL:50m;
add_header Strict-Transport-Security max-age=15768000;

location / {
	try_files $uri $uri/ =404;
}

location ~ /\.well-known\/acme-challenge {
	allow all;
}

}

`


#2

Try changing:
ssl_certificate /etc/letsencrypt/live/myWebsite.net/fullchain.pem;

To instead be:

ssl_certificate /etc/letsencrypt/live/myWebsite.net/cert.pem;

Worked for me.


#3

That’s definitely wrong. You should serve the “full chain” because most web browsers won’t try to reconstruct missing links in the chain if they’re not provided, so visitors will get an error saying your certificate isn’t trusted.

@iSeven - you say the config “dont work” but that’s very vague. What happens, and what did you expect to happen? For example, is there an error message displayed somewhere? If so, please tell us what it is.


#4

@Happy_Face, as @tialaramex points out, what you did will probably make your site not work with some clients. You can test it at https://www.ssllabs.com/ssltest/ to see if it says there is a chain problem.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.