Problem with nginx and letsencrypt

iSeven · June 18, 2016, 7:07pm

Hello,
i got the following problem:

i got the certificats for my website (debian, nginx), but my config dont work
what iam doing wrong?

`server {
listen 80;
server_name myWebsite.net www.myWebsite.net;
return 301 https://$host$request_uri;
}

server {
listen 443 ssl;
server_name myWebsite.net www.myWebsite.net;

root /var/www;
index index.html index.htm index.php;

ssl on;
ssl_certificate /etc/letsencrypt/live/myWebsite.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/myWebsite.net/privkey.pem;


ssl_session_timeout 5m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_session_cache shared:SSL:50m;
add_header Strict-Transport-Security max-age=15768000;

location / {
	try_files $uri $uri/ =404;
}

location ~ /\.well-known\/acme-challenge {
	allow all;
}

}

`

Happy_Face · June 20, 2016, 11:04pm

Try changing:
ssl_certificate /etc/letsencrypt/live/myWebsite.net/fullchain.pem;

To instead be:

ssl_certificate /etc/letsencrypt/live/myWebsite.net/cert.pem;

Worked for me.

tialaramex · June 21, 2016, 2:11am

That’s definitely wrong. You should serve the “full chain” because most web browsers won’t try to reconstruct missing links in the chain if they’re not provided, so visitors will get an error saying your certificate isn’t trusted.

@iSeven - you say the config “dont work” but that’s very vague. What happens, and what did you expect to happen? For example, is there an error message displayed somewhere? If so, please tell us what it is.

schoen · June 21, 2016, 2:18am

@Happy_Face, as @tialaramex points out, what you did will probably make your site not work with some clients. You can test it at https://www.ssllabs.com/ssltest/ to see if it says there is a chain problem.

system · July 21, 2016, 2:18am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to setup reverse NGINX and LetsEncrypt certificates Server	5	8148	September 7, 2017
The server could not connect to the client to verify the domain ERROR Help	5	1162	March 11, 2018
Lets Encrypt SSL Certificate Setup Issue Help	26	5841	August 7, 2017
The https not working after create letsencrypt Help	3	733	June 7, 2019
Certbot Nginx not work Help	3	62	August 29, 2024

Problem with nginx and letsencrypt

Related topics