Chances are this is not the first website you’ve come to after breaking SSL on your Nginx box, but I promise it will be the last. The problem is actually a very simple one, and the Nginx error log tells you verbatim what is wrong with the config, although nginx -t will yield success. Nginx reads and runs the sites in alphabetical order, therefore this issue can be fixed by finding and fixing the site config which is listening on port 443 and using ssl without any ssl certificate declarations which is causing your site further down the alphabetical line to fail HTTPS. In my case it was a Nginx site config called stub_status.conf causing SSL to fail in sysinfo.io.conf even though I did have SSL correctly setup.

 /etc/nginx/sites-enabled/stub_status.conf: listen *:443 ssl;
 /etc/nginx/sites-enabled/sysinfo.io.conf: listen [::]:443 ssl;
 /etc/nginx/sites-enabled/sysinfo.io.conf: listen 443 ssl;
 /etc/nginx/sites-enabled/sysinfo.io.conf: listen [::]:443 ssl;
 /etc/nginx/sites-enabled/sysinfo.io.conf: listen 443 ssl;

If you see this in your error log, continue to the next step.

2017/06/11 12:46:36 [error] 4138#4138: *1 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 10.10.10.66, server: 0.0.0.0:443
2017/06/11 12:46:36 [error] 4138#4138: *2 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 10.10.10.66, server: 0.0.0.0:443
2017/06/11 12:46:36 [error] 4138#4138: *3 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 10.10.10.66, server: 0.0.0.0:443
2017/06/11 12:46:36 [error] 4138#4138: *4 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 10.10.10.66, server: 0.0.0.0:443
2017/06/11 12:46:37 [error] 4138#4138: *5 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 10.10.10.66, server: 0.0.0.0:443

Search Nginx site config files for port 443 with SSL on the same line and also without commented out lines.

egrep -iR '.*443|443.*ssl|ssl.*443' /etc/nginx/sites-enabled/ | egrep -v '^*\#'

This should have provided you a list of all of the configs which are meant to be SSL enabled. Visit each and every config file in this list starting at the top and make sure that it is setup correctly with at least the 3 declarations needed for SSL to function:

ssl on;
ssl_certificate_key /path/to/privkey.pem;
ssl_certificate /path/to/cert.pem;

If you have any questions or comments please leave them below.

    Advertisment ad adsense adlogger