Nginx no “ssl_certificate” is defined in server listening on SSL port while SSL handshaking

Chances are this is not the first website you’ve come to after breaking SSL on your Nginx box, but I promise it will be the last. The problem is actually a very simple one, and the Nginx error log tells you verbatim what is wrong with the config, although nginx -t will yield success. Nginx reads and runs the sites in alphabetical order, therefore this issue can be fixed by finding and fixing the site config which is listening on port 443 and using ssl without any ssl certificate declarations which is causing your site further down the alphabetical line to fail HTTPS. In my case it was a Nginx site config called stub_status.conf causing SSL to fail in sysinfo.io.conf even though I did have SSL correctly setup.

 /etc/nginx/sites-enabled/stub_status.conf: listen *:443 ssl;
 /etc/nginx/sites-enabled/sysinfo.io.conf: listen [::]:443 ssl;
 /etc/nginx/sites-enabled/sysinfo.io.conf: listen 443 ssl;
 /etc/nginx/sites-enabled/sysinfo.io.conf: listen [::]:443 ssl;
 /etc/nginx/sites-enabled/sysinfo.io.conf: listen 443 ssl;

If you see this in your error log, continue to the next step.

2017/06/11 12:46:36 [error] 4138#4138: *1 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 10.10.10.66, server: 0.0.0.0:443
2017/06/11 12:46:36 [error] 4138#4138: *2 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 10.10.10.66, server: 0.0.0.0:443
2017/06/11 12:46:36 [error] 4138#4138: *3 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 10.10.10.66, server: 0.0.0.0:443
2017/06/11 12:46:36 [error] 4138#4138: *4 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 10.10.10.66, server: 0.0.0.0:443
2017/06/11 12:46:37 [error] 4138#4138: *5 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 10.10.10.66, server: 0.0.0.0:443

Search Nginx site config files for port 443 with SSL on the same line and also without commented out lines.

egrep -iR '.*443|443.*ssl|ssl.*443' /etc/nginx/sites-enabled/ | egrep -v '^*\#'

This should have provided you a list of all of the configs which are meant to be SSL enabled. Visit each and every config file in this list starting at the top and make sure that it is setup correctly with at least the 3 declarations needed for SSL to function:

ssl on;
ssl_certificate_key /path/to/privkey.pem;
ssl_certificate /path/to/cert.pem;

If you have any questions or comments please leave them below.

Share
Disqus Comments Loading...

Recent Posts

Tinder Auto Swipe Like Shell Script

Shell script to auto swipe like on Tinder. It utilizes the tool called xdotool which… Read More

April 30, 2020 2:54 pm

FFmpeg Batch Transcode Audio

Recently I have been dealing with transcoding media files for my private streaming site, travisflix,… Read More

March 29, 2020 2:57 am

Windows Static Route Recovery

If you have messed up the routing table on a remote Windows Server, this network… Read More

March 27, 2020 9:08 pm

VMware Inter-VM Transparent Page Sharing

Enable Inter-VM Transparent Page Sharing (v5.x - 6.7) If you're using VMWare ESXi in a… Read More

February 29, 2020 2:06 am

Best Free Public Usenet News Server for NZBGet

If you are looking for the best free public usenet news server in active operation… Read More

February 10, 2020 4:43 pm

Bittorrent IP Blocklists

What is a Torrent IP Blocklist? A torrent IP blocklist is simply a giant database… Read More

October 26, 2019 3:31 pm