Nginx no “ssl_certificate” is defined in server listening on SSL port while SSL handshaking

chances are this is not the first website you’ve come to after breaking ssl on your nginx box, but i promise it will be the last. the problem is actually a very simple one, and the nginx error log tells you verbatim what is wrong with the config, although nginx -t will yield success. nginx reads and runs the sites in alphabetical order, therefore this issue can be fixed by finding and fixing the site config which is listening on port 443 and using ssl without any ssl certificate declarations which is causing your site further down the alphabetical line to fail https. in my case it was a nginx site config called stub_status.conf causing ssl to fail in sysinfo.io.conf even though i did have ssl correctly setup.

 /etc/nginx/sites-enabled/stub_status.conf: listen *:443 ssl;
 /etc/nginx/sites-enabled/sysinfo.io.conf: listen [::]:443 ssl;
 /etc/nginx/sites-enabled/sysinfo.io.conf: listen 443 ssl;
 /etc/nginx/sites-enabled/sysinfo.io.conf: listen [::]:443 ssl;
 /etc/nginx/sites-enabled/sysinfo.io.conf: listen 443 ssl;

if you see this in your error log, continue to the next step.

2017/06/11 12:46:36 [error] 4138#4138: *1 no "ssl_certificate" is defined in server listening on ssl port while ssl handshaking, client: 10.10.10.66, server: 0.0.0.0:443
2017/06/11 12:46:36 [error] 4138#4138: *2 no "ssl_certificate" is defined in server listening on ssl port while ssl handshaking, client: 10.10.10.66, server: 0.0.0.0:443
2017/06/11 12:46:36 [error] 4138#4138: *3 no "ssl_certificate" is defined in server listening on ssl port while ssl handshaking, client: 10.10.10.66, server: 0.0.0.0:443
2017/06/11 12:46:36 [error] 4138#4138: *4 no "ssl_certificate" is defined in server listening on ssl port while ssl handshaking, client: 10.10.10.66, server: 0.0.0.0:443
2017/06/11 12:46:37 [error] 4138#4138: *5 no "ssl_certificate" is defined in server listening on ssl port while ssl handshaking, client: 10.10.10.66, server: 0.0.0.0:443

search nginx site config files for port 443 with ssl on the same line and also without commented out lines.

egrep -ir '.*443|443.*ssl|ssl.*443' /etc/nginx/sites-enabled/ | egrep -v '^*\#'

this should have provided you a list of all of the configs which are meant to be ssl enabled. visit each and every config file in this list starting at the top and make sure that it is setup correctly with at least the 3 declarations needed for ssl to function:

ssl on;
ssl_certificate_key /path/to/privkey.pem;
ssl_certificate /path/to/cert.pem;

if you have any questions or comments please leave them below.

Share
Disqus Comments Loading...

Recent Posts

FreeNAS Error Creating Pool

command '('gpart', 'create', '-s', 'gpt', '/dev/da8')' returned non-zero exit status 1. If you get this error while trying to create… Read More

May 14, 2019 8:22 am 08:22

Change Grub Default Boot Entry on Linux Mint

i'm dual booting windows and linux mint on my laptop. the grub default is to boot into linux mint, however… Read More

April 23, 2019 7:45 pm 19:45

How to Reset Secure Channel On Active Directory Domain Controller

when you're a little too careless about virtualizing your domain controllers, cloning, migrating, backing up and restoring, returning from vacation… Read More

April 21, 2019 8:14 am 08:14

Run SystemD Script Before System Shutdown

for the sheer hell of it, a few weeks ago i wanted to see if i could properly and successfully… Read More

April 20, 2019 10:14 am 10:14

Learn Systemctl Usage to Manage Systemd Service in Linux

systemd is new service manager for linux. it's a replacement for all previous init systems (sysv/sysvinit & ubuntu's upstart) and… Read More

April 20, 2019 7:55 am 07:55

Force Delete Windows Server DHCP Failover Relationship

if you've found yourself here then chances are you messed up one of your domain controllers or at least one… Read More

April 20, 2019 5:54 am 05:54