Nginx no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking

Chances are this is not the first website you've come to after breaking SSL on your Nginx box, but I promise it will be the last. The problem is actually a very simple one, and the Nginx error log tells you verbatim what is wrong with the config, although nginx -t will yield success. Nginx reads and runs the sites in alphabetical order, therefore this issue can be fixed by finding and fixing the site config which is listening on port 443 and using ssl without any ssl certificate declarations which is causing your site further down the alphabetical line to fail HTTPS. In my case it was a Nginx site config called stub_status.conf causing SSL to fail in sysinfo.io.conf even though I did have SSL correctly setup.

 /etc/nginx/sites-enabled/stub_status.conf: listen *:443 ssl;
 /etc/nginx/sites-enabled/sysinfo.io.conf: listen [::]:443 ssl;
 /etc/nginx/sites-enabled/sysinfo.io.conf: listen 443 ssl;
 /etc/nginx/sites-enabled/sysinfo.io.conf: listen [::]:443 ssl;
 /etc/nginx/sites-enabled/sysinfo.io.conf: listen 443 ssl;

If you see this in your error log, continue to the next step.

2017/06/11 12:46:36 [error] 4138#4138: *1 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 10.10.10.66, server: 0.0.0.0:443
2017/06/11 12:46:36 [error] 4138#4138: *2 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 10.10.10.66, server: 0.0.0.0:443
2017/06/11 12:46:36 [error] 4138#4138: *3 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 10.10.10.66, server: 0.0.0.0:443
2017/06/11 12:46:36 [error] 4138#4138: *4 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 10.10.10.66, server: 0.0.0.0:443
2017/06/11 12:46:37 [error] 4138#4138: *5 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 10.10.10.66, server: 0.0.0.0:443

Search Nginx site config files for port 443 with SSL on the same line and also without commented out lines.

egrep -iR '.*443|443.*ssl|ssl.*443' /etc/nginx/sites-enabled/ | egrep -v '^*\#'

This should have provided you a list of all of the configs which are meant to be SSL enabled. Visit each and every config file in this list starting at the top and make sure that it is setup correctly with at least the 3 declarations needed for SSL to function:

ssl on;
ssl_certificate_key /path/to/privkey.pem;
ssl_certificate /path/to/cert.pem;

If you have any questions or comments please leave them below.

Share
Disqus Comments Loading...

Recent Posts

VMWare vSphere 6.7 ESXTOP Output Garbled

If your VMWare vSphere 6.x environment command output of esxtop looks like a bunch of garbled gibberish (it's actually CSV… Read More

February 28, 2019 7:39 pm 19:39

How To Run RoboCopy Backup in Parallel

From time to time Windows Admins will surprise you with band-aid and bubble gum scripts, that's entirely expected I think.… Read More

February 28, 2019 12:20 pm 12:20

Windows 10 GodMode - The Ultimate Administrator Shortcut

Have you ever wondered what life might be like if the Windows 10 OS somehow had a single folder that… Read More

February 28, 2019 7:58 am 07:58

Samsung Galaxy S9 G960/G965 Stock ROM Firmware Download

There could be any number of reasons for needing to flash manufacturer stock OEM firmware on a Samsung Galaxy S9… Read More

January 24, 2019 7:42 am 07:42

Output IP Address with ipconfig Findstr Ethernet Adapter

How many times have you entered  ipconfig /all at the command line to return a single IP address, then have to strain… Read More

January 20, 2019 12:39 am 00:39

AWS SES Assistance in Enterprise Market - A Must Read

Designing e-mail solutions on a large scale can be a complex and costly challenge for a business: you need to… Read More

December 25, 2018 4:01 pm 16:01