All Questions
Tagged with nginx ssl-certificate
309
questions
0
votes
1
answer
21
views
Client ssl certificate verify error: 26 unsupported certificate purpose while reading client request header
I am trying to send a search request from web server to another server through nginx proxy. I have server_hostname.pem file as server certificate and ca-chain.cert.pem file as client certificate. ...
- 1
-1
votes
0
answers
15
views
Ubuntu - Nginx client cert authentication: is a public CA a security risk?
I am struggling with a Nginx setup as reverse proxy with client certificate authentication. The client is only accepting publicly signed certificates to be imported as client certificates for ...
0
votes
0
answers
44
views
Ubuntu/Nginx server seems to be supplying non-existant SSL certificate
I had four websites configured on an Ubuntu 22.04 server using NginX.
There was a technical problem with the database connection that required me to move the four websites to a new server.
I moved ...
- 87
0
votes
0
answers
24
views
Nginx as reverse proxy for Gitblit with client certificate authentication. Peer closed connection in SSL handshake while SSL handshaking to upstream
We used the nginx as reverse proxy for the gitblit with client certificate authentication.
Given the nginx configuration as below.
server {
listen 443 ssl http2 default_server;
server_name _;
...
- 101
4
votes
2
answers
1k
views
Is it possible to get a browser to present a client side certificate even if the client cert isn't signed by the same CA as the server cert?
I'm in a strange scenario where I have a server with NodeJS backend and ReactJS frontend that does record keeping where the customer wants to use user certificates to ID who visits this internal site. ...
- 1,078
0
votes
0
answers
43
views
Using if with ssl_certificate in nginx for loading SSL certificates
I have two domains: foo.com and bar.com which are served by nginx. To avoid duplicating code, I want to put this
[some code]
if ($host = "foo.com") {
ssl_certificate /...
- 101
0
votes
0
answers
31
views
Nginx reverse proxy: no certificate on proxy, use the backend one
I have a small machine that serves as an entry point to my network, let's call it A. I also have two servers on my private network which are not accessible from outside, let's call them B1 and B2.
We ...
- 101
0
votes
0
answers
231
views
How to fix cURL error 35 when consulting endpoints in production server?
I have a Laravel project consulting various endpoints via get method, and sometimes in random moment return this error:
production.ERROR: GuzzleHttp\Exception\ConnectException: cURL error 35: OpenSSL ...
0
votes
0
answers
308
views
Nginx, reverse proxy and HTTPS
I have a problem setting up reverse proxy in nginx for HTTPS.
I have set up Tomcat HTTPS connector on 127.0.0.1:443. It works:
% openssl s_client -showcerts -connect 127.0.0.1:443
CONNECTED(00000005)
...
- 1,401
0
votes
0
answers
1k
views
Auto renew LetsEncrypt cert with nginx under Docker
I'm having troubles setting up a auto renew for LetsEncrypt certificates.
I run nginx under Docker container that serves Django application.
Here is my docker-compose file:
version: '3.8'
services:
...
- 1
0
votes
1
answer
64
views
What are the DNS names and IP addresses used for a reverse proxy?
I have the same scenario described in this question. I have a client connecting to an nginx reverse proxy with multiple backend services and need to set up certificates.
...
- 1,078
0
votes
1
answer
979
views
Nginx Reverse Proxy : using self signed SSL certificate to backend server
I need to accomplish this:
User (https using wildcard CA cert 1 year) to --> Nginx reverse proxy (https using self signed cert 10 years) to --> backend server
I'm stuck on configuring the ...
- 1
1
vote
1
answer
385
views
Django CSRF verification failed after setting SSL with Certbot
I'm currently working on a Django project that utilizes Docker, and I recently set up an SSL certificate using a containerized version of Certbot in order to secure my Django app through HTTPS. ...
- 111
0
votes
0
answers
219
views
NGINX to trust a list of specific client certificates
I'd like to accomplish that scenario below.
Ningx must accept:
client_certificate_1.pem
client_certificate_2.pem
client_certificate_3.pem
OR
Ningx must accept:
file_with_certs.pem (containing)
...
2
votes
0
answers
1k
views
nginx not reloading certificate after renewal
We have the following setup: multiple linux server with Ubuntu 20.04 and 22.04. Hosted on this servers are website for our customers. We using certbot to generate or renewal certificates. As webserver ...
- 21
0
votes
1
answer
351
views
no "ssl_certificate" is defined in server
Trying to get my routine webserver set up, and running into this roadblock, no matter what I try it's not working, something i've done hundreds of times and i'm out of ideas.
Typical webserver setup, ...
- 115
0
votes
1
answer
217
views
Are multiple TLS Certificates/Keys used in Order in NGINX? How does NGINX determine the best Match in this Case?
Using Cloudflare's "Full" encyption mode, one can use self signed certificates for origin to Cloudflare connections:
The certificate presented by the origin will not be validated in any way....
- 13
0
votes
1
answer
204
views
Why I see all Vhost domain names in SSL certificate, what did I do wrong?
I have a VPS that hosts 2 websites, and I have 2 domains, domain1.com and domain2.com
Server Nginx running on Ubuntu 20.04
I installed certbot and nginx according to their instructions and CA is ...
- 103
0
votes
1
answer
50
views
Migrating API to new server - Should I generate a new SSL certificate and what are the implications for clients?
I am migrating my API to a new server and both old and new server are running on Ubuntu 20.04 and Nginx. My SSL certificate was generated by certbot. Should I generate a new certificate on the new ...
0
votes
1
answer
744
views
How to resolve "400 Bad Request" after cloning a webserver that uses Cloudflare for SSL?
I'm trying to clone a webserver that hosts sites that rely on Cloudflare for their SSL certificates.
After cloning the server and updating my local hosts file to point the site to the new server, I'm ...
- 113
2
votes
0
answers
753
views
NGINX: Configure to setup mTLS with ssl_client_certificate, ssl_verify_client, ssl_certificate and ssl_certificate_key
Right off the bat there are a couple posts that go through this issue but I am unsure what the settings are doing exactly in order to achieve the correct result. I'm able to verify the client but not ...
1
vote
1
answer
1k
views
Configuring SSL with Nginx on Ubuntu Server
I have been following some tutorials online, and I have gotten my flask app up and running. I have added domain names, and they work correctly. However, now im trying to use Certbot to get a SSL ...
- 13
0
votes
0
answers
679
views
File not found even though it exists on server
I added a .crt and .pem file to /tmp/certs an ran chmod 777 <filename> on each of them.
Now when I attempt to run my service I get this error:
Sep 06 13:33:25 vu89.bdom.com systemd[1]: Starting ...
- 101
0
votes
1
answer
43
views
Cretbot SSL Certificate not working properly
I tried installing cartbot SSL certificate in my ubuntu server by following the instruction on this https://github.com/antonputra/tutorials/tree/main/lessons/078
The URL where I am trying to secure is ...
- 245
1
vote
0
answers
210
views
Forge + Let's Encrypt - SSL issues but browser can't see it
We use Forge and Let's Encrypt for hosting websites. We have a staging environment to view changes and get approval from the clients before the site goes live (it's using a sub domain so it's like ...
- 21
1
vote
1
answer
145
views
Nginx revoked Intermediate-CA from Root-CA
The certificates as given below:
Root-CA -> Intermediate-CA -> Server
If I revoke Intermediate-CA from Root-CA then the Server will automated revoked certificate along with the Intermediate-...
- 76
4
votes
1
answer
923
views
Revoked certificate is still valid by Google Chrome and Microsoft Edge
I have generated Self-Signed Certificate, Root-CA Signed by Root-CA
Then, Intermediate-CA Signed by Root-CA and Server Signed by Intermediate-CA
The certificates as given below:
Root-CA -> ...
- 76
0
votes
1
answer
533
views
Nginx Config file need to be configure
I have generated the certificates as given below:
Root-CA -> Intermediate-CA -> Server
Root-CA:
rootca.key
rootca.crt
rootca.crl
Intermediate-CA:
intermediateca.key
intermediateca.crt
...
- 76
1
vote
0
answers
607
views
Nginx OCSP Stapling is Not Working
I have generated the certificates as given below:
Root-CA -> Intermediate-CA -> Server
Root-CA:
rootca.key
rootca.crt
Intermediate-CA:
intermediateca.key
intermediateca.crt
Server:
server....
- 21
0
votes
1
answer
731
views
Can I validate client certificates signed with different root certificates in nginx?
Preface: I'm new to certificate validation
I've configured an nginx website as a reverse proxy, which validates client certificates.
Without all the other specifics, this is the config that I used:
...
- 265
0
votes
0
answers
353
views
Moving LetsEncrypt SSL certs from one NginX server to another NginX server
I'm running a Reverse Proxy Server (RPS) using NginX. It is working fine for forwarding traffic to my sites which are not using SSL. However, I just configured a new NginX web server with ...
- 23
0
votes
1
answer
474
views
Nginx not picking location with longest prefix
In this simplified nginx setup, I have two nginx location blocks, one for SSL certificate renewals, and one for fast proxy (for uwsgi/Django ).
When a SSL certificate renewal happens via acme.sh, it ...
- 167
0
votes
0
answers
535
views
Adding Cloudflare SSL Results in 522 Error
Currently I'm trying to install a Cloudflare SSL certificate on my Ubuntu server that uses Nginx. I am following this guide on how to do so, but once I successfully install the certificate as per the ...
- 1
0
votes
1
answer
4k
views
Certbot - Failed authorization procedure
I want to generate a Let's Encrypt certificate for my server, so that I can renew it automatically.
I ran the command certbot --nginx -d testpbx.info.eu and got the following error.
certbot --nginx -d ...
0
votes
1
answer
996
views
Can i use different client certificates for different locations using nginx
I have two different location on my Server:
server/locationA
server/locationB
I want to restrict access to these locations using two client certificates certA and certB.
locationA should only be ...
0
votes
1
answer
9k
views
Unable to renew a Certbot NGINX certificate
I have a NGINX server and I use Certbot to generate a Let's Encrypt certificate. I saw that my certificate was not renewing automatically despite the cron I had set up.
I tried to renew it manually ...
0
votes
1
answer
2k
views
Server refused to connect after installing SSL via Certbot | Docker + Nginx, AWS Lightsail
I have successfully managed to install SSL via certbot into my Nginx Docker container,
but after installation, all traffic routed via HTTPS refuses to connect.
curl https://www.example.com or curl ...
- 101
0
votes
0
answers
2k
views
Nginx with SSL behind another Nginx (with nginx-proxy)
I have two VMS. The first is VM1 and the second is VM2. The first is a VPN server and the second is a client.
On VM1 the Nginx is installed as a reverse proxy from the official Docker repository.
On ...
0
votes
0
answers
110
views
Serve different SSL certificate depending upon connection
I currently have a Nextcloud installation running on a server at home behind an Nginx proxy, which in turn is routed through Cloudflare. The proxy currently presents a Cloudflare origin SSL ...
- 101
0
votes
0
answers
77
views
How to install TLS Cert (SAN?) on RHEL server behind a proxy?
I have a couple of RHEL server "clusters" - I'd call these loosely-coupled; they run artifactory and artifactory itself binds them together, rather than being coupled at an OS level - which ...
0
votes
1
answer
577
views
Change ip address link to be http instead of https
I recently abruptly changed domains because my old domain got hacked. I bought a new domain, but it doesn't show in google search results yet. I submitted a crawl request via google search console but ...
- 1
0
votes
0
answers
329
views
How do I fix issue with renewing my certbot certificates on ubuntu
I am trying to renew my certbot certificates running the command
cerbot renew
and I get this error
2021-12-02 10:46:30,686:INFO:certbot.plugins.selection:Plugins selected: Authenticator nginx, ...
- 1
0
votes
1
answer
602
views
Avoid duplication in nginx redirects config?
Setting up redirects www → non-www and HTTP → HTTPS at the same time, I ran into duplication issue that I fail to overcome.
On my domain—let it be example.com—I have a website with primary name ...
- 1
0
votes
2
answers
1k
views
HTTPS breaks Socket.io connection
Fault description
I have in my test environment Rasa chatbots running in docker containers. Chatbot's fronted is a Botfront webchat widget in a website served by Apache2 in same server. I also ...
0
votes
1
answer
1k
views
Chrome not trusting self-signed cert
I have mutual TLS enabled on my nginx reverse proxy. I can view the site only when I have the client cert and custom CA installed in my keychain. This works in Safari and Chrome. However, in Chrome it ...
- 115
2
votes
1
answer
1k
views
Searx (based on Nginx) "Let's Encrypt" SSL certificate is not valid for Safari (iPhone and MacOS), it is valid for the rest of the world
I have a customized installation of Searx (https://searx.me/) at:
https://ricercaalternativa.mydissent.net/
It has been working properly with Letsencrypt for years now. As of a few days ago, however, ...
3
votes
2
answers
4k
views
Kubernetes Nginx Ingress and cert-manager Waiting for HTTP-01 challenge propagation: wrong status code '401', expected '200'
I'm having issues with my rapberry pi kubernetes implementation
Problem:
I have cert-manager letsencrypt ACME challenge waiting due to a 401 error code on bare metal kubernetes install.
Setup
Platform:...
- 41
1
vote
1
answer
1k
views
setup nginx to require certain conditions of a location for all but a given source IP
I'm looking for a setup where I'd like to have SSL client certificates for all but one source IP.
My idea is to set
ssl_verify_client optional;
and to add an elaborate if statement to the locations.
...
- 269
0
votes
1
answer
240
views
Auto Virtual Host - Single Nginx config
I am trying to create a single Nginx config for multiple hosts based on a directory. I followed a guide which seems to work well with standard HTTP setup but when I add the HTTPS 301 redirect, I can ...
- 13
0
votes
0
answers
133
views
Websites do not loaded properly in Nginx loadbalancing
I have 3 Nginx Servers like this -
lab01.net => 192.168.89.128 (load balancer)
lab02.net => 192.168.89.129 (backend)
lab03.net => 192.168.89.130 (backend)
-------------- lab01.net ...
