#1073 closed defect (duplicate)
no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | other | Version: | 1.10.x |
Keywords: | Cc: | ||
uname -a: | Linux how-eco 3.13.0-52-generic #85-Ubuntu SMP Wed Apr 29 16:44:17 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux | ||
nginx -V: |
built with OpenSSL 1.0.2g-fips 1 Mar 2016
TLS SNI support enabled configure arguments: --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_v2_module --with-http_sub_module --with-http_xslt_module --with-stream --with-stream_ssl_module --with-mail --with-mail_ssl_module --with-threads |
Description
If I specify listen 80 ssl;
, then whenever I try to access a hosted site using http, the only error that I see is:
no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: x.x.x.x, server: 0.0.0.0:80
The fix was removing ssl from the listen directive, however it was difficult to track down the mistake.
The desired outcome would be to flag this at configtest.
Example
server { listen 80 ssl; listen 443 ssl; listen [::]:443 ssl; server_name example.com; root /var/www/html; access_log /var/log/nginx/....access.log; error_log /var/log/nginx/....error.log error; index index.php; ssl_certificate /etc/letsencrypt/...; ssl_certificate_key /etc/letsencrypt/live/...; ... }
Change History (2)
comment:1 by , 8 years ago
Resolution: | → duplicate |
---|---|
Status: | new → closed |
comment:2 by , 8 years ago
If we use the AWS certificate manager and which is configured as part of the ELB, we are getting the same issue.
How to listen to the 443 with out configuring any certificate on the ngix?
thanks
arasu.b
Version 0, edited 8 years ago by (next)
Note:
See TracTickets
for help on using tickets.
Duplicate of #178.