Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#1073 closed defect (duplicate)

no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking

Reported by: daniel.platt@… Owned by:
Priority: minor Milestone:
Component: other Version: 1.10.x
Keywords: Cc:
uname -a: Linux how-eco 3.13.0-52-generic #85-Ubuntu SMP Wed Apr 29 16:44:17 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: built with OpenSSL 1.0.2g-fips 1 Mar 2016
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_v2_module --with-http_sub_module --with-http_xslt_module --with-stream --with-stream_ssl_module --with-mail --with-mail_ssl_module --with-threads

Description

If I specify listen 80 ssl; , then whenever I try to access a hosted site using http, the only error that I see is:

no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: x.x.x.x, server: 0.0.0.0:80

The fix was removing ssl from the listen directive, however it was difficult to track down the mistake.
The desired outcome would be to flag this at configtest.

Example

server {
   listen 80 ssl;
   listen 443 ssl;
   listen [::]:443 ssl;

   server_name  example.com;

   root /var/www/html;

   access_log /var/log/nginx/....access.log;
   error_log  /var/log/nginx/....error.log error;

   index index.php;

   ssl_certificate /etc/letsencrypt/...;
   ssl_certificate_key /etc/letsencrypt/live/...;
   ...
}

Change History (2)

comment:1 by Maxim Dounin, 8 years ago

Resolution: duplicate
Status: newclosed

Duplicate of #178.

comment:2 by arasub@…, 8 years ago

If we use the AWS certificate manager and which is configured as part of the ELB, we are getting the same issue.

How to listen to the 443 with out configuring any certificate on the nginx?

thanks
arasu.b

Last edited 8 years ago by arasub@… (previous) (diff)
Note: See TracTickets for help on using tickets.