: Trouble replacing old SSL certificate on Nginx Disclaimer: This is my first ProWebmasters post. I thought this would be an appropriate place for this question but if it is not I'm happy to
Disclaimer: This is my first ProWebmasters post. I thought this would be an appropriate place for this question but if it is not I'm happy to remove it.
We use SSL For Free for our business site. We got the original certificate 95 days ago- and it expired 5 days ago. I am having trouble replacing the expired certificate.
The Nginx server is rebuilt once every 24 hours, pulling from the master branch on my Git Lab repository. The VM instance gets destroyed and replaced by a new one with a startup script that assembles and configures Nginx using the contents of the Git repository, including the SSL certificates.
When I updated the certificate and downloaded the root certificate and intermediate bundle and private key, I simply replaced the old certificates in the repository and rebuilt the web servers.
For some reason the website still uses the expired certificate days after replacing it.
This is very strange to me because the web server shouldn't have any trace of the old certificate, since they are rebuilt from a blank Ubuntu image and then pull the latest contents from Git.
I ran openssl x509 -in certificate.crt -text -noout on the certificates located in /var/www/ssl/ and confirmed that they are in-fact the new certificates.
This is the Nginx server config:
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
server_name foobar.com foobar.com;
ssl_certificate /var/www/ssl/chained.crt;
ssl_certificate_key /var/www/ssl/private.key;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-EC$
ssl_prefer_server_ciphers on;
ssl_dhparam /var/www/ssl/dhparams.pem;
root /var/www/html;
location / {
if ($http_x_forwarded_proto = "http") {
return 301 $host$request_uri; }
if ($request_uri ~ ^/(.*).html$) {
return 301 /;
}
try_files $uri $uri.html $uri/ /404;
}
}
Any ideas on what could be causing this? Thanks!
(I've already tried clearing my Chrome SSL Cache)
(SSLLabs shows that the site still uses the old certificate, but that other than the certificate being expired, nothing else is wrong with it)
More posts by @Sent6035632
1 Comments
Sorted by latest first Latest Oldest Best
I did some more digging and, as expected, the issue was not with the Nginx server or the VM it is hosted on. I neglected to update the certificate used by our HTTP Load Balancer, so even though the servers were using the new certificate, the forwarder still had the old one which was causing the warnings.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.