search

nystudio107 / nginx-craft

An Nginx virtual host configuration for Craft CMS that implements a number of best-practices.
MIT License
310 stars 37 forks source link

Forge Config Bug SSL #12

Closed davidhellmann closed 6 years ago

davidhellmann commented 6 years ago

This two lines seems to be wrong?

ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_trusted_certificate /etc/nginx/ssl/lets-encrypt-x3-cross-signed.pem;

I've changed it to:

ssl_dhparam /etc/nginx/dhparams.pem;
# ssl_trusted_certificate /etc/nginx/ssl/lets-encrypt-x3-cross-signed.pem; ### I removed it

The error code when I try to restart nginx:

forge@absolut /etc/nginx/nginx-partials $ sudo nginx -s reload
nginx: [emerg] SSL_CTX_load_verify_locations("/etc/nginx/ssl/lets-encrypt-x3-cross-signed.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/ssl/lets-encrypt-x3-cross-signed.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib)
khalwat commented 6 years ago

Not a bug.

So the ssl_dhparam Forge used to not provide, so the instructions tell you how to generate it. To keep it consistent with the rest of the package, I left it as-is.

The ssl_trusted_certificate is also correct, but you have to download it as per the instructions: https://github.com/nystudio107/nginx-craft#using-nginx-craft