Re: http_request_failed - cURL error 60: SSL certificate problem: unable to get local issuer certificate.
I know the correct way as you are saying but i have an extremely secure wordpress setup and most files are not in the public_html folder, there is a specific reason me and my friend did this. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,288085,288090#msg-288090 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: http_request_failed - cURL error 60: SSL certificate problem: unable to get local issuer certificate.
How do i go about doing this? Posted at Nginx Forum: https://forum.nginx.org/read.php?2,288085,288089#msg-288089 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: http_request_failed - cURL error 60: SSL certificate problem: unable to get local issuer certificate.
> location / {
> rewrite .* https://www.dfwelectronicsrecycling.com/$1;
> }
Don't do that...
The correct way when you want to redirect http to https would be:
server {
listen 80;
server_name dfwelectronicsrecycling.com www.dfwelectronicsrecycling.com;
access_log off;
return 301 https://www.dfwelectronicsrecycling.com$request_uri;
}
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Re: http_request_failed - cURL error 60: SSL certificate problem: unable to get local issuer certificate.
Your certificate chain is incomplete, and curl is complaining... https://www.ssllabs.com/ssltest/analyze.html?d=www.dfwelectronicsrecycling.com&hideResults=on You should add the Sectigo RSA Domain Validation Secure Server CA to your cert file, then it will probably be happy... ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: http_request_failed - cURL error 60: SSL certificate problem: unable to get local issuer certificate.
How did you generate your certificate at
/etc/nginx/ssl/dfwelectronicsrecycling.com/dfwelectronicsrecycling.crt ?
Is it a self-signed certificate or generated by LetsEncrypt or some
other mechanism? IF it's self-signed this is Normal Behavior, you can
override it with the `-k` flag/argument to Curl. If it's from a
legitimate SSL provider then you aren't serving the certificate chain too.
Thomas
On 5/21/20 1:27 PM, finalturismo wrote:
> So i have a few sites setup on my nginx web server and my ssl has been
> working fine.
>
> Problem is iam getting a curl ssl error and iam not sure why?
>
> The error is as follows http_request_failed - cURL error 60: SSL certificate
> problem: unable to get local issuer certificate.
>
> I never gotten any ssl errors before, besides this time when i went to
> import demo data on a wordpress site?
>
> I need help as i need to get this site up by Friday.
>
> Here is my current nginx ssl configuration file
>
> server {
> listen 80;
>
>
>
> root /tmp/ewtwtertert;
> index index.html index.htm index.nginx-debian.html index.php;
> server_name dfwelectronicsrecycling.com www.dfwelectronicsrecycling.com;
>
> location / {
> rewrite .* https://www.dfwelectronicsrecycling.com/$1;
> }
> }
>
> server {
> listen 443 ssl;
> ssl_certificate
> /etc/nginx/ssl/dfwelectronicsrecycling.com/dfwelectronicsrecycling.crt;
> ssl_certificate_key
> /etc/nginx/ssl/dfwelectronicsrecycling.com/dfwelectronicsrecycling.key;
> ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
> ssl_prefer_server_ciphers on;
> ssl_session_timeout 10m;
> ssl_session_cache shared:SSL:10m;
> ssl_ciphers 'kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 kEECDH+AES128
> kEECDH+AES256 kEDH+AES128 kEDH+AES256 DES-CBC3-SHA +SHA !aNULL !eNULL !LOW
> !kECDH !DSS !MD5 !EXP !PSK !SRP !CAMELLIA !SEED';
>
> root /var/www/dfwelectronicsrecycling.com/public_html;
> index index.html index.htm index.php;
> server_name dfwelectronicsrecycling.com www.dfwelectronicsrecycling.com;
>
> location / {
> try_files $uri $uri/ /index.php?$args;
> }
>
> # Include , Security and configuration files
> # include /etc/nginx/sites-conf/dfwelectronicsrecycling.com/*;
>
>
> location ~ \.php$ {
> include snippets/fastcgi-php.conf;
>fastcgi_pass unix:/var/run/php-fpm.socket;
> }
>
>
>
>
> location = /.well-known/pki-validation {
> types {}
> default_type text/html;
> }
>
>
>
>
>
> }
>
>
>
>
> Here is my nginx configuration file.
> user nginx nginx;
> worker_processes auto;
> pid /run/nginx.pid;
> #include /etc/nginx/modules-enabled/*.conf;
>
>
> # BEGIN W3TC Page Cache cache
> # END W3TC Page Cache cache
>
> events {
> use epoll;
> worker_connections 1024;
> multi_accept on;
> }
>
>
>
> http {
>
>
>
> ##
> # Basic Settings
> ##
>
> sendfile on;
> tcp_nopush on;
> tcp_nodelay on;
> keepalive_timeout 15;
> types_hash_max_size 2048;
> # server_tokens off;
>
> # server_names_hash_bucket_size 64;
> # server_name_in_redirect off;
> client_max_body_size 120M;
> client_body_buffer_size 1M;
>
> include /etc/nginx/mime.types;
> default_type application/octet-stream;
>
> ##
> # SSL Settings
> ##
>
> ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
> ssl_prefer_server_ciphers on;
>
> ##
> # Logging Settings
> ##
>
> access_log /var/log/nginx/access.log;
> error_log /var/log/nginx/error.log warn;
>
> ##
> # Gzip Settings
> ##
>
> gzip on;
> gzip_disable "msie6";
>
> gzip_vary on;
> gzip_proxied any;
> gzip_comp_level 6;
> gzip_buffers 16 8k;
> gzip_http_version 1.1;
> gzip_types text/plain text/css application/json application/javascript
> text/xml application/xml application/xml+rss text/javascript;
>
> ##
> # Virtual Host Configs
> ##
>
>
>
>
> # included custom scripts
> include /etc/nginx/conf.d/*.conf;
> include /etc/nginx/sites-enabled/*;
>
> # error because this is in http {} directive. for redirecting you need
> in
> server {} directive
> }
>
> Posted at Nginx Forum:
> https://forum.nginx.org/read.php?2,288085,288085#msg-288085
>
> ___
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
http_request_failed - cURL error 60: SSL certificate problem: unable to get local issuer certificate.
So i have a few sites setup on my nginx web server and my ssl has been
working fine.
Problem is iam getting a curl ssl error and iam not sure why?
The error is as follows http_request_failed - cURL error 60: SSL certificate
problem: unable to get local issuer certificate.
I never gotten any ssl errors before, besides this time when i went to
import demo data on a wordpress site?
I need help as i need to get this site up by Friday.
Here is my current nginx ssl configuration file
server {
listen 80;
root /tmp/ewtwtertert;
index index.html index.htm index.nginx-debian.html index.php;
server_name dfwelectronicsrecycling.com www.dfwelectronicsrecycling.com;
location / {
rewrite .* https://www.dfwelectronicsrecycling.com/$1;
}
}
server {
listen 443 ssl;
ssl_certificate
/etc/nginx/ssl/dfwelectronicsrecycling.com/dfwelectronicsrecycling.crt;
ssl_certificate_key
/etc/nginx/ssl/dfwelectronicsrecycling.com/dfwelectronicsrecycling.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_ciphers 'kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 kEECDH+AES128
kEECDH+AES256 kEDH+AES128 kEDH+AES256 DES-CBC3-SHA +SHA !aNULL !eNULL !LOW
!kECDH !DSS !MD5 !EXP !PSK !SRP !CAMELLIA !SEED';
root /var/www/dfwelectronicsrecycling.com/public_html;
index index.html index.htm index.php;
server_name dfwelectronicsrecycling.com www.dfwelectronicsrecycling.com;
location / {
try_files $uri $uri/ /index.php?$args;
}
# Include , Security and configuration files
# include /etc/nginx/sites-conf/dfwelectronicsrecycling.com/*;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php-fpm.socket;
}
location = /.well-known/pki-validation {
types {}
default_type text/html;
}
}
Here is my nginx configuration file.
user nginx nginx;
worker_processes auto;
pid /run/nginx.pid;
#include /etc/nginx/modules-enabled/*.conf;
# BEGIN W3TC Page Cache cache
# END W3TC Page Cache cache
events {
use epoll;
worker_connections 1024;
multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 15;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
client_max_body_size 120M;
client_body_buffer_size 1M;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log warn;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript
text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
# included custom scripts
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
# error because this is in http {} directive. for redirecting you need
in
server {} directive
}
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,288085,288085#msg-288085
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
