Re: http_request_failed - cURL error 60: SSL certificate problem: unable to get local issuer certificate.
I know the correct way as you are saying but i have an extremely secure wordpress setup and most files are not in the public_html folder, there is a specific reason me and my friend did this. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,288085,288090#msg-288090 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: http_request_failed - cURL error 60: SSL certificate problem: unable to get local issuer certificate.
How do i go about doing this? Posted at Nginx Forum: https://forum.nginx.org/read.php?2,288085,288089#msg-288089 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: http_request_failed - cURL error 60: SSL certificate problem: unable to get local issuer certificate.
> location / { > rewrite .* https://www.dfwelectronicsrecycling.com/$1; > } Don't do that... The correct way when you want to redirect http to https would be: server { listen 80; server_name dfwelectronicsrecycling.com www.dfwelectronicsrecycling.com; access_log off; return 301 https://www.dfwelectronicsrecycling.com$request_uri; } ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: http_request_failed - cURL error 60: SSL certificate problem: unable to get local issuer certificate.
Your certificate chain is incomplete, and curl is complaining... https://www.ssllabs.com/ssltest/analyze.html?d=www.dfwelectronicsrecycling.com&hideResults=on You should add the Sectigo RSA Domain Validation Secure Server CA to your cert file, then it will probably be happy... ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: http_request_failed - cURL error 60: SSL certificate problem: unable to get local issuer certificate.
How did you generate your certificate at /etc/nginx/ssl/dfwelectronicsrecycling.com/dfwelectronicsrecycling.crt ? Is it a self-signed certificate or generated by LetsEncrypt or some other mechanism? IF it's self-signed this is Normal Behavior, you can override it with the `-k` flag/argument to Curl. If it's from a legitimate SSL provider then you aren't serving the certificate chain too. Thomas On 5/21/20 1:27 PM, finalturismo wrote: > So i have a few sites setup on my nginx web server and my ssl has been > working fine. > > Problem is iam getting a curl ssl error and iam not sure why? > > The error is as follows http_request_failed - cURL error 60: SSL certificate > problem: unable to get local issuer certificate. > > I never gotten any ssl errors before, besides this time when i went to > import demo data on a wordpress site? > > I need help as i need to get this site up by Friday. > > Here is my current nginx ssl configuration file > > server { > listen 80; > > > > root /tmp/ewtwtertert; > index index.html index.htm index.nginx-debian.html index.php; > server_name dfwelectronicsrecycling.com www.dfwelectronicsrecycling.com; > > location / { > rewrite .* https://www.dfwelectronicsrecycling.com/$1; > } > } > > server { > listen 443 ssl; > ssl_certificate > /etc/nginx/ssl/dfwelectronicsrecycling.com/dfwelectronicsrecycling.crt; > ssl_certificate_key > /etc/nginx/ssl/dfwelectronicsrecycling.com/dfwelectronicsrecycling.key; > ssl_protocols TLSv1 TLSv1.1 TLSv1.2; > ssl_prefer_server_ciphers on; > ssl_session_timeout 10m; > ssl_session_cache shared:SSL:10m; > ssl_ciphers 'kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 kEECDH+AES128 > kEECDH+AES256 kEDH+AES128 kEDH+AES256 DES-CBC3-SHA +SHA !aNULL !eNULL !LOW > !kECDH !DSS !MD5 !EXP !PSK !SRP !CAMELLIA !SEED'; > > root /var/www/dfwelectronicsrecycling.com/public_html; > index index.html index.htm index.php; > server_name dfwelectronicsrecycling.com www.dfwelectronicsrecycling.com; > > location / { > try_files $uri $uri/ /index.php?$args; > } > > # Include , Security and configuration files > # include /etc/nginx/sites-conf/dfwelectronicsrecycling.com/*; > > > location ~ \.php$ { > include snippets/fastcgi-php.conf; >fastcgi_pass unix:/var/run/php-fpm.socket; > } > > > > > location = /.well-known/pki-validation { > types {} > default_type text/html; > } > > > > > > } > > > > > Here is my nginx configuration file. > user nginx nginx; > worker_processes auto; > pid /run/nginx.pid; > #include /etc/nginx/modules-enabled/*.conf; > > > # BEGIN W3TC Page Cache cache > # END W3TC Page Cache cache > > events { > use epoll; > worker_connections 1024; > multi_accept on; > } > > > > http { > > > > ## > # Basic Settings > ## > > sendfile on; > tcp_nopush on; > tcp_nodelay on; > keepalive_timeout 15; > types_hash_max_size 2048; > # server_tokens off; > > # server_names_hash_bucket_size 64; > # server_name_in_redirect off; > client_max_body_size 120M; > client_body_buffer_size 1M; > > include /etc/nginx/mime.types; > default_type application/octet-stream; > > ## > # SSL Settings > ## > > ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE > ssl_prefer_server_ciphers on; > > ## > # Logging Settings > ## > > access_log /var/log/nginx/access.log; > error_log /var/log/nginx/error.log warn; > > ## > # Gzip Settings > ## > > gzip on; > gzip_disable "msie6"; > > gzip_vary on; > gzip_proxied any; > gzip_comp_level 6; > gzip_buffers 16 8k; > gzip_http_version 1.1; > gzip_types text/plain text/css application/json application/javascript > text/xml application/xml application/xml+rss text/javascript; > > ## > # Virtual Host Configs > ## > > > > > # included custom scripts > include /etc/nginx/conf.d/*.conf; > include /etc/nginx/sites-enabled/*; > > # error because this is in http {} directive. for redirecting you need > in > server {} directive > } > > Posted at Nginx Forum: > https://forum.nginx.org/read.php?2,288085,288085#msg-288085 > > ___ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
http_request_failed - cURL error 60: SSL certificate problem: unable to get local issuer certificate.
So i have a few sites setup on my nginx web server and my ssl has been working fine. Problem is iam getting a curl ssl error and iam not sure why? The error is as follows http_request_failed - cURL error 60: SSL certificate problem: unable to get local issuer certificate. I never gotten any ssl errors before, besides this time when i went to import demo data on a wordpress site? I need help as i need to get this site up by Friday. Here is my current nginx ssl configuration file server { listen 80; root /tmp/ewtwtertert; index index.html index.htm index.nginx-debian.html index.php; server_name dfwelectronicsrecycling.com www.dfwelectronicsrecycling.com; location / { rewrite .* https://www.dfwelectronicsrecycling.com/$1; } } server { listen 443 ssl; ssl_certificate /etc/nginx/ssl/dfwelectronicsrecycling.com/dfwelectronicsrecycling.crt; ssl_certificate_key /etc/nginx/ssl/dfwelectronicsrecycling.com/dfwelectronicsrecycling.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_session_timeout 10m; ssl_session_cache shared:SSL:10m; ssl_ciphers 'kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 kEECDH+AES128 kEECDH+AES256 kEDH+AES128 kEDH+AES256 DES-CBC3-SHA +SHA !aNULL !eNULL !LOW !kECDH !DSS !MD5 !EXP !PSK !SRP !CAMELLIA !SEED'; root /var/www/dfwelectronicsrecycling.com/public_html; index index.html index.htm index.php; server_name dfwelectronicsrecycling.com www.dfwelectronicsrecycling.com; location / { try_files $uri $uri/ /index.php?$args; } # Include , Security and configuration files # include /etc/nginx/sites-conf/dfwelectronicsrecycling.com/*; location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php-fpm.socket; } location = /.well-known/pki-validation { types {} default_type text/html; } } Here is my nginx configuration file. user nginx nginx; worker_processes auto; pid /run/nginx.pid; #include /etc/nginx/modules-enabled/*.conf; # BEGIN W3TC Page Cache cache # END W3TC Page Cache cache events { use epoll; worker_connections 1024; multi_accept on; } http { ## # Basic Settings ## sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 15; types_hash_max_size 2048; # server_tokens off; # server_names_hash_bucket_size 64; # server_name_in_redirect off; client_max_body_size 120M; client_body_buffer_size 1M; include /etc/nginx/mime.types; default_type application/octet-stream; ## # SSL Settings ## ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; ## # Logging Settings ## access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log warn; ## # Gzip Settings ## gzip on; gzip_disable "msie6"; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_buffers 16 8k; gzip_http_version 1.1; gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; ## # Virtual Host Configs ## # included custom scripts include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; # error because this is in http {} directive. for redirecting you need in server {} directive } Posted at Nginx Forum: https://forum.nginx.org/read.php?2,288085,288085#msg-288085 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx