Close
Menu
Nginx no “ssl_certificate” is defined in server listening on SSL port while SSL handshaking

Nginx no “ssl_certificate” is defined in server listening on SSL port while SSL handshaking

, , , , 0

Chances are this is not the first website you’ve come to after breaking SSL on your Nginx box, but I promise it will be the last. The problem is actually a very simple one, and the Nginx error log tells you verbatim what is wrong with the config, although nginx -t will yield success. Nginx reads and runs the sites in alphabetical order, therefore this issue can be fixed by finding and fixing the site config which is listening on port 443 and using SSL without the required certificate and key declaration which is causing your site further down the alphabetical line to fail HTTPS. In my case, it was an Nginx site config called stub_status.conf causing SSL to fail in blog.travisrunyard.us.conf even though I did have SSL correctly setup.

 /etc/nginx/sites-enabled/stub_status.conf: listen *:443 ssl;
 /etc/nginx/sites-enabled/blog.travisrunyard.us.conf: listen [::]:443 ssl;
 /etc/nginx/sites-enabled/blog.travisrunyard.us.conf: listen 443 ssl;
 /etc/nginx/sites-enabled/blog.travisrunyard.us.conf: listen [::]:443 ssl;
 /etc/nginx/sites-enabled/blog.travisrunyard.us.conf: listen 443 ssl;

If you see this in your error log, continue to the next step.

2017/06/11 12:46:36 [error] 4138#4138: *1 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 10.10.10.66, server: 0.0.0.0:443
2017/06/11 12:46:36 [error] 4138#4138: *2 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 10.10.10.66, server: 0.0.0.0:443
2017/06/11 12:46:36 [error] 4138#4138: *3 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 10.10.10.66, server: 0.0.0.0:443
2017/06/11 12:46:36 [error] 4138#4138: *4 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 10.10.10.66, server: 0.0.0.0:443
2017/06/11 12:46:37 [error] 4138#4138: *5 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 10.10.10.66, server: 0.0.0.0:443

Search Nginx site config files for port 443 with and without SSL and ensure the line is not commented out.

egrep -iR '.*443|443.*ssl|ssl.*443' /etc/nginx/sites-enabled/ | egrep -v '^*\#'

This should have provided you a list of all of the configs which are meant to be SSL enabled. Visit each and every config file in this list starting at the top and make sure that it is setup correctly with at least the server certificate and private key declarations needed for SSL to function:

ssl_certificate cert.pem;
ssl_certificate_key privkey.pem;

If you have any questions or comments please leave them below.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *