Ronan Lopes Ronan Lopes - 1 year ago 229
Apache Configuration Question

NGINX HTTPS Server - SSL_ERROR_BAD_CERT_DOMAIN

I have a NGINX server running on an EC2 instance, and I'm implementing HTTPS on that server. I generated the SSL Certificate on another site and put it on my server. Restarted the server and it still runs all right, but got two problems (my domain is hbesco.com.br, and that's the common name I put for the certificate request):

It doesn't enter as HTTPS as default, it goes for HTTP. Also, if I force it like https://hbesco.com.br, it goes ok. But for https://www.hbesco.com.br, it gives me the following error:

Unable to communicate securely with peer: requested domain name does not match the server’s certificate. HTTP Strict Transport Security: false HTTP Public Key Pinning: false Certificate chain: -----BEGIN CERTIFICATE----- (...)

My NGINX sites-available/default is set as bellow:

server {
listen 443 default_server;

ssl on;
ssl_certificate /usr/share/nginx/certificado-2048/CertificadoSSL.crt;
ssl_certificate_key /usr/share/nginx/certificado-2048/CertificadoSSL.key;

server_name hbesco.com.br;
passenger_enabled on;
rails_env production;
root /home/ubuntu/hybrazil/current/public;

# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}

server {
listen 80;

server_name hbesco.com.br;
passenger_enabled on;
rails_env production;
root /home/ubuntu/hybrazil/current/public;

# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}


Any ideas on why when I type "hbesco.com.br" it goes for http first, and why when it has www before, it gives me that error?

Answer Source

It doesn't enter as HTTPS as default, it goes for HTTP

You need to add a rewrite rule to force visitors to be redirected from http to https:

server {
        listen 80;
        server_name hbesco.com.br;
        rewrite     ^   https://$server_name$request_uri? permanent;
}

Unable to communicate securely with peer: requested domain name does not match the server’s certificate.

This means that only hbesco.com.br is listed in certificate. You can check it with any ssl checker.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download