• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

I accidentally modified my original domain.crt Now nginx doesn't start

RoldanLT

Well-known member
#1
How can I fix this? :(
Code:
nginx: [emerg] SSL_CTX_use_PrivateKey_file("/usr/local/nginx/conf/ssl/phcornernet/www_phcorner_net.key") fail                      ed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
 

Null

Well-known member
#2
If you don't have it backed up somewhere, you'd have to ask the people you bought the SSL certificate from. They should have a copy of your signed certified.

If you've lost your key, you need to generate a new CSR and see if your SSL provider will reissue a certificate (most do).

Code:
openssl req -new -newkey rsa:2048 -nodes -keyout www.example.com.key -out www.example.com.csr
 
Last edited:

p4guru

Well-known member
#3
As you're using Centmin Mod http://centminmod.com/nginx.html, every time you update your Nginx version, an automatic backup of your full nginx directory is created including nginx/conf/ssl directory.

You can find your automatic backups at /usr/local/nginxbackup ;)

i.e. /usr/local/nginxbackup/confbackup/conf_datetimestamp folder is backup of your /usr/local/nginx/conf directory and subdirectories

Automatic Nginx Config Backup
Nginx upgrade process will also backup your existing Nginx conf directory and file via 3 options in centmin.sh: NGINXBACKUP='y', NGINXCONFDIR='/usr/local/nginx/conf', NGINXBACKUPDIR='/usr/local/nginxbackup'. You will find backups of previous Nginx versions in timestamped directories located within /usr/local/nginxbackup.
 

RoldanLT

Well-known member
#4
As you're using Centmin Mod http://centminmod.com/nginx.html, every time you update your Nginx version, an automatic backup of your full nginx directory is created including nginx/conf/ssl directory.

You can find your automatic backups at /usr/local/nginxbackup ;)

i.e. /usr/local/nginxbackup/confbackup/conf_datetimestamp folder is backup of your /usr/local/nginx/conf directory and subdirectories
WoW let me scan this.
Thanks for pointing this out, didn't know this before (y)

I am using Startssl temporarily :D
 

RoldanLT

Well-known member
#8
Thanks!
Now How can I fix this?
upload_2014-1-17_7-37-28.png

This is my config:
Code:
server {
    server_name phcorner.net www.phcorner.net;
    return 301 https://www.phcorner.net$request_uri;
}

server {
    listen 192.99.1.216:443 ssl spdy default_server;
    server_name www.phcorner.net;

     ssl_certificate /usr/local/nginx/conf/ssl/phcorner_net/ssl-unified.crt;
        ssl_certificate_key /usr/local/nginx/conf/ssl/phcorner_net/www_phcorner_net.key;
        ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        ssl_session_cache shared:SSL:10m;
        ssl_session_timeout  10m;
        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!kEDH:!EDH:!CAMELLIA;
        ssl_prefer_server_ciphers  on;
        add_header Alternate-Protocol 443:npn-spdy/2;
        # enable ocsp stapling
        # resolver 8.8.8.8;
        # ssl_stapling on;

    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /usr/local/nginx/conf/ssl/phcorner_net/ssl-trusted.crt;
    resolver 8.8.8.8 8.8.4.4 valid=10m;
    resolver_timeout 10s;
   
  # custom added
  add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
  add_header  X-Content-Type-Options "nosniff";
  add_header X-Frame-Options DENY;

  # logs
  access_log /home/nginx/domains/phcorner.net/log/access.log combined buffer=32k;
  error_log /home/nginx/domains/phcorner.net/log/error.log;

  root /home/nginx/domains/phcorner.net/public;

  # block common exploits, sql injections etc
  include /usr/local/nginx/conf/block.conf;

  # Start XenForo
  location / {
        index index.php index.html index.htm;
        try_files $uri $uri/ /index.php?$uri&$args;
        }

        location /internal_data/ {
        internal;
        allow 127.0.0.1;
        deny all;
        }

        location /library/ {
        internal;
        allow 127.0.0.1;
        deny all;
        }
        location = /data/taigachat/ {
     open_file_cache off;
        }   
  # End Xenforo

  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/drop.conf;
}