28

I am trying to configure nginx server for my website. I am using the following code to configure my server. It works if I add default_server for my www.fastenglishacademy.fr (443) server block.

But in that case, All my subdomains also brings the content of www.fastenglishacademy.fr

And if I remove the default_server, I get the following error:

nginx: [emerg] no "ssl_certificate" is defined for the "listen ... ssl" directive in /etc/nginx/sites-enabled/fastenglishacademy.fr.conf:14
nginx: configuration file /etc/nginx/nginx.conf test failed

My nginx configuration codes:

server {
        listen 80;
        listen [::]:80;
        server_name fastenglishacademy.fr;
        return 301 https://www.fastenglishacademy.fr$request_uri;
}
server {
        listen 80;
        listen [::]:80;
        server_name www.fastenglishacademy.fr;
        return 301 https://www.fastenglishacademy.fr$request_uri;
}

server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        server_name fastenglishacademy.fr;
        return 301 https://www.fastenglishacademy.fr$request_uri;
}

server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        root /media/fea/www/fastenglishacademy.com;
        index index.html index.htm index.nginx-debian.html;
        server_name www.fastenglishacademy.fr;
        location / {
            etag on;
            try_files $uri$args $uri$args/ /index.html;
        }

        location ~* \.(jpg|jpeg|png|gif|ico|ttf|woff2|woff|svg)$ {
                expires 365d;
        }
        location ~* \.(css|js)$ {
                expires 30d;
        }

        location ~*  \.(pdf)$ {
                expires 15d;
        }
        #WARNING: Please read before adding the lines below!
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
        add_header X-Frame-Options DENY;
        add_header X-Content-Type-Options nosniff;

        # SSL Certificates
        ssl_certificate /path/to/fullchain.pem;
        ssl_certificate_key /path/to/privkey.pem;
        ssl_trusted_certificate /path/to/chain.pem;
}

My links:

https://www.fastenglishacademy.fr/

https://api.fastenglishacademy.fr/

Ahsan Aasim
  • 1,177
  • 3
  • 14
  • 40
  • 2
    The third `server` block specifies an `ssl` server, but does not specify which certificate to use. As a minimum, you need to copy the `ssl_certificate` and `ssl_certificate_key` statements from the fourth `server` block, or move those statements outside both `server` blocks. See [this document](http://nginx.org/en/docs/http/configuring_https_servers.html) – Richard Smith Jun 19 '19 at 13:42

2 Answers2

33

Your server section is missing ssl_certificate and ssl_certificate_key declarations.

You need to have a .crt and a .key file to run with ssl.

It should looks like

server {

  listen 80;

  listen 443 default_server ssl;
  ssl_certificate /etc/nginx/certs/default.crt;
  ssl_certificate_key /etc/nginx/certs/default.key;

  ... other declarations

}
Tiago Gouvêa
  • 15,036
  • 4
  • 75
  • 81
-6

Had the same problem. Adding directive

ssl on;

solved my problem.

  • My practice:When config `ssl_certificate` in `server`, need `sss on;`. When config `ssl_certificate` in `http`, no need `sss on;`. – RJ.Hwang Oct 25 '21 at 06:48