1

User must verify their email address so I use laravel email verification.

I configured the project on Ubuntu20.04 and with nginx. Verification link works when I use let's encrypt certificate.

I followed all the steps and configured cloudflare and I followed digitalocean tutorial for adding cloudflare ssl certificate.

This is the nginx configuration for domain

server {
        listen 80;
        listen [::]:80;
        server_name ishtap.az www.ishtap.az;
        return 302 https://$server_name$request_uri;
}

server {
        # listen 80;

        # ssl(created in cloudflare) configuration follwing digitalocean tutorial
        # https://www.digitalocean.com/community/tutorials/how-to-host-a-website-using-cloudflare-and-nginx-on-ubuntu-20-04
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        ssl_certificate /etc/ssl/cert.pem;
        ssl_certificate_key /etc/ssl/key.pem;
        ssl_client_certificate /etc/ssl/cloudflare.crt;
        ssl_verify_client on;

        server_name ishtap.az www.ishtap.az;
        root /var/www/ishtap.az/public;

        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Content-Type-Options "nosniff";

        index index.php;

        charset utf-8;

        location / {
                try_files $uri $uri/ /index.php?$query_string;
        }

        location = /favicon.ico { access_log off; log_not_found off; }
        location = /robots.txt  { access_log off; log_not_found off; }

        error_page 404 /index.php;

        location ~ \.php$ {
                fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
                fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
                include fastcgi_params;
        }

        location ~ /\.(?!well-known).* {
                deny all;
        }

        # listen 443 ssl; # managed by Certbot
        # ssl_certificate /etc/letsencrypt/live/ishtap.az/fullchain.pem; # managed by Certbot
        # ssl_certificate_key /etc/letsencrypt/live/ishtap.az/privkey.pem; # managed by Certbot
        # include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        # ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

So when I click email verification link I get error in the attached image. If cloudflare paused it works no problem but at some route like where you input sensitive data like password chrome not makes request and throws "your connection to this site is not fully secured"

enter image description here

Ozal Zarbaliyev
  • 566
  • 6
  • 22

2 Answers2

0

In this case, you will have to repair the certificate since the certificate chain is unable to see where is the exact location or the cert is unable to be decrypted. In other words, you can use this tool

To use this tool, you will have to use a Windows machine.

This tool is from DigiCert, you can open it and you can click on SSL, and you can select the cert and click on repair. Also, you can create a new CSR, and you can reissue the cert once again to be able to upload it one more time to your server.

Let me know if you have any other questions or concerns, and I would be more than happy to help you.

Hvaandres
  • 755
  • 2
  • 12
  • 39
0

The email verification notification is sent in queue and I use supervisor in ubuntu. I find out that there is something wrong with laravel .env file This is the steps:

  • fixed APP_URL in .env file to https version of domain
  • php artisan cache:clear
  • php artisan config:clear
  • sudo systemctl reload nginx
  • php artisan config:cache
  • supervisorctl restart all restarts all workers
Ozal Zarbaliyev
  • 566
  • 6
  • 22