SSL handshake failed with Nginx ubantu 10.0

Website, Application, Performance Security
, ,
1

I have Create SSL certificate using “Let’s Encrypt” in Ubantu 18.10 .i follow below documentation to create SSL certificate.

I have check SSL certificate was successfully created I have used below command to test it.

openssl verify chain.pem openssl verify -CAfile chain.pem cert.pem

I have also check ssl connection and its shows connected

openssl s_client -connect example.com:443 -servername example.com

Output

CONNECTED(00000005)

depth=2 C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root

verify return:1

depth=1 C = US, ST = CA, L = San Francisco, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-2

verify return:1

depth=0 C = US, ST = CA, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.Cloudflaressl.com

verify return:1

Nginx config file

server {
    listen         443 ssl;
    listen         [::]:443 default_server;
    # listen 443 ssl; 
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; 
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    server_name    example.com www.example.com;
    root           /var/www/html/example.com/public_html;
    
    location / {
        proxy_pass https://33.34.34.64:443;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
     }
}

But Site not working getting 525 error (SSL handshake failed).In Cloudflare ""Universal SSL is Active "

Anyone please suggest possible solution to fix this Issue?

Thanks

2

Please see if the following tip helps:

3

Hello ,
Thanks for your quick replay . I have checked all Tips .I have spend 6-7 hours on this issue still not able to fix it. Seems like there is issue with nginx conf file.

Thanks.

4

The connect parameter in your Openssl command should not contain the hostname but the IP address.

5

Hello,

I have chacked its working fine with host name
when i run openssl command i got below output

CONNECTED(00000005)

depth=2 C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root

verify return:1

depth=1 C = US, ST = CA, L = San Francisco, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-2

verify return:1

depth=0 C = US, ST = CA, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.Cloudflaressl.com

verify return:1

---

Certificate chain

 0 s:C = US, ST = CA, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.Cloudflaressl.com

i:C = US, ST = CA, L = San Francisco, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-2

 1 s:C = US, ST = CA, L = San Francisco, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-2

i:C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root

---

Server certificate

I think issue in Nignx config file .
Thanks

6

You still seem to connect to Cloudflare instead of your origin.

7

Yes Coludflare proxy is used Cloudflare connect with origin server.

8

I was referring to your Openssl call.

9

Okay but issue in nginx conf file.

Thanks

10

Nobody can say, it depends on what certificate you get. Considering Cloudflare returns an error you likely dont get a valid certificate and in that case, yes, it would be configuration issue.

11

I have used same method for apache server and its working fine.

12

This topic was automatically closed after 30 days. New replies are no longer allowed.