Nginx, Apache, SSL and signed by an unknown certifying authority

Share this post:

We just moved a whole bunch of servers to a new hosting center and moved from CentOS to Ubuntu (server) and Apache to Nginx (more on this in a later blog post).

While we migrated mostly everything without problems we were confronted with the problem that our SSL certificate gave us an error message of the form:

“The certificate for this website was signed by an unknown certifying authority”

This was rather strange because the same certificate worked with Apache just fine. After some time and searching for a solution we found that we had to tell Nginx to use the SSL Chain file as well. The only problem is that Nginx does not have a explicit parameter like Apache has. In Apache the SSL config looks like this (we use a GoDaddy certificate):

SSLEngine On
SSLCertificateFile /etc/httpd/ssl/youcert.crt
SSLCertificateKeyFile /etc/httpd/ssl/yourkey.key
SSLCertificateChainFile /etc/httpd/ssl/gd_bundle.crt

Now, in order to get this working in Nginx you need to append the “gd_bundle.crt” to your crt file, which is quite simple with the following commands (do a backup of any files before doing this!):

cat gd_bundle.crt >> yourcert.crt

Then simply restart Ngnix and all is back to normal (but just really faster with Nginx then with anything else:-) ).

Over 10 years in business.

Self-funded. No investors. No bullshit.

More than 3,000 customers worldwide.

Helpmonks - no bullshit customer engagement service

Growth starts with action

Empower your team and delight your customers.

Helpmonks - email management for small businesses