0

So nginx-1.15.9 was released very recently with the following change:

Feature: variables support in the "ssl_certificate" and "ssl_certificate_key" directives.

I setup an instance with multiple domains pointing to the following server block. I am using dehydrated to generate the certs automatically and in their own respective folders.

However, despite trying several variations and googling for various solutions, I am not having any success in having the variables in the "ssl_certificate" and "ssl_certificate_key" directives being recognised.

  • Have verified that the certs are generated correctly (with fullchain.pem and privkey.pem)
  • The error I'm getting from navigating to the https URL directly: Secure Connection Failed
  • https works perfectly if I update the "$server_name" to the actual domain folder containing the certs

Appreciate if someone could take a look at my server block to identify what I'm doing wrong or point me in the correct direction. Thank you.

server { listen 80 default_server; listen [::]:80 default_server; listen 443 ssl default_server; listen [::]:443 ssl default_server; root /var/www/html; index index.php index.html index.htm; server_name _; # ssl on; ssl_certificate /etc/dehydrated/certs/$server_name/fullchain.pem; ssl_certificate_key /etc/dehydrated/certs/$server_name/privkey.pem; location / { try_files $uri $uri/ =404; } location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/run/php/php7.2-fpm.sock; fastcgi_index index.php; include fastcgi_params; } location ~ /\.ht { deny all; } }
Improve this question
7
  • 1
    What's in the error log? Commented Mar 5, 2019 at 4:01
  • Ah I should have thought of checking the error log to see the output. The error is it not being able to load the certificate. $server_name simply outputs a blank. I just can't figure out what $variable to specify the current domain. I've already tried $uri and $hostname, both not giving the desired output. Commented Mar 5, 2019 at 4:13
  • You should probably read this. Commented Mar 5, 2019 at 4:17
  • Thanks for the link Michael. I'm actually referring to this list but I've tried $host, $server_name, $http_host to no avail. Am I not understanding them correctly but I can't seem to find the $variable to specify the actual current domain name being served. Commented Mar 5, 2019 at 4:23
  • $host should be it. I wouldn't expect $server_name to be useful, since you aren't likely to have a certificate named _. Maybe this feature doesn't actually work yet? Commented Mar 5, 2019 at 4:26

1 Answer 1

Reset to default
-1

Make sure you are using $ssl_server_name instead of $server_name and that Nginx has read-access to your certificates.

I've made a full write up using LetsEncrypt. In your case it would look like this:

server { listen 80 default_server; listen [::]:80 default_server; listen 443 ssl default_server; listen [::]:443 ssl default_server; root /var/www/html; index index.php index.html index.htm; server_name _; # ssl on; ssl_certificate /etc/dehydrated/certs/$ssl_server_name/fullchain.pem; ssl_certificate_key /etc/dehydrated/certs/$ssl_server_name/privkey.pem; location / { try_files $uri $uri/ =404; } location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/run/php/php7.2-fpm.sock; fastcgi_index index.php; include fastcgi_params; } location ~ /\.ht { deny all; } }
Improve this answer
3
  • Is that the only variable name that is supported? Commented Mar 11, 2019 at 18:32
  • I believe there is more, but it's the only one I've been able to get dynamically. Commented Mar 11, 2019 at 20:07
  • Doesn't work for me. It tells it cannot find the file. Commented Jan 21, 2022 at 20:54

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.