Author Topic: Trouble installing SSL from Comodo [Nginx Failed]  (Read 381 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Trouble installing SSL from Comodo [Nginx Failed]
« on: June 24, 2018, 05:14:44 PM »
Hi Admin and all members.

I'm using CWP Pro, but I'm having trouble installing SSL from comodo. all goes well and problems come when I use webserver (Apache & Varnish Cache & Nginx Reverse Proxy) this mode does not match with SSL.

Problem: Nginx Failed when installing PRIVATE KEY, Certificate and CA Bundle.

Please help me. Thank you.

Offline
*
Re: Trouble installing SSL from Comodo [Nginx Failed]
« Reply #1 on: August 12, 2018, 04:26:31 PM »
Hi, Just letting you know that we ran into the same issue at Carbon Hosting for a client.

We had the issue with Comodo EV.

Even after following this guide at https://www.namecheap.com/support/knowledgebase/article.aspx/9771/2238/apache-error-x509checkprivatekeykey-values-mismatch

My solution was to take the web server back to only Apache. (It was Apache, Nginx, Varnish)

Install the cert using the /admin/index.php?module=ssl_certificate "Manual Install"
I copied in the cert and private key, clicked on generate Intermediate certificates.
Checking that this worked, rebuild the server as Apache, Nginx, Varnish

Also you may want to edit the master vhost template to remove TLSv1 (/admin/index.php?module=vhost_tpl)
CWP Configuration Templates for nginx_proxy_vhost_ssl

ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;

Save and rebuild the vhost

Now test your domain using https://www.ssllabs.com/ssltest/analyze.html

Regards
Carbon Hosting