Some SSL provider generates intermedia.crt root.crt and domain cert in 2 different files, when configure nginx 3 things need to happen first.
- cat domain > itermedia > root certs into one cert
- open the newly created file, make sure -----END CERTIFICATE----------BEGIN CERTIFICATE----- is not happening. if so, create new line
- if you still cannot start nginx , do this sudo setenforce 0
# in my case cat certificate.crt ca_bundle.crt >> ssl-bundle.crt #open file and edit it nano ssl-bundle.crt # find -----END CERTIFICATE----------BEGIN CERTIFICATE----- # make sure they are like this -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- # update your nginx.config file with newly created ssl-bundle.crt # at last sudo setenforce 0 sudo nginx -t sudo systemctl restart nginx
Funny thing is , if you provide only the domain crt in the nginx config file, browser would not complain. But if u do a curl or postman to the server. it complains that no root certs found. Better off using letsencrypt. I encounter this extra steps with a paid certs.