Join the community today
Register Now

SSL Coverting to https

Discussion in 'Domains, DNS, Email & SSL Certificates' started by Tythus, Aug 11, 2014.

  1. Tythus

    Tythus Member

    61
    9
    8
    Aug 6, 2014
    Ratings:
    +12
    Local Time:
    8:06 PM
    I was wanting to convert my website to https only and was just feeling a little out of my depth as I have never done that before would anyone beable to recommend a good SSL provider who is reasonable in cost and how I would go about changing my settings to make it work?
    hastebin
    Is my current nginx setup please poke me if there is any other issue ^_^'

     
  2. rdan

    rdan Well-Known Member

    5,439
    1,398
    113
    May 25, 2014
    Ratings:
    +2,187
    Local Time:
    3:06 AM
    Mainline
    10.2
  3. eva2000

    eva2000 Administrator Staff Member

    53,488
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,671
    Local Time:
    5:06 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  4. Tythus

    Tythus Member

    61
    9
    8
    Aug 6, 2014
    Ratings:
    +12
    Local Time:
    8:06 PM
    @eva2000 in SSL Certificates - which do you use and how much ? you mentioned you were a re-seller has this idea come to fruition?
    also I'm a little confused with the nginx side of things still a bit confused I just plop this in right? naturally with changed ssl pointers but sameold.

    Also on a side note I'm having issues posting here I need to hard reload every time I load a page to post on it and it's getting on my nerves.
    Before: Gyazo - 638aada5fb703a4ccd0d2fe78c442ff5.png
    After: Gyazo - 5245c00f3b9a64cd406a8bf03c296af5.png
     
  5. eva2000

    eva2000 Administrator Staff Member

    53,488
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,671
    Local Time:
    5:06 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  6. Tythus

    Tythus Member

    61
    9
    8
    Aug 6, 2014
    Ratings:
    +12
    Local Time:
    8:06 PM
    oh I just checked my openssl and it looks like a vulnerable implementation although the main reason for me going SSL is for spdy I was wondering how I would upgrade the openssl implementation? (I'm on 6.5 atm)

    also my main issue is someone tries to connect via The Lord of the Craft - #1 Minecraft Roleplaying Server will it still redirect? to https?
     
  7. eva2000

    eva2000 Administrator Staff Member

    53,488
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,671
    Local Time:
    5:06 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    2 how to update OpenSSL threads which is a 2 step process for Centmin Mod Ngixn static compiled OpenSSL update and then System OpenSSL update.
    Redirect is configured as per Nginx HTTPS / SSL Google SPDY configuration with first part of the vhost being

    Code:
    server {
      server_name domain.com www.domain.com;
      return 301 https://$server_name$request_uri;
    
    }
     
  8. Tythus

    Tythus Member

    61
    9
    8
    Aug 6, 2014
    Ratings:
    +12
    Local Time:
    8:06 PM

    everything has gone well except I'm getting an error with the certificate I think I haven't merged them correctly but I'm unsure what I did wrong BTW I am using a startssl class 2 cert

    Code:
    # service nginx restart
    nginx: [emerg] PEM_read_bio_X509_AUX("/usr/local/nginx/conf/ssl/lordofthecraftnet/ssl-unified.crt") failed (SSL: error:0906D066:PEM routines:PEM_read_bio:bad end line)
    nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
    

    Ignore me fixed it now :3
     
    Last edited: Aug 12, 2014
  9. eva2000

    eva2000 Administrator Staff Member

    53,488
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,671
    Local Time:
    5:06 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    what was the fix for other readers benefit ? :)
     
  10. Tythus

    Tythus Member

    61
    9
    8
    Aug 6, 2014
    Ratings:
    +12
    Local Time:
    8:06 PM
    oh the issue was a simple one the yourdomain.crt didn't have a extra line at the bottom so when cat happened it made

    -----END CERTIFICATE----------BEGIN CERTIFICATE-----

    rather than

    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----

    causing it to break
     
  11. eva2000

    eva2000 Administrator Staff Member

    53,488
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,671
    Local Time:
    5:06 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Sweet there's one for my mental filing cabinet :D