Learn about Centmin Mod LEMP Stack today
Become a Member

Nginx Heads up possible broken Nginx installs due to openssl.org invalid SSL certificate

Discussion in 'Install & Upgrades or Pre-Install Questions' started by eva2000, Apr 23, 2019.

  1. eva2000

    eva2000 Administrator Staff Member

    44,804
    10,217
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,835
    Local Time:
    9:16 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    As Centmin Mod 123.09beta01 branch compiles Nginx with OpenSSL 1.1.1+ for HTTPS, it relies on downloads from openssl.org web site. Unfortunately, it's giving an invalid SSL certificate error when accessing the site as the SSL certificate is issued to mta.openssl.org and not openssl.org !

    So for fresh installs or nginx upgrades in Centmin Mod, I'd hold off for a bit. Though Centmin Mod 123.09beta01 has a local mirror for current openssl.org latest OpenSSL 1.1.1b so should kick in when openssl.org is down.

    broken openssl.org site
    Code (Text):
    curl -4I https://openssl.org
    curl: (60) Unable to communicate securely with peer: requested domain name does not match the server's certificate.
    More details here: https://curl.haxx.se/docs/sslcerts.html
    
    curl failed to verify the legitimacy of the server and therefore could not
    establish a secure connection to it. To learn more about this situation and
    how to fix it, please visit the web page mentioned above.
    

    centmin mod local mirror
    Code (Text):
    curl -4Is https://centminmod.com/centminmodparts/openssl/openssl-1.1.1b.tar.gz
    HTTP/2 200 
    date: Tue, 23 Apr 2019 07:48:36 GMT
    content-type: application/octet-stream
    content-length: 8213737
    set-cookie: __cfduid=d6c5f0abddb4be7a3dc0250a33088ecf01556005716; expires=Wed, 22-Apr-20 07:48:36 GMT; path=/; domain=.centminmod.com; HttpOnly
    last-modified: Tue, 26 Feb 2019 14:34:59 GMT
    etag: "5c754e93-7d54e9"
    x-powered-by: centminmod
    expires: Thu, 23 May 2019 07:48:36 GMT
    cache-control: public, max-age=2592000
    link: <https://centminmod.com/centminmodparts/openssl/openssl-1.1.1b.tar.gz>; rel="canonical"
    cf-cache-status: HIT
    accept-ranges: bytes
    expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
    server: cloudflare
    cf-ray: 4cbe3c6f1fd8c17c-IAD
    


    openssl.org-sslcert-error-01.png openssl.org-sslcert-error-02.png
     
    Last edited: Apr 23, 2019
  2. eva2000

    eva2000 Administrator Staff Member

    44,804
    10,217
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,835
    Local Time:
    9:16 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x