Welcome to Centmin Mod Community
Register Now

SSL intermediate.crt root.pem missing?

Discussion in 'Domains, DNS, Email & SSL Certificates' started by pamamolf, Oct 15, 2014.

  1. rdan

    rdan Well-Known Member

    5,444
    1,408
    113
    May 25, 2014
    Ratings:
    +2,201
    Local Time:
    5:02 PM
    Mainline
    10.2
    Both @ and www use A record not url redirect.

     
  2. eva2000

    eva2000 Administrator Staff Member

    54,336
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    7:02 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yup DNS need A record for those two
     
  3. pamamolf

    pamamolf Premium Member Premium Member

    4,077
    427
    83
    May 31, 2014
    Ratings:
    +833
    Local Time:
    11:02 AM
    Nginx-1.25.x
    MariaDB 10.3.x
    Ok i did it like this:

    [​IMG]

    Is this ok?

    Thanks
     
    Last edited: Oct 16, 2014
  4. pamamolf

    pamamolf Premium Member Premium Member

    4,077
    427
    83
    May 31, 2014
    Ratings:
    +833
    Local Time:
    11:02 AM
    Nginx-1.25.x
    MariaDB 10.3.x
    Now it seems much better :)

    Code:
    www.mydomain.com  redirecting to --> https://www.mydomain.com/  and site working
    http://www.mydomain.com  redirecting to --> https://www.mydomain.com/  and site working
    https://www.mydomain.com  --->site working
    
    All working now but not redirecting to non www :(
     
  5. eva2000

    eva2000 Administrator Staff Member

    54,336
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    7:02 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    that's one you normally don't see accounted for https:/www redirect to https:/ but can be done via this entry within the SPDY SSL server context under root

    using 302 non-permanent redirect to test with first before using 301 permanent
    Code:
         ## redirect www to nowww
          if ($host = 'www.sslspdy.com' ) {
             return 302 https://$server_name$request_uri;
          }
    i.e. working
    Code:
    curl -I https://www.sslspdy.com/
    HTTP/1.1 302 Moved Temporarily
    Server: nginx centminmod
    Date: Wed, 15 Oct 2014 20:47:23 GMT
    Content-Type: text/html
    Content-Length: 154
    Connection: keep-alive
    Location: https://sslspdy.com/
    Strict-Transport-Security: max-age=31536000
    Alternate-Protocol: 443:npn-spdy/3
    within SPDY SSL server context
    Code:
    server {
      listen 443 ssl spdy;
    
    SNIPPED REST
    
      root /home/nginx/domains/sslspdy.com/public;
    
         ## redirect www to nowww
          if ($host = 'www.sslspdy.com' ) {
             return 302 https://$server_name$request_uri;
          }
    
      location / {
     
  6. pamamolf

    pamamolf Premium Member Premium Member

    4,077
    427
    83
    May 31, 2014
    Ratings:
    +833
    Local Time:
    11:02 AM
    Nginx-1.25.x
    MariaDB 10.3.x
    Do i have to add this code on top of the config and inside also the spdy ssl or in one place only?

    I add it on the spdy ssl and i think it works:
    Code:
    HTTP/1.1 302 Moved Temporarily
    Server: nginx
    Date: Wed, 15 Oct 2014 21:32:51 GMT
    Content-Type: text/html
    Content-Length: 154
    Connection: keep-alive
    Location: https://mydomain.com/
    Alternate-Protocol: 443:npn-spdy/3
    Strict-Transport-Security: max-age=31536000; includeSubdomains;
    
     
  7. eva2000

    eva2000 Administrator Staff Member

    54,336
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    7:02 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    only in SPDY SSL server context
     
  8. pamamolf

    pamamolf Premium Member Premium Member

    4,077
    427
    83
    May 31, 2014
    Ratings:
    +833
    Local Time:
    11:02 AM
    Nginx-1.25.x
    MariaDB 10.3.x
    Ok and as it works now do you have any ideas why the 301 is not working so i can fix it and use it as it is the default way to do it?
     
  9. pamamolf

    pamamolf Premium Member Premium Member

    4,077
    427
    83
    May 31, 2014
    Ratings:
    +833
    Local Time:
    11:02 AM
    Nginx-1.25.x
    MariaDB 10.3.x
    It seems that the dns change with @ and www pointing to the ip of my servers gone wrong as now on my domain i can see this:

    [​IMG]

    :(
     
  10. eva2000

    eva2000 Administrator Staff Member

    54,336
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    7:02 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    do you have a valid DNS A record for main hostname.yourdomain.com in virtual.conf Nginx vhost ?
     
  11. pamamolf

    pamamolf Premium Member Premium Member

    4,077
    427
    83
    May 31, 2014
    Ratings:
    +833
    Local Time:
    11:02 AM
    Nginx-1.25.x
    MariaDB 10.3.x
    /usr/local/nginx/conf/conf.d/virtual.conf

    Code:
    server {
    #  listen  80;
      listen  80 default_server backlog=2048;
      server_name server.mydomain.com;
      root  html;
    
      access_log  /var/log/nginx/localhost.access.log  main buffer=32k;
      error_log  /var/log/nginx/localhost.error.log  error;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
    # limit_conn limit_per_ip 16;
    # ssi  on;
    
      location / {
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
    #      Enables directory listings when index file not found
    #     autoindex  on;
    
    #     Shows file listing times as local time
    #     autoindex_localtime on;
    
    #     Enable for vBulletin usage WITHOUT vbSEO installed
    #     try_files     $uri $uri/ /index.php;
    
      }
    
      # example nginx-http-concat
      # /csstest/??one.css,two.css
      #location /csstest {
      #concat on;
      #concat_max_files 20;
      #}
    
    include /usr/local/nginx/conf/phpmyadmin.conf;
    include /usr/local/nginx/conf/staticfiles.conf;
    include /usr/local/nginx/conf/php.conf;
    #include /usr/local/nginx/conf/phpstatus.conf;
    include /usr/local/nginx/conf/drop.conf;
    #include /usr/local/nginx/conf/errorpage.conf;
    
      }
    
    I just install latest beta 0.8 and then create it using the option 2 from the menu....

    There is no any entries for A records here ...Do you mean in my domain control panel at namcheap?

    Do i have to run also this as i am not using my own nameservers?

    3). NSD setup domain name DNS
     
    Last edited: Oct 16, 2014
  12. pamamolf

    pamamolf Premium Member Premium Member

    4,077
    427
    83
    May 31, 2014
    Ratings:
    +833
    Local Time:
    11:02 AM
    Nginx-1.25.x
    MariaDB 10.3.x
    Anyone please that can help?
     
  13. eva2000

    eva2000 Administrator Staff Member

    54,336
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    7:02 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    all dns records if not on server with NSD need to be done with your domain registrar = namecheap
     
  14. pamamolf

    pamamolf Premium Member Premium Member

    4,077
    427
    83
    May 31, 2014
    Ratings:
    +833
    Local Time:
    11:02 AM
    Nginx-1.25.x
    MariaDB 10.3.x
    I add them as you recommend me :

    [​IMG]

    But i think is normal with such settings to view the defaut page of centminmod as both point to ip and ip on browser is point to the default centminmod page....

    As i am not using NSD then it doesn't know where to point to the domain.....

    That's why i thought that the domain on the @ was ok....

    But you know better how it works....
     
  15. eva2000

    eva2000 Administrator Staff Member

    54,336
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    7:02 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    did you run centmin.sh menu option 2 to add the domain.com to nginx vhost which matches your namecheap A record for your @ and www entries ? depending on how fast namecheap DNS and your ISP DNS update it can take 24-48hrs to propogate unless you use a service like DNSMadeEasy which does almost instant propagation and DNS updates with their Peregrine Instant DNS Update system - which I use on all my important domains including centminmod.com :)

    You can preview your new domain on your server via local host files edit before DNS updates.

    For local computer you browse the web from either Microsoft Windows edit C:\Windows\System32\drivers\etc\hosts or Linux /etc/hosts
    Code:
    serverip domain.com www.domain.com
     
  16. pamamolf

    pamamolf Premium Member Premium Member

    4,077
    427
    83
    May 31, 2014
    Ratings:
    +833
    Local Time:
    11:02 AM
    Nginx-1.25.x
    MariaDB 10.3.x
    Yes i add my domain from menu option 2 as i think is the only way to add it ....

    Namecheap changes takes a few minutes always and as my previous setting was point to my domain and after the change and more than a day now it changes to the Centminmod page it seems that the change from namecheap is finished....
     
  17. eva2000

    eva2000 Administrator Staff Member

    54,336
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    7:02 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    try local pc host file edit to see if it works
     
  18. pamamolf

    pamamolf Premium Member Premium Member

    4,077
    427
    83
    May 31, 2014
    Ratings:
    +833
    Local Time:
    11:02 AM
    Nginx-1.25.x
    MariaDB 10.3.x
    It doesn't work :(
     
  19. eva2000

    eva2000 Administrator Staff Member

    54,336
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    7:02 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  20. pamamolf

    pamamolf Premium Member Premium Member

    4,077
    427
    83
    May 31, 2014
    Ratings:
    +833
    Local Time:
    11:02 AM
    Nginx-1.25.x
    MariaDB 10.3.x
    DNS Report for ihostexperts.com - DNSInspect
    intoDNS: ihostexperts.com - check DNS server and mail server health
    DNS check tool

    Virtual.conf:

    Code:
    server {
    #  listen  80;
      listen  80 default_server backlog=2048;
      server_name server.ihostexperts.com;
      root  html;
    
      access_log  /var/log/nginx/localhost.access.log  main buffer=32k;
      error_log  /var/log/nginx/localhost.error.log  error;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
    # limit_conn limit_per_ip 16;
    # ssi  on;
    
      location / {
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
    #      Enables directory listings when index file not found
    #     autoindex  on;
    
    #     Shows file listing times as local time
    #     autoindex_localtime on;
    
    #     Enable for vBulletin usage WITHOUT vbSEO installed
    #     try_files     $uri $uri/ /index.php;
      
      }
    
      # example nginx-http-concat
      # /csstest/??one.css,two.css
      #location /csstest {
      #concat on;
      #concat_max_files 20;
      #}
    
    include /usr/local/nginx/conf/phpmyadmin.conf;
    include /usr/local/nginx/conf/staticfiles.conf;
    include /usr/local/nginx/conf/php.conf;
    #include /usr/local/nginx/conf/phpstatus.conf;
    include /usr/local/nginx/conf/drop.conf;
    #include /usr/local/nginx/conf/errorpage.conf;
    
      }
    
    domain.conf:

    Code:
    # redirect from non-www to www
    # uncomment, save file and restart Nginx to enable
    #server {
    #  listen  80;
    #  server_name ihostexperts.com;
    #  return 301 $scheme://www.ihostexperts.com$request_uri;
    #  }
    
    
    server {
      server_name ihostexperts.com www.ihostexperts.com;
    
    }
    
    # https SSL SPDY vhost
    server {
      listen 443 ssl spdy;
      server_name ihostexperts.com;
    
      ssl_certificate  /usr/local/nginx/conf/ssl/domaincom/ssl-unified.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/domaincom/ihostexperts_com.key;
      ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
      ssl_session_cache  shared:SSL:10m;
      ssl_session_timeout  10m;
      ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!kEDH:!EDH:!CAMELLIA;
      ssl_prefer_server_ciphers  on;
      add_header Alternate-Protocol  443:npn-spdy/3;
      add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";  
      #add_header  X-Content-Type-Options "nosniff";
      #add_header X-Frame-Options DENY;
      # nginx 1.5.9+ or higher
      # http://nginx.org/en/docs/http/ngx_http_spdy_module.html#spdy_headers_comp
      # http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_buffer_size
      # spdy_headers_comp 0;
      # ssl_buffer_size 4k;
    
      # enable ocsp stapling
      resolver 8.8.8.8;
      ssl_stapling on;
      ssl_stapling_verify on;
      ssl_trusted_certificate /usr/local/nginx/conf/ssl/domaincom/ssl-trusted.crt;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/ihostexperts.com/log/access.log combined buffer=32k;
      error_log /home/nginx/domains/ihostexperts.com/log/error.log;
    
      root /home/nginx/domains/ihostexperts.com/public;
    
      ## redirect www to nowww
      if ($host = 'www.ihostexperts.com' ) {
      return 302 https://$server_name$request_uri;
      }
    
      location / {
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Enable for vBulletin usage WITHOUT vbSEO installed
      try_files     $uri $uri/ /index.php;
    
      }
    
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
    }
    
    
    I was check the error about nameservers of namecheap and that was not like that and i was not had any errors and i contact them and they told me that is pointing correct my domain to my server ip and they can see the Centminmod page as i can see on that ip so they don't see any problem there.....

    Thanks !!!