Want more timely Centmin Mod News Updates?
Become a Member

SSL StartSSL Or Lets Encrypt . Confirm

Discussion in 'Domains, DNS, Email & SSL Certificates' started by R0rke, Jun 3, 2016.

  1. eva2000

    eva2000 Administrator Staff Member

    46,214
    10,506
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,289
    Local Time:
    2:10 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    file names for upload can be anything your want so replacing all is fine as you don't need the existing self-signed ssl cert files

    just if you follow concat guide at Nginx SPDY SSL Configuration - CentminMod.com LEMP Nginx web stack for CentOS it maybe easier if you used same naming of files to begin with

    the intermediate and root crts in Nginx SPDY SSL Configuration - CentminMod.com LEMP Nginx web stack for CentOS are basically same as your bundle.crt contents hence why in screenshot example for ssl-trust.crt i just concatenated the bundle.crt contents into ssl-trust.crt
     
  2. R0rke

    R0rke Member

    163
    20
    18
    Jun 2, 2016
    Iran
    Ratings:
    +34
    Local Time:
    8:10 AM
    1.11.1
    10.1
    should be like this ?
    Code:
    cat 1_aryaii.com_bundle.crt aryaii.com.crt dhparam.pem > ssl-unified.crt
    Code:
    cat aryaii.com.crt dhparam.pem > ssl-trusted.crt
     

    Attached Files:

  3. eva2000

    eva2000 Administrator Staff Member

    46,214
    10,506
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,289
    Local Time:
    2:10 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
  4. R0rke

    R0rke Member

    163
    20
    18
    Jun 2, 2016
    Iran
    Ratings:
    +34
    Local Time:
    8:10 AM
    1.11.1
    10.1
    Code:
    cat 1_aryaii.com_bundle.crt aryaii.com.crt dhparam.pem > ssl-unified.crt
    Code:
    cat  1_aryaii.com_bundle.crt > ssl-trusted.crt
    added this to aryaii.com.ssl.conf
    Code:
    ssl_certificate /usr/local/nginx/conf/ssl/aryaii.com/ssl-unified.crt;
    Code:
    ssl_trusted_certificate /usr/local/nginx/conf/ssl/aryaii.com/ssl-trusted.crt;
    im confeuesed does't working btw
     
  5. eva2000

    eva2000 Administrator Staff Member

    46,214
    10,506
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,289
    Local Time:
    2:10 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    ssl-unified.crt is incorrect see Nginx SPDY SSL Configuration - CentminMod.com LEMP Nginx web stack for CentOS
     
  6. R0rke

    R0rke Member

    163
    20
    18
    Jun 2, 2016
    Iran
    Ratings:
    +34
    Local Time:
    8:10 AM
    1.11.1
    10.1
    cat aryaii.com.crt 1_aryaii.com_bundle.crt dhparam.pem > ssl-unified.crt
    correct ?
    still not working i follow the steps
     
  7. eva2000

    eva2000 Administrator Staff Member

    46,214
    10,506
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,289
    Local Time:
    2:10 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    previous post as the correct order just remove dhparam.pem file from it
     
  8. eva2000

    eva2000 Administrator Staff Member

    46,214
    10,506
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,289
    Local Time:
    2:10 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
  9. R0rke

    R0rke Member

    163
    20
    18
    Jun 2, 2016
    Iran
    Ratings:
    +34
    Local Time:
    8:10 AM
    1.11.1
    10.1
    HTML:
    [root@Aryaii aryaii.com]# cat aryaii.com.crt  1_aryaii.com_bundle.crt > ssl-unified.crt
    [root@Aryaii aryaii.com]# cat 1_aryaii.com_bundle.crt  > ssl-trusted.crt
    
    i'm bored srsly :D btw still not working
     
  10. eva2000

    eva2000 Administrator Staff Member

    46,214
    10,506
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,289
    Local Time:
    2:10 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
  11. R0rke

    R0rke Member

    163
    20
    18
    Jun 2, 2016
    Iran
    Ratings:
    +34
    Local Time:
    8:10 AM
    1.11.1
    10.1
    yup
    Code:
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For SPDY SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
    
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    # server {
    #       listen   80;
    #       server_name aryaii.com www.aryaii.com;
    #       return 302 https://$server_name$request_uri;
    # }
    
    server {
      listen 443 ssl spdy;
      server_name aryaii.com www.aryaii.com;
    
      ssl_dhparam /usr/local/nginx/conf/ssl/aryaii.com/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/aryaii.com/ssl-unified.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/aryaii.com/aryaii.com.key;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      # mozilla recommended
      ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
      # HTTP Public Key Pinning Header uncomment only one that applies include or exclude domains.
      # You'd want to include subdomains if you're using SSL wildcard certificates
      # include subdomain
      #add_header Public-Key-Pins 'pin-sha256="BSK9QRZl9albn2y+CDE8Bf4TushZEZK0HJ0jxMd+tZQ="; pin-sha256="0OjeRpclrAgIIQ3xgWYxuvOxSnKUt4NvRUKq3vpO0bg="; max-age=86400; includeSubDomains';
      # exclude subdomains
      #add_header Public-Key-Pins 'pin-sha256="BSK9QRZl9albn2y+CDE8Bf4TushZEZK0HJ0jxMd+tZQ="; pin-sha256="0OjeRpclrAgIIQ3xgWYxuvOxSnKUt4NvRUKq3vpO0bg="; max-age=86400';
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      #spdy_headers_comp 5;
      ssl_buffer_size 1400;
      ssl_session_tickets on;
    
      # enable ocsp stapling
       resolver 8.8.8.8 8.8.4.4 valid=10m;
       resolver_timeout 10s;
       ssl_stapling on;
       ssl_stapling_verify on;
      #ssl_trusted_certificate /usr/local/nginx/conf/ssl/aryaii.com/aryaii.com-trusted.crt;
       ssl_trusted_certificate /usr/local/nginx/conf/ssl/aryaii.com/ssl-trusted.crt;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/aryaii.com/log/access.log combined buffer=256k flush=60m;
      error_log /home/nginx/domains/aryaii.com/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/aryaii.com/autoprotect-aryaii.com.conf;
      root /home/nginx/domains/aryaii.com/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      # prevent access to ./directories and files
      location ~ (?:^|/)\. {
       deny all;
      }
    
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Enable for vBulletin usage WITHOUT vbSEO installed
      # More example Nginx vhost configurations at
      # http://centminmod.com/nginx_configure.html
      #try_files    $uri $uri/ /index.php;
    
      }
    
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    
     
  12. eva2000

    eva2000 Administrator Staff Member

    46,214
    10,506
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,289
    Local Time:
    2:10 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    did you restart nginx server ? as your https site still shows using the self-signed ssl certificate for me SSL Server Test: aryaii.com (Powered by Qualys SSL Labs)

    when you generated csr file it would have a .key private key that has to be uploaded to server at
    /usr/local/nginx/conf/ssl/aryaii.com/aryaii.com.key as well
     
  13. R0rke

    R0rke Member

    163
    20
    18
    Jun 2, 2016
    Iran
    Ratings:
    +34
    Local Time:
    8:10 AM
    1.11.1
    10.1
    yup i do
     
  14. eva2000

    eva2000 Administrator Staff Member

    46,214
    10,506
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,289
    Local Time:
    2:10 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    when you generated csr file it would have a .key private key that has to be uploaded to server at
    /usr/local/nginx/conf/ssl/aryaii.com/aryaii.com.key as well
     
  15. R0rke

    R0rke Member

    163
    20
    18
    Jun 2, 2016
    Iran
    Ratings:
    +34
    Local Time:
    8:10 AM
    1.11.1
    10.1
    well i don't have how to make it ? i must take from startSSL Panel ? well i can't find any way to download that , then im using default self signed ssl with automatic vhost makes before
     
  16. eva2000

    eva2000 Administrator Staff Member

    46,214
    10,506
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,289
    Local Time:
    2:10 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    you should already have done so when you ran openssl command to generate the csr file and private key file at SSL - StartSSL Or Lets Encrypt . Confirm | Centmin Mod Community

    upload that generated private key to your server at same location as ssl certificate files and name it domain.com.key
     
  17. R0rke

    R0rke Member

    163
    20
    18
    Jun 2, 2016
    Iran
    Ratings:
    +34
    Local Time:
    8:10 AM
    1.11.1
    10.1
    i make a new one now what should i do with the code ? should i put somewhere lol ? :D
     
  18. eva2000

    eva2000 Administrator Staff Member

    46,214
    10,506
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,289
    Local Time:
    2:10 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    if you make a new private key and csr pair, you need to reissue your ssl certificate again and get new ssl cert files from ssl provider as those files are tied to your csr and private key

    it's best if you have your original csr file and private key if possible, if not just re-run openssl command to generate a new csr file and private key and keep them safe and then go to ssl provider and reissue the cert with the new csr file contents and repeat the setup and concatenation steps with the new set of domain cert and bunldles provided by ssl provider
     
  19. R0rke

    R0rke Member

    163
    20
    18
    Jun 2, 2016
    Iran
    Ratings:
    +34
    Local Time:
    8:10 AM
    1.11.1
    10.1
    Code:
    47 Aryaii.co csf[16745]: Deleting chain `UDPFLOOD'
    Jun 02 19:26:48 Aryaii.co systemd[1]: Stopped ConfigServer Firewall & Security - csf.
    -- Subject: Unit csf.service has finished shutting down
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    --
    -- Unit csf.service has finished shutting down.
    Jun 02 19:26:48 Aryaii.co polkitd[667]: Unregistered Authentication Agent for unix-process:16719:1815522 (system bus name :1.143, object path /org/freedesktop/PolicyKit
    Jun 02 19:26:56 Aryaii.co polkitd[667]: Registered Authentication Agent for unix-process:16782:1816409 (system bus name :1.144 [/usr/bin/pkttyagent --notify-fd 5 --fall
    Jun 02 19:26:56 Aryaii.co systemd[1]: Starting SYSV: Nginx is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3 proxy server...
    -- Subject: Unit nginx.service has begun start-up
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    --
    -- Unit nginx.service has begun starting up.
    Jun 02 19:26:56 Aryaii.co nginx[16787]: Starting nginx: nginx: [warn] invalid parameter "spdy": ngx_http_spdy_module was superseded by ngx_http_v2_module in /usr/local/
    Jun 02 19:26:56 Aryaii.co nginx[16787]: nginx: [emerg] SSL_CTX_use_PrivateKey_file("/usr/local/nginx/conf/ssl/aryaii.com/aryaii.com.key") failed (SSL: error:0B080074:x5
    Jun 02 19:26:56 Aryaii.co nginx[16787]: [FAILED]
    Jun 02 19:26:56 Aryaii.co systemd[1]: nginx.service: control process exited, code=exited status=1
    Jun 02 19:26:56 Aryaii.co systemd[1]: Failed to start SYSV: Nginx is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3 proxy server.
    -- Subject: Unit nginx.service has failed
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    --
    -- Unit nginx.service has failed.
    --
    -- The result is failed.
    Jun 02 19:26:56 Aryaii.co systemd[1]: Unit nginx.service entered failed state.
    Jun 02 19:26:56 Aryaii.co systemd[1]: nginx.service failed.
    Jun 02 19:26:56 Aryaii.co polkitd[667]: Unregistered Authentication Agent for unix-process:16782:1816409 (system bus name :1.144, object path /org/freedesktop/PolicyKit
    -- Logs begin at Thu 2016-06-02 16:23:33 UTC, end at Thu 2016-06-02 19:26:56 UTC. --
    Jun 02 18:59:07 Aryaii.co kernel: Firewall: *UDP_IN Blocked* IN=ens32 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:56:01:15:4a:08:00 SRC=151.80.239.207 DST=255.255.255.255 LEN=125
    Jun 02 18:59:09 Aryaii.co kernel: Firewall: *UDP_IN Blocked* IN=ens32 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:56:01:15:4a:08:00 SRC=151.80.239.207 DST=255.255.255.255 LEN=125
    Jun 02 18:59:11 Aryaii.co kernel: Firewall: *UDP_IN Blocked* IN=ens32 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:56:01:15:4a:08:00 SRC=151.80.239.207 DST=255.255.255.255 LEN=125
    Jun 02 18:59:13 Aryaii.co kernel: Firewall: *UDP_IN Blocked* IN=ens32 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:56:01:15:4a:08:00 SRC=151.80.239.207 DST=255.255.255.255 LEN=125
    Jun 02 18:59:15 Aryaii.co kernel: Firewall: *UDP_IN Blocked* IN=ens32 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:56:01:15:4a:08:00 SRC=151.80.239.207 DST=255.255.255.255 LEN=125
    Jun 02 18:59:17 Aryaii.co kernel: Firewall: *UDP_IN Blocked* IN=ens32 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:56:01:15:4a:08:00 SRC=151.80.239.207 DST=255.255.255.255 LEN=125
    Jun 02 18:59:19 Aryaii.co kernel: Firewall: *UDP_IN Blocked* IN=ens32 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:56:01:15:4a:08:00 SRC=151.80.239.207 DST=255.255.255.255 LEN=125
    Jun 02 18:59:21 Aryaii.co kernel: Firewall: *UDP_IN Blocked* IN=ens32 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:56:01:15:4a:08:00 SRC=151.80.239.207 DST=255.255.255.255 LEN=125
    Jun 02 18:59:23 Aryaii.co kernel: Firewall: *UDP_IN Blocked* IN=ens32 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:56:01:15:4a:08:00 SRC=151.80.239.207 DST=255.255.255.255 LEN=125
    Jun 02 18:59:25 Aryaii.co kernel: Firewall: *UDP_IN Blocked* IN=ens32 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:56:01:15:4a:08:00 SRC=151.80.239.207 DST=255.255.255.255 LEN=125
    Jun 02 18:59:27 Aryaii.co kernel: Firewall: *UDP_IN Blocked* IN=ens32 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:56:01:15:4a:08:00 SRC=151.80.239.207 DST=255.255.255.255 LEN=125
    Jun 02 18:59:29 Aryaii.co kernel: Firewall: *UDP_IN Blocked* IN=ens32 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:56:01:15:4a:08:00 SRC=151.80.239.207 DST=255.255.255.255 LEN=125
    Jun 02 18:59:31 Aryaii.co kernel: Firewall: *UDP_IN Blocked* IN=ens32 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:56:01:15:4a:08:00 SRC=151.80.239.207 DST=255.255.255.255 LEN=125
    Jun 02 18:59:33 Aryaii.co kernel: Firewall: *UDP_IN Blocked* IN=ens32 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:56:01:15:4a:08:00 SRC=151.80.239.207 DST=255.255.255.255 LEN=125
    Jun 02 18:59:35 Aryaii.co kernel: Firewall: *UDP_IN Blocked* IN=ens32 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:56:01:15:4a:08:00 SRC=151.80.239.207 DST=255.255.255.255 LEN=125
    Jun 02 18:59:37 Aryaii.co kernel: Firewall: *UDP_IN Blocked* IN=ens32 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:56:01:15:4a:08:00 SRC=151.80.239.207 DST=255.255.255.255 LEN=125
    Jun 02 18:59:39 Aryaii.co kernel: Firewall: *UDP_IN Blocked* IN=ens32 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:56:01:15:4a:08:00 SRC=151.80.239.207 DST=255.255.255.255 LEN=125
    Jun 02 18:59:41 Aryaii.co kernel: Firewall: *UDP_IN Blocked* IN=ens32 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:56:01:15:4a:08:00 SRC=151.80.239.207 DST=255.255.255.255 LEN=125
    Jun 02 18:59:43 Aryaii.co kernel: Firewall: *UDP_IN Blocked* IN=ens32 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:56:01:15:4a:08:00 SRC=151.80.239.207 DST=255.255.255.255 LEN=125
    Jun 02 18:59:45 Aryaii.co kernel: Firewall: *UDP_IN Blocked* IN=ens32 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:56:01:15:4a:08:00 SRC=151.80.239.207 DST=255.255.255.255 LEN=125
    Jun 02 18:59:47 Aryaii.co kernel: Firewall: *UDP_IN Blocked* IN=ens32 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:56:01:15:4a:08:00 SRC=151.80.239.207 DST=255.255.255.255 LEN=125
    Jun 02 18:59:49 Aryaii.co kernel: Firewall: *UDP_IN Blocked* IN=ens32 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:56:01:15:4a:08:00 SRC=151.80.239.207 DST=255.255.255.255 LEN=125
    Jun 02 18:59:51 Aryaii.co kernel: Firewall: *UDP_IN Blocked* IN=ens32 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:56:01:15:4a:08:00 SRC=151.80.239.207 DST=255.255.255.255 LEN=125
    Jun 02 18:59:53 Aryaii.co kernel: Firewall: *UDP_IN Blocked* IN=ens32 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:56:01:15:4a:08:00 SRC=151.80.239.207 DST=255.255.255.255 LEN=125
    Jun 02 18:59:55 Aryaii.co kernel: Firewall: *UDP_IN Blocked* IN=ens32 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:56:01:15:4a:08:00 SRC=151.80.239.207 DST=255.255.255.255 LEN=125
    Jun 02 18:59:57 Aryaii.co kernel: Firewall: *UDP_IN Blocked* IN=ens32 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:56:01:15:4a:08:00 SRC=151.80.239.207 DST=255.255.255.255 LEN=125
    Jun 02 18:59:59 Aryaii.co kernel: Firewall: *UDP_IN Blocked* IN=ens32 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:56:01:15:4a:08:00 SRC=151.80.239.207 DST=255.255.255.255 LEN=125
    Jun 02 19:00:01 Aryaii.co kernel: Firewall: *UDP_IN Blocked* IN=ens32 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:56:01:15:4a:08:00 SRC=151.80.239.207 DST=255.255.255.255 LEN=125
    Jun 02 19:00:01 Aryaii.co systemd[1]: Started Session 45 of user root.
    -- Subject: Unit session-45.scope has finished start-up
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    --
    -- Unit session-45.scope has finished starting up.
    --
    -- The start-up result is done.
    Jun 02 19:00:01 Aryaii.co systemd[1]: Starting Session 45 of user root.
    -- Subject: Unit session-45.scope has begun start-up
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    --
    -- Unit session-45.scope has begun starting up.
    
    [root@Aryaii aryaii.com]# journalctl -xe
    Jun 02 19:26:47 Aryaii.co csf[16745]: Deleting chain `ALLOWDYNIN'
    Jun 02 19:26:47 Aryaii.co csf[16745]: Deleting chain `ALLOWDYNOUT'
    Jun 02 19:26:47 Aryaii.co csf[16745]: Deleting chain `ALLOWIN'
    Jun 02 19:26:47 Aryaii.co csf[16745]: Deleting chain `ALLOWOUT'
    Jun 02 19:26:47 Aryaii.co csf[16745]: Deleting chain `DENYIN'
    Jun 02 19:26:47 Aryaii.co csf[16745]: Deleting chain `DENYOUT'
    Jun 02 19:26:47 Aryaii.co csf[16745]: Deleting chain `INVALID'
    Jun 02 19:26:47 Aryaii.co csf[16745]: Deleting chain `INVDROP'
    Jun 02 19:26:47 Aryaii.co csf[16745]: Deleting chain `LOCALINPUT'
    Jun 02 19:26:47 Aryaii.co csf[16745]: Deleting chain `LOCALOUTPUT'
    Jun 02 19:26:47 Aryaii.co csf[16745]: Deleting chain `LOGDROPIN'
    Jun 02 19:26:47 Aryaii.co csf[16745]: Deleting chain `LOGDROPOUT'
    Jun 02 19:26:47 Aryaii.co csf[16745]: Deleting chain `PORTFLOOD'
    Jun 02 19:26:47 Aryaii.co csf[16745]: Deleting chain `UDPFLOOD'
    Jun 02 19:26:48 Aryaii.co systemd[1]: Stopped ConfigServer Firewall & Security - csf.
    -- Subject: Unit csf.service has finished shutting down
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    --
    -- Unit csf.service has finished shutting down.
    Jun 02 19:26:48 Aryaii.co polkitd[667]: Unregistered Authentication Agent for unix-process:16719:1815522 (system bus name :1.143, object path /org/freedesktop/PolicyKit
    Jun 02 19:26:56 Aryaii.co polkitd[667]: Registered Authentication Agent for unix-process:16782:1816409 (system bus name :1.144 [/usr/bin/pkttyagent --notify-fd 5 --fall
    Jun 02 19:26:56 Aryaii.co systemd[1]: Starting SYSV: Nginx is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3 proxy server...
    -- Subject: Unit nginx.service has begun start-up
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    --
    -- Unit nginx.service has begun starting up.
    Jun 02 19:26:56 Aryaii.co nginx[16787]: Starting nginx: nginx: [warn] invalid parameter "spdy": ngx_http_spdy_module was superseded by ngx_http_v2_module in /usr/local/
    Jun 02 19:26:56 Aryaii.co nginx[16787]: nginx: [emerg] SSL_CTX_use_PrivateKey_file("/usr/local/nginx/conf/ssl/aryaii.com/aryaii.com.key") failed (SSL: error:0B080074:x5
    Jun 02 19:26:56 Aryaii.co nginx[16787]: [FAILED]
    Jun 02 19:26:56 Aryaii.co systemd[1]: nginx.service: control process exited, code=exited status=1
    Jun 02 19:26:56 Aryaii.co systemd[1]: Failed to start SYSV: Nginx is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3 proxy server.
    -- Subject: Unit nginx.service has failed
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    --
    -- Unit nginx.service has failed.
    --
    -- The result is failed.
    Jun 02 19:26:56 Aryaii.co systemd[1]: Unit nginx.service entered failed state.
    Jun 02 19:26:56 Aryaii.co systemd[1]: nginx.service failed.
    Jun 02 19:26:56 Aryaii.co polkitd[667]: Unregistered Authentication Agent for unix-process:16782:1816409 (system bus name :1.144, object path /org/freedesktop/PolicyKit
    [root@Aryaii aryaii.com]# journalctl -xe
    Jun 02 19:26:47 Aryaii.co csf[16745]: Deleting chain `ALLOWDYNIN'
    Jun 02 19:26:47 Aryaii.co csf[16745]: Deleting chain `ALLOWDYNOUT'
    Jun 02 19:26:47 Aryaii.co csf[16745]: Deleting chain `ALLOWIN'
    Jun 02 19:26:47 Aryaii.co csf[16745]: Deleting chain `ALLOWOUT'
    Jun 02 19:26:47 Aryaii.co csf[16745]: Deleting chain `DENYIN'
    Jun 02 19:26:47 Aryaii.co csf[16745]: Deleting chain `DENYOUT'
    Jun 02 19:26:47 Aryaii.co csf[16745]: Deleting chain `INVALID'
    Jun 02 19:26:47 Aryaii.co csf[16745]: Deleting chain `INVDROP'
    Jun 02 19:26:47 Aryaii.co csf[16745]: Deleting chain `LOCALINPUT'
    Jun 02 19:26:47 Aryaii.co csf[16745]: Deleting chain `LOCALOUTPUT'
    Jun 02 19:26:47 Aryaii.co csf[16745]: Deleting chain `LOGDROPIN'
    Jun 02 19:26:47 Aryaii.co csf[16745]: Deleting chain `LOGDROPOUT'
    Jun 02 19:26:47 Aryaii.co csf[16745]: Deleting chain `PORTFLOOD'
    Jun 02 19:26:47 Aryaii.co csf[16745]: Deleting chain `UDPFLOOD'
    Jun 02 19:26:48 Aryaii.co systemd[1]: Stopped ConfigServer Firewall & Security - csf.
    -- Subject: Unit csf.service has finished shutting down
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    --
    -- Unit csf.service has finished shutting down.
    Jun 02 19:26:48 Aryaii.co polkitd[667]: Unregistered Authentication Agent for unix-process:16719:1815522 (system bus name :1.143, object path /org/freedesktop/PolicyKit
    Jun 02 19:26:56 Aryaii.co polkitd[667]: Registered Authentication Agent for unix-process:16782:1816409 (system bus name :1.144 [/usr/bin/pkttyagent --notify-fd 5 --fall
    Jun 02 19:26:56 Aryaii.co systemd[1]: Starting SYSV: Nginx is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3 proxy server...
    -- Subject: Unit nginx.service has begun start-up
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    --
    -- Unit nginx.service has begun starting up.
    Jun 02 19:26:56 Aryaii.co nginx[16787]: Starting nginx: nginx: [warn] invalid parameter "spdy": ngx_http_spdy_module was superseded by ngx_http_v2_module in /usr/local/
    Jun 02 19:26:56 Aryaii.co nginx[16787]: nginx: [emerg] SSL_CTX_use_PrivateKey_file("/usr/local/nginx/conf/ssl/aryaii.com/aryaii.com.key") failed (SSL: error:0B080074:x5
    Jun 02 19:26:56 Aryaii.co nginx[16787]: [FAILED]
    Jun 02 19:26:56 Aryaii.co systemd[1]: nginx.service: control process exited, code=exited status=1
    Jun 02 19:26:56 Aryaii.co systemd[1]: Failed to start SYSV: Nginx is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3 proxy server.
    -- Subject: Unit nginx.service has failed
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    --
    -- Unit nginx.service has failed.
    --
    -- The result is failed.
    Jun 02 19:26:56 Aryaii.co systemd[1]: Unit nginx.service entered failed state.
    Jun 02 19:26:56 Aryaii.co systemd[1]: nginx.service failed.
    Jun 02 19:26:56 Aryaii.co polkitd[667]: Unregistered Authentication Agent for unix-process:16782:1816409 (system bus name :1.144, object path /org/freedesktop/PolicyKit
    lines 1140-1182/1182 (END)
     
  20. eva2000

    eva2000 Administrator Staff Member

    46,214
    10,506
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,289
    Local Time:
    2:10 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    spdy is deprecated so replace spdy with http2 in domain.com.ssl.conf listen line

    using 123.08stable or 123.09beta01 centmin mod ? could be bug in 123.08stable vhost ssl generator should be http2