I had let the SSL certificate on one of my properties expire. I purchased a new certificate and installed it on the server. But the server seemed to still return the old, expired certificate. I had restarted the nginx service several times and yet nothing happened. I ended up spending an annoying amount of time on this issue as StackOverflow + Google were not helpful. So I thought I would blog my solution here in case someone else is having trouble too.

Cause

Turns out I had an nginx process running the background even after I successfully executed sudo service nginx stop. That meant the command I was using to restart nginx was not actually restarting the process that I needed! I suspect this was because I did not start nginx using the ‘service’ command in the first place.

Solution

0. Stop the current nginx process sudo service nginx stop
 
1. Kill the nginx process as opposed to restarting or reloading the nginx service
a. ps -ef|grep nginx and note down the process id (in my case two ids were present)
b. kill -9 $process_id_from_1a
 
2. ps -ef|grep nginx and make sure no nginx processes exist
 
3. sudo service nginx start

That’s it!
 

Asides

I found the following useful as part of my debugging:
a) To check the dates of a certificate: echo | openssl s_client -connect wisdomofreddit.com:443 | openssl x509 -noout -dates
b) nginx -t to see errors parsing an nginx conf file
c) There are several online ‘SSL Checkers’ that you can use to see what is wrong with your certificate. I did not know that until I hit this issue 🙂
 
Note: There are several reasons why your new SSL certificate may not be installed correctly. This post happens to be about one reason that I encountered
 
 

Related posts:

How to stop Pact Mock Service manually? Connecting to BrowserStack from CircleCI containers Cool things I read this week (25-Jan-2015)