Old SSL certificate being served by nginx

I had let the SSL certificate on one of my properties expire. I purchased a new certificate and installed it on the server. But the server seemed to still return the old, expired certificate. I had restarted the nginx service several times and yet nothing happened. I ended up spending an annoying amount of time on this issue as StackOverflow + Google were not helpful. So I thought I would blog my solution here in case someone else is having trouble too.

Cause

Turns out I had an nginx process running the background even after I successfully executed sudo service nginx stop. That meant the command I was using to restart nginx was not actually restarting the process that I needed! I suspect this was because I did not start nginx using the ‘service’ command in the first place.

Solution

0. Stop the current nginx process sudo service nginx stop
 
1. Kill the nginx process as opposed to restarting or reloading the nginx service
a. ps -ef|grep nginx and note down the process id (in my case two ids were present)
b. kill -9 $process_id_from_1a
 
2. ps -ef|grep nginx and make sure no nginx processes exist
 
3. sudo service nginx start

That’s it!
 

Asides

I found the following useful as part of my debugging:
a) To check the dates of a certificate: echo | openssl s_client -connect wisdomofreddit.com:443 | openssl x509 -noout -dates
b) nginx -t to see errors parsing an nginx conf file
c) There are several online ‘SSL Checkers’ that you can use to see what is wrong with your certificate. I did not know that until I hit this issue 🙂
 
Note: There are several reasons why your new SSL certificate may not be installed correctly. This post happens to be about one reason that I encountered
 
 

Arunkumar Muralidharan

I want to find out what conditions produce remarkable software. A few years ago, I chose to work as the first professional tester at a startup. I successfully won credibility for testers and established a world-class team. I have lead the testing for early versions of multiple products. Today, I run Qxf2 Services. Qxf2 provides software testing services for startups. If you are interested in what Qxf2 offers or simply want to talk about testing, you can contact me at: mak@qxf2.com. I like testing, math, chess and dogs.

Be First to Comment

Leave a Reply

Your email address will not be published.