I had let the SSL certificate on one of my properties expire. I purchased a new certificate and installed it on the server. But the server seemed to still return the old, expired certificate. I had restarted the nginx service several times and yet nothing happened. I ended up spending an annoying amount of time on this issue as StackOverflow + Google were not helpful. So I thought I would blog my solution here in case someone else is having trouble too.
Turns out I had an nginx process running the background even after I successfully executed
sudo service nginx stop. That meant the command I was using to restart nginx was not actually restarting the process that I needed! I suspect this was because I did not start nginx using the ‘service’ command in the first place.
0. Stop the current nginx process
sudo service nginx stop
1. Kill the nginx process as opposed to restarting or reloading the nginx service
ps -ef|grep nginx and note down the process id (in my case two ids were present)
kill -9 $process_id_from_1a
ps -ef|grep nginx and make sure no nginx processes exist
sudo service nginx start
I found the following useful as part of my debugging:
a) To check the dates of a certificate:
echo | openssl s_client -connect wisdomofreddit.com:443 | openssl x509 -noout -dates
nginx -t to see errors parsing an nginx conf file
c) There are several online ‘SSL Checkers’ that you can use to see what is wrong with your certificate. I did not know that until I hit this issue 🙂
Note: There are several reasons why your new SSL certificate may not be installed correctly. This post happens to be about one reason that I encountered