Some SSL provider generates intermedia.crt root.crt and domain cert in 2 different files, when configure nginx 3 things need to happen first.
- cat domain > itermedia > root certs into one cert
- open the newly created file, make sure —–END CERTIFICATE———-BEGIN CERTIFICATE—– is not happening. if so, create new line
- if you still cannot start nginx , do this sudo setenforce 0
# in my case
cat certificate.crt ca_bundle.crt >> ssl-bundle.crt
#open file and edit it
nano ssl-bundle.crt
# find -----END CERTIFICATE----------BEGIN CERTIFICATE-----
# make sure they are like this
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
# update your nginx.config file with newly created ssl-bundle.crt
# at last
sudo setenforce 0
sudo nginx -t
sudo systemctl restart nginxFunny thing is , if you provide only the domain crt in the nginx config file, browser would not complain. But if u do a curl or postman to the server. it complains that no root certs found. Better off using letsencrypt. I encounter this extra steps with a paid certs.