The Setup
While double checking my website after some minor behind the scenes changes, I noticed an error regarding my connection.
Firefox wouldn’t give me the expected “green lock”. Instead I received a warning dialog that the connection is insecure.
Recently I had gotten a certificate from the awesome organization Lets Encrypt the Web.
5 Second Fix
It appears when I first setup the Nginx server I specified the certificate from Let’s Encrypt. This was not providing the chain of trust from the CA, through the intermediate, to the certificate itself. Nginx does a great job of explaining this here.
The solution is simple. Where you have the certificate, create a new cert of your host certificate + the chain like so:
cd /path/to/certificates;
cat host.pem chain.cert > complete.pem;
You can now specify the newly formed complete.pem in your nginx config like
so:
ssl_certificate /path/to/certificates/complete.pem;
I reloaded my nginx configuration. Note reload is way better than
restart for Nginx since it’ll check the syntax of your configuration files
before loading them. This can prevent bad syntax being the reason why your
website is down since it won’t load the new configuration until after the
configuration has been verified.
sudo service nginx reload
You should now point your browser to your website with a https:// schema
and you’ll see an awesome green lock icon instead of the dialog telling you how
tore up your website currently is.