User Tools

Site Tools


wiki:nginx_troubleshooting

Nginx troubleshooting

upstream SSL certificate verify error: (21:unable to verify the first certificate) while SSL handshaking to upstream

Happened when connecting to upstream server using the self-signed certificate. Workaround can be to set proxy_ssl_verify nginx directive to off;

Better option is to add the correct certificates in the file pointed to by proxy_ssl_trusted_certificate directive. The file should contain in order, server.crt (and probably any intermediary cert if you have it) then rootCA, e.g.

/etc/ssl/certs/trusted_ca_cert.crt

-----BEGIN CERTIFICATE-----
...
server.crt data
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
rootCA cert data
...
-----END CERTIFICATE-----

Tested on

  • nginx/1.23.0

See also

References

wiki/nginx_troubleshooting.txt · Last modified: 2022/09/23 14:01 by antisa

Except where otherwise noted, content on this wiki is licensed under the following license: CC0 1.0 Universal
CC0 1.0 Universal Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki