Post Install - all good no ghost

Simply try this …

sudo ls -Flai /etc/ssl/certs/fourankles*
sudo ls -Flai /etc/ssl/private/fourankles*

… and confirm that these files match those in /etc/nginx/sites-available/

Good digging/troubleshooting Martin!
In my certs directory the pem file name is not consistent with what is listed in the conf file.
In my private directory there is nothing at all! I hope that’s normal, but I clearly need to change the name of the pem file, but in which location?

And how do I buy you a pint for all this help?


1 Like

You need two certificates from Cloudflare. See this guide.

For step 5., choose Generate private key and CSR with Cloudflare.

Once they are created, download, keep in a safe place, and then copy to your server using the filenames and locations in the Nginx config file. Note that these are text files, so you can simply create the files, e.g. sudo nano /etc/ssl/certs/fourankles_com-cert.pem, and paste the content. Be sure to place the certificates in the correct folder (the private certificate starts with “-----BEGIN PRIVATE KEY-----”.)

Finally, run this: sudo chmod 644 /etc/ssl/private/fourankles_com-key.pem.

Then test again: sudo nginx -t.

I did do that, but you’re forgetting I have cursed fingers. Something loves messing with me. Not to sound paranoid, but look at my luck so far. Hah!. I’ll confirm this really quick and get back in hour so after lunch.

1 Like

I did a quick check.
In /certs I have my two files, the .pem and .key. The only think I can think is that have a different naming convention.

Maybe the use of a _ would be better?

The other glaring issue is that the cert .pem is not in the private folder. Should I move it there or copy it there? Or does in need to have a symbolic link?


In that case, change the Nginx config lines:

    ssl_certificate /etc/ssl/certs/;
    ssl_certificate_key /etc/ssl/certs/;

And test!

Hey Martin,
I’ve corrected the syntax/grammer, but there is still nothing in the /etc/ssl/private/ directory. should I copy the .pem in there?


It doesn’t matter, so long as the config file correctly locates both certificates.

Have you tested the config?

Unfortunately I can’t get nginx working. See way up in the chat. Sooper frustrating stuff that. But now that I’m learning where all this stuff is supposed to go, I could do a clean slate and start over again.


What does sudo nginx -t give?

Hey Martin,

nginx: [emerg] cannot load certificate key “/etc/ssl/private/”: BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/ssl/private/, r) error:10000080:BIO routines::no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

A quick check shows that the /private directory is empty. I know you felt it shouldn’t matter, but there does seem like some kind of issue here.

A quick check of the nginx.conf seems as though it’s the generic configuration.


I’ve already explained that you need to update the config file so it has the correct path for each certificate.

You stated that both certificates are in the same folder; I gave you the lines to use, based on the information shared. It seems that you haven’t updated the config, and it’s looking for the certificate in “private”. This is incorrect.

Please reread my posts, and make sure you make the changes, and then test before trying to reload Nginx.

Okay, I went back through the notes. I found a misspelling in the name of the .key file and corrected that. And then I copied the key file into the /private directory and nginx fired right up! I’m not seeing the website yet thought. Cached bad sites maybe?


I’ve cleared the cache, etc. on my local machine. My guess is that I didn’t configure something correctly on cloudflare. Any thoughts?

ps. The possible is that there is a looping referral going round and round…

pss. I’m in!!! I switched cloudflare SSL to strict!!!

psss. I can’t sign in, but I think that’s another issue and I’ll start a new thread if I can’t find it in the forum.

1 Like

That’s fantastic news. I’m glad you stuck with it.