Md Toy Blog

Nginx emerg error

Sun Oct 18 2020 00:00:00 GMT+0000 (Coordinated Universal Time)

As of october 15, when trying to setup nginx letsencrypt certbot through ssd nodes tutorial, you may get a similar error:

nginx: [emerg] SSL_CTX_set_cipher_list("[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]:ECDHE
AES128:RSA+AES128:ECDHE+AES256:RSA+AES256:ECDHE+3DES:RSA+3DES") failed (SSL: error:140E6118:SSL routines:SSL_CIPHER_PROCESS_RULESTR:invalid command)
nginx: configuration file /etc/nginx/nginx.conf test failed

text

nginx-proxy error:140E6118:SSL routines:ssl_cipher_process_rulestr:invalid command

It arises from the latest conf file. Issues have been filed for this error, but in my experience it is due to a "hidden" newline character in the cipher string.

Solution

Anyhow, what I did was to go to the line containing the cipher reported by the error above and remove the new line between the ECDHE and AES128. When opening the file with vim I have to admit that I was not seeing any new line. But somehow it was printed with a new line in the terminal where the error appeared. So just to make sure everything was fine, I rewrote the ECDHEAES128 part. So it's more voodoo than science. Anyway after that it worked.

Conclusion

Do I know if I identified the real problem? No

Does the solution work? Yes