Can not restart Nginx after adding SSL cert configuration?

Question

I just buy RapidSSL from Name.com and tried to install it following this link

https://www.digitalocean.com/community/tutorials/how-to-install-an-ssl-certificate-from-a-commercial-certificate-authority

So when i ran

sudo service nginx restart

I got this.

Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.

So this is my /etc/nginx/sites-available/default

server {
    listen 80;
    server_name mydomain.co;
    rewrite ^/(.*) https://mydomain.co/$1 permanent;
}

server { 
    listen 443 ssl;

    ssl_certificate ~/key/www.mydomain.co.chained.crt;
    ssl_certificate_key ~/key/www.mydomain.co.key;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

    server_name mydomain.co;
    root /www/mydomain/build;
    index index.html index.htm;
    rewrite ^/(.*)/$ $1 permanent;

    location ~ ^.+\..+$ {
      try_files $uri =404;
    }   

    location / {
        try_files $uri $uri/ /index.html;
    }

    location ~ /\. {
        deny all;
        access_log off;
        log_not_found off;
        return 404;
    }
}

But when i remove this line

ssl_certificate ~/key/www.mydomain.co.chained.crt;

I can restart nginx.

Anyone know how to fix this?

Thanks!

Answer 1

The ~ in your nginx config file is probably not working in the way you intended. I assume you intended for it to become /home/username/key/www.mydomain.co.chained.crt, but it won't be handled like that.

To confirm this, readd the config line, and then run nginx -t. You will see nginx's config checking error log:

nginx: [emerg] BIO_new_file("/etc/nginx/~/key/www.mydomain.co.chained.crt") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/~/key/www.mydomain.co.chained.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)

Answer 2

I can't comment because of my new user reputation, but do you mind pasting the nginx error log ? The reason of failure should be there

The 2 things i can think on top of my head are: 1. wrong file permissions or bad location 2. wrong .crt contents - make sure that your certificate file contains the combined certificate + CA intermediate certificates in the right order (certificate first, CA after) and when you pasted those you did not added extra lines or missed some chars.