config
Certificate authority not trusted by client
ERR_CERT_AUTHORITY_INVALID|MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY
Fixes
- 1.Include intermediate certificates in the server's certificate chain file
- 2.Verify the chain order: server cert first, then intermediates, root last (or omit root)
- 3.Test with: openssl s_client -connect host:443 -servername host — check 'Verify return code'
sslcertificate-chainCA
Related Errors
config3 fixes
Nginx 502 Bad Gateway - upstream unavailable
502 Bad Gateway|upstream prematurely closed connection
- •Verify the upstream server is running and listening on the expected address/port
- •Increase proxy_read_timeout and proxy_connect_timeout for slow backends
config3 fixes
Nginx 504 Gateway Timeout
504 Gateway Time-?out|upstream timed out.*reading response
- •Increase proxy_read_timeout (default 60s): proxy_read_timeout 300s
- •Optimize the backend endpoint that's taking too long to respond
config3 fixes
Nginx redirect loop
rewrite or internal redirection cycle|return 301.*too many redirects
- •Check for conflicting rewrite rules that redirect back and forth (HTTP→HTTPS→HTTP)
- •Use 'return 301' instead of 'rewrite' for simple redirects to avoid rule interaction