Creating a single SSL certificate bundle from CA root and intermediate certificates

When you purchase an SSL certificate for a domain, e.g. to secure HTTPS usage with your web server, your certificate download may provide you several files like this:

youdomain.com.crt : this is your domain certificate

Files that look this are the root and intermediate certificates:

USERTrust_RSA_Certification_Authority.crt

Sectigo_RSA_Domain_Validation_Secure_Server_CA.crt

Depending how your SSL vendor supplies these files, the second two files may be provided already bundled in one file or two separate files.

To combine them together into one bundle file, use cat to concat the files:

cat yourdomain_com.crt USERTrustRSAAddTrustCA.crt AddTrustExternalCARoot.crt > domain_com.ca-bundle.crt

Open the file and check that each start and end comment for each cert are on their own line and not on the same line (see here).

WordPress 5.6 image upload error: not a valid JSON response

For larger image file uploads I’ve been getting this error recently:

Reducing the image file size and then retrying avoids the issue, but this adds additional steps.

Multiple posts online like this one suggest this is an error with the permalinks and resaving the current settings on that page in the Admin panel will fix the error, but this didn’t fix it for me.

Looking around in my server logs, I found this error in my /var/log/nginx/error.log:

2020/12/23 00:36:45 [error] 36#36: *311 client intended to send too large body: 4132609 bytes

This post suggests adding a client_max_body_size param in nginx.conf (or increasing the value already there). I added a larger value than the size in the error and this fixed the issue.

SSL certs upgraded, Docker images upgraded, ready to go!

I had to renew my SSL certs for this site, so while doing so I upgraded and addressed a few other issues.

First, apparently when I deployed the SSL certs last time I missed out some of the root certs in the chain. The vendor I used gives you each of the root certs individually and you need to manually concatenate them together yourself. More in another post on the steps I too to do this.

Since certs are part of my nginx Docker image, I rebuilt my image upgrading everything to latest versions. Since it was a also a couple of years since I last did this, I also had to go back through my posts here to work out the steps I took to deploy last time. I’ll post another update on the steps I took for this also later.

nginx and php-fpm configuration errors

Moving an nginx install from Ubuntu 14.04 to 18.04 and upgrading to more recent versions of nginx, php, php-fpm, I ran into this error in my nginx config:

2020/02/28 04:45:47 [crit] 11784#11784: *1 connect() to unix:/var/run/php7.2-fpm.sock failed (2: No such file or directory) while connecting to upstream, client: 192.168.x.x, server: , request: "GET /index.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php7.2-fpm.sock:", host: "10.x.x.x"

The “No such file or directory” error is talking about the nginx connection to the php7.2-fpm.sock, rather than the file the GET request is for.

On closer look at where the .sock file is located, this was a subtle error to find and fix, but the fix was simple as I was pointing to the wrong path.

In my nginx default config, I had this line (migrating from a config for an older nginx and pphp-fpm version, this is where it was before):

fastcgi_pass unix:/var/run/php7.2-fpm.sock;

… I was missing a /php/ dir in the path, so changing to the correct path was the fix:

fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;