403 forbidden after installing Namecheap’s PositiveSSL

June 14, 2019 248 views
Nginx DigitalOcean Ubuntu 18.04

After installing SSL certificate with Namecheap’s PositiveSSL on my server i’m getting 403 forbidden error page. In HTTP the page does work. Also i've redirected from my old domain to a new one.

I’m developing a Laravel app on a Nginx host

here’s my /etc/nginx/sites-enabled/ssl.conf

listen 443;
ssl on;
ssl_certificate /etc/nginx/sites-available/nginx_bundle_guida_deltipo.crt;
ssl_certificate_key /root/azas.social.key;


server_name  azas.social;
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
location / {

root /var/www/visibilio/visibilio/public;
index index.html;
}

} 

this is my etc/nginx/sites-available/

server {
    listen 80;
    listen [::];

    root /var/www/visibilio/visibilio/public;
    index index.php index.html index.htm;

    # Make site accessible from http://localhost/
    server_name in-visibili.org;
    return 301 https://azas.social$request_uri;
    location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri /index.php?$query_string;
                # Uncomment to enable naxsi on this location
                # include /etc/nginx/naxsi.rules
        }

    error_page 404 /404.html;
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /usr/share/nginx/html;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.2-fpm.sock;
    }

Any help would be highly appreciated

1 Answer

Hello,

The problem is that you do not have your index.php specified in the index part of your 443 server block. That is why you are getting the 403 error as there is probably no index.html file in your document root.

You need to make sure that your PHP-FPM is also included in the 443 server block.

At the end it should look something like this:

server {
    listen 443;
    ssl on;
    ssl_certificate /etc/nginx/sites-available/nginx_bundle_guida_deltipo.crt;
    ssl_certificate_key /root/azas.social.key;

    root /var/www/visibilio/visibilio/public;
    index index.php index.html index.htm;

    # Make site accessible from http://localhost/
    server_name in-visibili.org;
    return 301 https://azas.social$request_uri;
    location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri /index.php?$query_string;
                # Uncomment to enable naxsi on this location
                # include /etc/nginx/naxsi.rules
        }

    error_page 404 /404.html;
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /usr/share/nginx/html;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.2-fpm.sock;
    }

Of course make sure to run a config test before restarting Nginx:

nginx -t

If you get Syntax OK then go ahead and restart Nginx:

systemctl restart nginx

Hope that this helps!
Regards,
Bobby

Have another answer? Share your knowledge.