Can't access site via https after installing ssl certificate (Nginx, Ubuntu 14.04)

October 23, 2017 4.1k views
Nginx Ubuntu
laurentiu
By:
laurentiu

I am getting the "took too long to respond" timing out error in browser. There is an issue accessing the site on port 443 but there are no firewalls.

This is not the default server block. I have another site on SSL however that is an "external" cloudflare ssl.

No errors in nginx logs.

Here is the server block:

server {
       listen 80;
       listen [::]:80;
       listen 443 ssl;

       server_name mydomain.com www.mydomain.com;

      # return         301 https://$server_name$request_uri;

        error_log    /var/log/nginx/mydomain.com.error.log debug;

        root /var/www/mydomain.com/html;
        index index.php;

        set $cache_uri $request_uri;

    # POST requests and urls with a query string should always go to PHP
    if ($request_method = POST) {
        set $cache_uri 'null cache';
    }   
    if ($query_string != "") {
        set $cache_uri 'null cache';
    } 

        ssl_certificate /etc/nginx/ssl/mydomain/ssl-bundle.crt;
        ssl_certificate_key /etc/nginx/ssl/mydomain/mydomain.key;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

        # Use cached or actual file if they exists, otherwise pass request to WordPress
    location / {
        try_files /wp-content/cache/page_enhanced/${host}${cache_uri}_index.html $uri $uri/ /index.php?$args ;
        }

        location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
        expires max; log_not_found off; access_log off;
        add_header Pragma public;
        add_header Cache-Control "public";
        }

        error_page 404 /404.html;

        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
                root /usr/share/nginx/html;
        }

        location ~ \.php$ {
                try_files $uri =404;
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                fastcgi_pass unix:/var/run/php5-fpm.sock;
                fastcgi_index index.php;
                include fastcgi_params;
                fastcgi_buffer_size 128k;
                fastcgi_buffers 4 256k;
                fastcgi_busy_buffers_size 256k;
        }
}
Log In to Comment
2 Answers
nonibros October 23, 2017

I would recheck to see for sure if you do not have any firewalls running. If you do, check to see if 443 is opened. If I remember correctly, my VPS came with a firewall that I had to opened specific ports to, so please recheck this.

Your server block seems to be ok. It could be an issue with the keys, which I'd suggest regenerating. It could also be that the keys themselves are in a folder with permissions issues.

I use my keys from LetsEncrypt, which look like the below.

  ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;

Sorry, this one has me a little stumped too.

Reply
  • laurentiu October 23, 2017

    Thank you for the help. I think 443 is the issue but I don't know where to look at.

    Anyway, nginx is listening on 443, symlinks are there and no syntax errors reported by nginx. There is no firewall problem, the port is open.

    80/tcp ALLOW Anywhere
    25/tcp ALLOW Anywhere
    443 ALLOW Anywhere

    I don't think it's the keys, they match.

    I'll post if I find a solution.

superdevop October 24, 2017

lets do a flow based analysis

run below command

1) lsof -i :443

if it says
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 7428 root 23u IPv4 76877969 0t0 TCP *:https (LISTEN)
nginx 26768 www-data 23u IPv4 76877969 0t0 TCP *:https (LISTEN)

than you should look at number 3

2) if it doesnt show anything
look for your config file where you define the hosting to be residing inside sites-enabled directory not the sites-available

3) telnet localhost 443
if it worked and you get the response. than curl -vvvvvv https://localhost/

4) if it still didnot worked than you can contact superdevop.com to have a look for free. if its small glitch we do it for free.

Reply
Have another answer? Share your knowledge.

Related Questions