Question

Debian 9 Nginx HTTPS not working (Let's Encrypt, Debian 9.6)

Hi,

I have followed this tutorial and I am having trouble getting SSL to work. Normal HTTP works fine, but when I try to use HTTPS I get an ERR_ADDRESS_UNREACHABLE error, or via curl: curl: (7) Failed to connect to mydomain.com port 443: No route to host. The HTTPS requests don’t even come up /var/log/nginx/access.log .

Here are the relevant files:

# /etc/nginx/sites-available/mydomain.com
server {
        listen 80;
        listen [::]:80;

        root /var/www/mydomain.com/html;
        index index.html;

        server_name mydomain.com www.mydomain.com;

        location / {
        root /var/www/mydomain.com/html;
                try_files $uri $uri/ =404;
        }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

# /var/www/mydomain.com/html/index.html
<html>
<head>
testing
</head>
</html>

My firewall (ufw) is inactive, port 443 is forwarded on my router, nginx -t runs fine. Here are my dns (GoDaddy) records. Both point to my ip.

I’m running Debian 9.6 (stretch) and Nginx 1.10.3.

Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

joshpwJanuary 27, 2019
Accepted Answer

Found my mistake (a dumb one)…

The SSL port’s destination ip was not my server’s ip address. Fixed, thanks for all the help.

Jason PetersJanuary 26, 2019

try separating your server blocks into SSL and NON-SSL definitions like so…

server {
    listen 80;

    server_name mydomain.com www.mydomain.com;

    root /var/www/mydomain.com/html;
    index index.html;

    location / {
        try_files $uri $uri/ /index.html =404;
    }

    access_log /var/logs/nginx/mydomain_access.log; 
    error_log /var/logs/nginx/mydomain_error.log;
}


server {
    listen 443 ssl http2;

    server_name mydomain.com www.mydomain.com;

    root /var/www/mydomain.com/html;
    index index.html;

    ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem; 
    ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem; 

    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
    ssl_ecdh_curve secp384r1;

    ssl_stapling on;
    ssl_stapling_verify on;

    resolver 8.8.8.8 8.8.4.4 valid=300s;
    resolver_timeout 5s;

    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-Content-Type-Options nosniff; 
    
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        try_files $uri $uri/ /index.html =404;
    }

    access_log /var/logs/nginx/mydomain_access_ssl.log;
    error_log /var/logs/nginx/mydomain_error_ssl.log;
}

The final two lines in each block will provide you with access/error logs for each consideration. Ensure to replace “mydomain” with your real domain name.

As well I am not to sure what you mean by your router is pointed to 443.

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

card icon
Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Sign up
card icon
Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We’d like to help.

Learn more
card icon
Become a contributor

You get paid; we donate to tech nonprofits.

Learn more
Featured on Community
Kubernetes CourseLearn Python 3Machine Learning in PythonGetting started with GoIntro to Kubernetes
DigitalOcean Products
CloudwaysVirtual MachinesManaged DatabasesManaged KubernetesBlock StorageObject StorageMarketplaceVPCLoad Balancers
Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow – whether you’re running one virtual machine or ten thousand.

Learn more ->
DigitalOcean Cloud Control Panel
Get started for free

Enter your email to get $200 in credit for your first 60 days with DigitalOcean.

New accounts only. By submitting your email you agree to our Privacy Policy.

© 2023 DigitalOcean, LLC.