Debian 9 Nginx HTTPS not working (Let's Encrypt, Debian 9.6)

Question

Hi,

I have followed this tutorial and I am having trouble getting SSL to work. Normal HTTP works fine, but when I try to use HTTPS I get an ERR_ADDRESS_UNREACHABLE error, or via curl: curl: (7) Failed to connect to mydomain.com port 443: No route to host. The HTTPS requests don’t even come up /var/log/nginx/access.log .

Here are the relevant files:

# /etc/nginx/sites-available/mydomain.com
server {
        listen 80;
        listen [::]:80;

        root /var/www/mydomain.com/html;
        index index.html;

        server_name mydomain.com www.mydomain.com;

        location / {
        root /var/www/mydomain.com/html;
                try_files $uri $uri/ =404;
        }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

# /var/www/mydomain.com/html/index.html
<html>
<head>
testing
</head>
</html>

My firewall (ufw) is inactive, port 443 is forwarded on my router, nginx -t runs fine. Here are my dns (GoDaddy) records. Both point to my ip.

I’m running Debian 9.6 (stretch) and Nginx 1.10.3.

joshpw · Accepted Answer

Found my mistake (a dumb one)… The SSL port’s destination ip was not my server’s ip address. Fixed, thanks for all the help.

Jason Peters · Answer

try separating your server blocks into SSL and NON-SSL definitions like so…

server {
    listen 80;

    server_name mydomain.com www.mydomain.com;

    root /var/www/mydomain.com/html;
    index index.html;

    location / {
        try_files $uri $uri/ /index.html =404;
    }

    access_log /var/logs/nginx/mydomain_access.log; 
    error_log /var/logs/nginx/mydomain_error.log;
}


server {
    listen 443 ssl http2;

    server_name mydomain.com www.mydomain.com;

    root /var/www/mydomain.com/html;
    index index.html;

    ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem; 
    ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem; 

    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
    ssl_ecdh_curve secp384r1;

    ssl_stapling on;
    ssl_stapling_verify on;

    resolver 8.8.8.8 8.8.4.4 valid=300s;
    resolver_timeout 5s;

    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-Content-Type-Options nosniff; 
    
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        try_files $uri $uri/ /index.html =404;
    }

    access_log /var/logs/nginx/mydomain_access_ssl.log;
    error_log /var/logs/nginx/mydomain_error_ssl.log;
}

The final two lines in each block will provide you with access/error logs for each consideration. Ensure to replace “mydomain” with your real domain name.

As well I am not to sure what you mean by your router is pointed to 443.

Related

Question

Debian 9 Nginx HTTPS not working (Let's Encrypt, Debian 9.6)

Related