Question

Getting 403 with www on domain and SSL certificate configuration

Posted July 5, 2020 3k views
NginxDjango

I set up django app following the next tutorial Django app

I configured all DNS records and it works fine.

I set up lets encrypt sertificate.

So, the problem is that certificate works fine on link with www.domain.net, but I get 403 forbidden. In the same time domain.net(without www) works fine, but it hasn’t SSL. How can I fix that?

Would be very grateful if somebody can help.
Thanks.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

Hi there @lavrikrom2,

It sounds like that your SSL Nginx Server block is not correct.

Can you share the content of both your Nginx Server Blocks for port 80 and 443 here so that I could advise you further on what the problem could be?

The two files are stored at the following folder:

/etc/nginx/sites-enabled

Regards,
Bobby

  • @bobbyiliev Thanks for your reply!

    First file:

    server {
        listen 80;
        listen [::]:80;
    
        server_name 167.71.12.224 www.lavrikroman.net lavrikroman.net;
        include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
    
    
        location = /favicon.ico { access_log off; log_not_found off; }
        location /static/ {
            root /home/roma/blog/backend/;
        }
    
        location / {
            include proxy_params;
            proxy_pass http://unix:/home/roma/gunicorn.sock;
        }
    }
    

    Default file:

       server {
            server_name www.lavrikroman.net;   
            index index.html index.htm index.nginx-debian.html;
    
            location / {
                    # First attempt to serve request as file, then
                    # as directory, then fall back to displaying a 404.
                    try_files $uri $uri/ /index.html;
            }
    
        #listen [::]:443 ssl ipv6only=on; # managed by Certbot
        listen 443 ssl; # managed by Certbot
        ssl_certificate /etc/letsencrypt/live/www.lavrikroman.net/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/www.lavrikroman.net/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
    
    }
    
    edited by MattIPv4
    • Hi there @lavrikrom2,

      Yes, so it looks like that your Nginx server block for port 443 does not have your Django reverse proxy configured.

      What you need to do is update your Nginx server block for port 443 to:

      server {
      
          listen 443 ssl; # managed by Certbot
          ssl_certificate /etc/letsencrypt/live/www.lavrikroman.net/fullchain.pem; # managed by Certbot
          ssl_certificate_key /etc/letsencrypt/live/www.lavrikroman.net/privkey.pem; # managed by Certbot
          include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
          ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
      
      
          server_name 167.71.12.224 www.lavrikroman.net lavrikroman.net;
          include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
      
      
          location = /favicon.ico { access_log off; log_not_found off; }
          location /static/ {
              root /home/roma/blog/backend/;
          }
      
          location / {
              include proxy_params;
              proxy_pass http://unix:/home/roma/gunicorn.sock;
          }
      }
      

      After that run a quick Nginx config test:

      • sudo nginx -t

      If you get Syntax OK message, then go ahead and restart Nginx:

      • sudo systemctl restart nginx

      Hope that this helps!
      Regards,
      Bobby

Submit an Answer