I’m in the process of moving all my Netlify domains into my DigitalOcean Droplet and wanted to make this the main one (the rest as subdomains). I already have a Node API hosted on the default sites-available.
I follwed this tutorial: https://linuxize.com/post/how-to-set-up-nginx-server-blocks-on-ubuntu-18-04/
In my /var/www/ I have a folder called repetitio.co.uk which is the domain name. Within this has public_html and contains index.html and the rest of the static site pulled via Git. My API code is hosted in my Home directory under RepetitioServer.
Within my /etc/nginx/sites-available is repetitio.co.uk which has my server file which contains:
server {
listen 80;
listen [::]:80;
root /var/www/repetitio.co.uk/public_html;
index index.html;
server_name repetitio.co.uk;
ssl_certificate /etc/letsencrypt/live/repetitio.co.uk/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/repetitio.co.uk/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/repetitio.co.uk/chain.pem;
access_log /var/log/nginx/repetitio.co.uk.access.log;
error_log /var/log/nginx/repetitio.co.uk.error.log;
include snippets/ssl-params.conf;
location ~ /.well-known {
allow all;
}
location / {
try_files $uri $uri/ =404;
}
}
I ran certbot and got the OK and copied the certs URL as shown above. Running sudo nginx -t returns
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
Now when I navigate to repetitio.co.uk I get
Your connection is not private
Attackers might be trying to steal your information from repetitio.co.uk (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID
My default server file looks like:
server {
listen 80;
listen 127.0.01;
listen [::]:80 ipv6only=on;
return 301 https://$host$request_uri;
}
# HTTPS — proxy all requests to the Node app
server {
# Enable HTTP/2
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ww2.zone;
# Use the Let’s Encrypt certificates
ssl_certificate /etc/letsencrypt/live/ww2.zone/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ww2.zone/privkey.pem; # managed by Certbot
# Include the SSL configuration from cipherli.st
include snippets/ssl-params.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:5000/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
Should also mention that I updated my CNAME records and have my domain in DigitalOcean Dashboard pointing to my droplet.
Any help is greatly appreciated.
Harry
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Hi @hbendixlewis,
It seems like there is something wrong with your SSL certificate. I’ll recommend you to check the certificate from here :
ssl_certificate_key /etc/letsencrypt/live/ww2.zone/privkey.pem; # managed by Certbot
And verify it actually works properly (here)[https://www.sslshopper.com/certificate-decoder.html].
If the Certificate and the Key do not match, I’ll recommend reissuing the certificate.
Regards, KDSys
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.