Getting "Welcome to Nginx" message after installing letsencrypt certbot on ubuntu 16.04

March 21, 2018 1.7k views
Nginx Let's Encrypt Django Ubuntu 16.04

After going through the tutorial on how to set up django with nginx on ubuntu 16.04 my website was running perfectly fine but after i tried adding the letsencrypt certbot, my domain is working with https but i am getting "Welcome to nginx" message.

any suggestion

https://www.digitalocean.com/community/tutorials/how-to-set-up-django-with-postgres-nginx-and-gunicorn-on-ubuntu-16-04

https://www.digitalocean.com/community/tutorials/how-to-set-up-django-with-postgres-nginx-and-gunicorn-on-ubuntu-16-04

1 comment
  • Most likely if you installed the certbot-nginx version, certbot rewrote your NGINX config to redirect port 80 traffic to port 443. You will need to adjust your NGINX config to accommodate the new configurations.

    Can you post your NGINX config file for the website?

8 Answers

user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
workerconnections 768;
# multi
accept on;
}

http {

##
# Basic Settings
##

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;

# server_names_hash_bucket_size 64;
# server_name_in_redirect off;

include /etc/nginx/mime.types;
default_type application/octet-stream;

##
# SSL Settings
##

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;

##
# Logging Settings
##

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

##
# Gzip Settings
##

gzip on;
gzip_disable "msie6";

# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

##
# Virtual Host Configs
##

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;

}

mail { # See sample authentication script at: # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript # auth_http localhost/auth.php; # pop3_capabilities "TOP" "USER"; # imap_capabilities "IMAP4rev1" "UIDPLUS"; server { listen localhost:110; protocol pop3; proxy on; server { listen localhost:143; protocol imap; proxy on; }
  • not quite what I was looking for - the file I am requesting will be in /etc/nginx/conf.d/ or /etc/nginx/sites-available/ - This is the file that includes the server {} block for your website.

    • i tried rebuilding the droplet again and now i am not even able to get my certificate :

      this is the message that i am getting while trying to add my certificate

      IMPORTANT NOTES:

      • The following errors were reported by the server:

      Domain: rickysingh.xyz
      Type: unauthorized
      Detail: Invalid response from
      http://rickysingh.xyz/.well-known/acme-challenge/m9yNz8wKXAnl07dcaj-2C663Sz7LLnQvrETakaXjeBs:
      "<html>
      <head><title>404 Not Found</title></head>
      <body bgcolor="white">
      <center><h1>404 Not Found</h1></center>
      <hr><center>"

      Domain: www.rickysingh.xyz
      Type: unauthorized
      Detail: Invalid response from
      http://www.rickysingh.xyz/.well-known/acme-challenge/djg122CC8RAcSiBlAQAY6StfdptmQi0qy9mcJ_GPFW4:
      "<html>
      <head><title>404 Not Found</title></head>
      <body bgcolor="white">
      <center><h1>404 Not Found</h1></center>
      <hr><center>"

      To fix these errors, please make sure that your domain name was
      entered correctly and the DNS A/AAAA record(s) for that domain
      contain(s) the right IP address.

      =====================================================================

      /etc/nginx/conf.d/ is empty

      =====================================================================

      /etc/nginx/sites-available/default

      You should look at the following URL's in order to grasp a solid understanding of Nginx configuration files in order to fully unleash the power of Nginx. http://wiki.nginx.org/Pitfalls http://wiki.nginx.org/QuickStart http://wiki.nginx.org/Configuration Generally, you will want to move this file somewhere, and start with a clean file but keep this around for reference. Or just disable in sites-enabled. Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. Default server configuration

      server {
      listen 80 defaultserver;
      listen [::]:80 default
      server;

      # SSL configuration
      #
      # listen 443 ssl default_server;
      # listen [::]:443 ssl default_server;
      #
      # Note: You should disable gzip for SSL traffic.
      # See: https://bugs.debian.org/773332
      #
      # Read up on ssl_ciphers to ensure a secure configuration.
      # See: https://bugs.debian.org/765782
      #
      # Self signed certs generated by the ssl-cert package
      # Don't use them in a production server!
      #
      # include snippets/snakeoil.conf;
      
      root /var/www/html;
      
      # Add index.php to the list if you are using PHP
      index index.html index.htm index.nginx-debian.html;
      
      server_name rickysingh.xyz www.rickysingh.xyz;
      
      location / {
          # First attempt to serve request as file, then
          # as directory, then fall back to displaying a 404.
          try_files $uri $uri/ =404;
      }
      
      # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
      #
      #location ~ \.php$ {
      #   include snippets/fastcgi-php.conf;
      #
      #   # With php7.0-cgi alone:
      #   fastcgi_pass 127.0.0.1:9000;
      #   # With php7.0-fpm:
      #   fastcgi_pass unix:/run/php/php7.0-fpm.sock;
      #}
      
      # deny access to .htaccess files, if Apache's document root
      # concurs with nginx's one
      #
      #location ~ /\.ht {
      #   deny all;
      #}
      

      }

      Virtual Host configuration for example.com You can move that to a different file under sites-available/ and symlink that to sites-enabled/ to enable it. server { listen 80; listen [::]:80; server_name example.com; root /var/www/example.com; index index.html; location / { try_files $uri $uri/ =404; }

      ======================================================================

      /etc/nginx/sites-available/myproject

      server {
      listen 80;
      server_name rickysingh.xyz www.rickysingh.xyz;

      location = /favicon.ico { access_log off; log_not_found off; }
      location /static/ {
          root /root/myproject;
      }
      
      location / {
          include proxy_params;
          proxy_pass http://unix:/root/myproject/myproject.sock;
      }
      

      }

[deleted]

nope, i just rebuild the droplet with same configuration (same droplet size, location)....

i never deleted the droplet by myself, but digitalocean does it from there side and gave me a new droplet with same configuration.

try this: it worked for me after installing letsencrypt on centos 6 linux

server {
listen 80 defaultserver;
server
name {domain-name} ;
return 301 https://$servername$requesturi;
}

server {
listen 443 ssl http2;
server_name {domain-name} ;

ssl on;
sslcertificate /etc/letsencrypt/live/{domain-name}/fullchain.pem;
ssl
certificatekey /etc/letsencrypt/live/{domain-name}/privkey.pem;
ssl
sessiontimeout 5m;
ssl
protocols TLSv1 TLSv1.1 TLSv1.2;
sslciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl
preferserverciphers on;
sslsessioncache shared:SSL:10m;
location / {
proxypass http://localhost:8080;
proxy
httpversion 1.1;
proxy
setheader Upgrade $httpupgrade;
proxysetheader Connection 'upgrade';
proxysetheader Host $host;
proxycachebypass $http_upgrade;
}
location /.well-known/acme-challenge/ {
root /var/www/domainame;
}

}

The last line acme challenge one is vital for generating your website page. .

by Justin Ellingwood
The LEMP software stack is a group of software that can be used to serve dynamic web pages and web applications. This is an acronym that describes a Linux operating system, with an Nginx web server. The backend data is stored in the MySQL database and the dynamic processing...
Have another answer? Share your knowledge.