https not working with letsencrypt in vestacp apache + nginx(proxy)

September 23, 2017 165 views
WordPress Let's Encrypt Apache Nginx Security Server Optimization Ubuntu 16.04

actually i had setup my ubuntu server with vesta cp (apache with nginx proxy). i installed letsencrypt and it installed successfully. the problem is ssl works only with vestacp admin panel on port 8083. other than that document root (public_html) never works. I tried all possible fixes googling and it never worked. i checked everything. port 443 is open. but still not loading.

the error i get in firefox is : "Secure Connection Failed, The connection to **.com was interrupted while the page was loading. The page you are trying to view cannot be shown because the authenticity of the received data could not be verified."

none of my firewall configuration blocking it. i have removed and reinstalled letsencrypt certificates using certbot successfully but the same thing happens again.
there are two files created by vestacp for nginx config. one is for normal http "nginx.conf" and another one is for https "snginx.conf"
my nginx.conf has the following codes:

server {
    listen      192.168.1.2:443;
    ssl         on;
    server_name xxxxxxx.com www.xxxxxxx.com;
    ssl_certificate      /home/admin/conf/web/ssl.xxxxxxx.com.pem;
    ssl_certificate_key  /home/admin/conf/web/ssl.xxxxxxx.com.key;
    error_log  /var/log/apache2/domains/xxxxxxx.com.error.log error;

    ### Add SSL specific settings here ###

    ssl_protocols        SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers RC4:HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;
        keepalive_timeout    60;
    ssl_session_cache    shared:SSL:10m;
        ssl_session_timeout  10m;

    location / {
        proxy_pass      https://192.168.1.2:8443;
        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|tif|tiff|css|js|htm|html|ttf|otf|webp|woff|txt|csv|rtf|doc|docx|xls|xlsx|ppt|pptx|odf|odp|ods|odt|pdf|psd|ai|eot|eps|ps|zip|tar|tgz|gz|rar|bz2|7z|aac|m4a|mp3|mp4|ogg|wav|wma|3gp|avi|flv|m4v|mkv|mov|mpeg|mpg|wmv|exe|iso|dmg|swf)$ {
            root           /home/admin/web/xxxxxxx.com/public_html;
            access_log     /var/log/apache2/domains/xxxxxxx.com.log combined;
            access_log     /var/log/apache2/domains/xxxxxxx.com.bytes bytes;
            expires        max;
            try_files      $uri @fallback;
        }
    }

    location /error/ {
        alias   /home/admin/web/xxxxxxx.com/document_errors/;
    }

    location @fallback {
        proxy_pass      https://192.168.1.2:8443;
    }

    location ~ /\.ht    {return 404;}
    location ~ /\.svn/  {return 404;}
    location ~ /\.git/  {return 404;}
    location ~ /\.hg/   {return 404;}
    location ~ /\.bzr/  {return 404;}

    include /home/admin/conf/web/snginx.xxxxxxx.com.conf*;
}

the only modification i made here was code in "### Add SSL specific settings here ###"
.i checked nginx config and restarted it was ok. but still not working.

there are two files created by vestacp for apache config. one is for normal http "apache2.conf" and another one is forhttps "sapache2.conf"
my sapache2.conf file has following code in it

<VirtualHost 192.168.1.2:8443>

    ServerName xxxxxxx.com
    ServerAlias www.xxxxxxx.com
    ServerAdmin admin@xxxxxxx.com
    DocumentRoot /home/admin/web/xxxxxxx.com/public_html
    ScriptAlias /cgi-bin/ /home/admin/web/xxxxxxx.com/cgi-bin/
    Alias /vstats/ /home/admin/web/xxxxxxx.com/stats/
    Alias /error/ /home/admin/web/xxxxxxx.com/document_errors/
    SuexecUserGroup admin admin
    CustomLog /var/log/apache2/domains/xxxxxxx.com.bytes bytes
    CustomLog /var/log/apache2/domains/xxxxxxx.com.log combined
    ErrorLog /var/log/apache2/domains/xxxxxxx.com.error.log

    SSLEngine on
    SSLVerifyClient none
    SSLCertificateFile /home/admin/conf/web/ssl.xxxxxxx.com.crt
    SSLCertificateKeyFile /home/admin/conf/web/ssl.xxxxxxx.com.key
    SSLCertificateChainFile /home/admin/conf/web/ssl.xxxxxxx.com.ca

    <Directory /home/admin/web/xxxxxxx.com/public_html>
        AllowOverride All
        SSLRequireSSL
        Options +Includes -Indexes +ExecCGI
        php_admin_value open_basedir /home/admin/web/xxxxxxx.com/public_html:/home/admin/tmp
        php_admin_value upload_tmp_dir /home/admin/tmp
        php_admin_value session.save_path /home/admin/tmp
    </Directory>
    <Directory /home/admin/web/xxxxxxx.com/stats>
        AllowOverride All
    </Directory>


    <IfModule mod_ruid2.c>
        RMode config
        RUidGid admin admin
        RGroups www-data
    </IfModule>
    <IfModule itk.c>
        AssignUserID admin admin
    </IfModule>

    IncludeOptional /home/admin/conf/web/sapache2.xxxxxxx.com.conf*

</VirtualHost>

i tried reloading and restarting apache and nginx. it runs ok but https only works on port 8083, vestacp admin panel. i tried disabling firewalls and checked. the result is same.

all i can see is in chrome it reloads several times like establishing secure connection, connecting and finaly error follows after few seconds. in firefox, error as said above.
i checked by placing a dummy index.html in my home directory (moving wordpress index.php). but same error comes.

please help me. i am cracking my head here..

Be the first one to answer this question.