Question
Let's Encrypt Not Working in Sub Directory(NGINX and Ubuntu 16.04.6)
- Posted on May 6, 2020
- NginxUbuntu 16.04Initial Server SetupLet's Encrypt
Asked by Shamir Adnan
Hi, I have a droplet using OS Ubuntu 16.04.6 with nginx server. I have hosted multiple domain in this server. For each domain I have created separate server block.I have installed Certbot to get Let’s Encrypt CA for my domain. Everything is going fine for my root domain. When I browse like example.com my browser says, connection secure with a lock sign. I have three sub directory in my root for different user. “example.com/adminsystem” “example.com/superadmin” “example.com/consultant”. When user log in from example.com system redirect user based on user role. Everything is good but my browser says, Connection is not secure. I am not good in Server configuration. I’ve learn everything form documentation. But I couldn’t find exact similar issue. In my app I did’t use wordpress or any CMS. There are just some html and php files. and most index files are html. I need url pattern : “example.com/adminsystem” “example.com/superadmin/?date=somedate” “example.com/consultant” Any help appreciated.
Thanks,
Shamir
Here is my server block file -
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
# SSL configuration
#
#listen 443 ssl default_server;
#listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/example.com/html;
# Add index.php to the list if you are using PHP
index index.html index.php index.htm index.nginx-debian.html;
server_name example.com www.example.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
#try_files $uri $uri/ /index.php $uri/index.php =404;
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
}
location /adminsystem {
index index.php index.html index.htm;
try_files $uri $uri/ /adminsystem/index.php?$args;
}
location /superadmin {
index index.php index.html index.htm;
try_files $uri $uri/ /superadmin/index.php?$args;
}
location /consultant {
index index.php index.html index.htm;
try_files $uri $uri/ /consultant/index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php7.0-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php7.0-fpm:
# fastcgi_pass unix:/run/php/php7.0-fpm.sock;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name example.com www.example.com;
listen 80;
return 404; # managed by Certbot
}
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Get our biweekly newsletter
Sign up for Infrastructure as a Newsletter.
Hollie's Hub for Good
Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.
Become a contributor
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
Hi there @shamiromy,
It does not look like a server configuration problem, it sounds like that you might have mixed content on the page which could be causing the not secure message in your browser.
Mixed content basically means that you have some resources like images, CSS, js files, or external resources loading from HTTP rather than HTTPS.
You can use this site here to show you which resources are not loading via https:
https://www.whynopadlock.com/
Just put the full URL that you would like to check this for and the site would give you a list of the resources which are loading via HTTP and you would need to update the references for them to HTTPS.
Another way to check that is via your web browser console, there you would also see a mix content warning for the specific resources.
Regards, Bobby