LetsEncrypt cannot connect to domain + ERR_CONNECTION_REFUSED

@julsgud

First, I’d recommend cleaning up the file and getting rid of all the commented directives that you don’t need. That’d leave us with:

server {
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;

    root /var/www/html;

    index index.html index.htm index.php index.nginx-debian.html;

    server_name plasticsrev.club www.plasticsrev.club;

    location ~ /.well-known {
        allow all;
    }
}

Now, the first issue depends on if you have other configurations (server blocks) in the same directory as this one. If you do and you’ve modified them, we’d need to look at them too.

The second issue is that you’ve not actually setup SSL for this domain. You’re not defining the path to the SSL Certificate, you’re missing the SSL configuration, and there’s no redirect to push requests on port 80 to 443 so that all traffic gets served over SSL.

There’s also the default location block missing to tell how to handle incoming requests.

To properly serve content over SSL, you’d want to use something such as what I’m showing below, which has been customized for your domain, so it’s basically a copy and paste. You’d paste all of this in to a single file.

server {
    listen 80;
    listen [::]:80;
    server_name plasticsrev.club www.plasticsrev.club;

    location ~ /.well-known {
        allow all;
    }

    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;
    server_name plasticsrev.club www.plasticsrev.club;

    root /var/www/html;

    index index.html index.htm index.php index.nginx-debian.html;

    ssl on;
    ssl_certificate /etc/nginx/ssl/star_forgott_com.crt;
    ssl_certificate_key /etc/nginx/ssl/star_forgott_com.key;

    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
    #ssl_dhparam /etc/nginx/ssl/dhparam.pem;
    ssl_ecdh_curve secp384r1;
    ssl_prefer_server_ciphers on;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_session_cache shared:SSL:50m;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_session_tickets off;
    ssl_session_timeout 5m;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }
}

You’d need to modify these two lines:

    ssl_certificate /etc/nginx/ssl/star_forgott_com.crt;
    ssl_certificate_key /etc/nginx/ssl/star_forgott_com.key;

… and replace the paths to match the location of your certificate and private key. The location block I have setup is just a starter. What you’d actually use depends on the type of site you’re hosting. We can modify that as needed.

Hey! Thanks for your response!

I get the following when doing sudo tail -20 /var/log/nginx/error.log

2017/05/24 16:37:33 [emerg] 29864#29864: unexpected "}" in /etc/nginx/sites-enabled/default:68
2017/05/24 16:49:39 [error] 29898#29898: *1 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 187.234.204.41, server: 0.0.0.0:443

Here is my full /etc/nginx/sites-enabled/default file:

##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
        listen 443 ssl http2 default_server;
        listen [::]:443 ssl http2 default_server;

        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;

        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html;

        server_name plasticsrev.club www.plasticsrev.club;

        location ~ /.well-known {
                allow all;
        }

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #       include snippets/fastcgi-php.conf;
        #
        #       # With php7.0-cgi alone:
        #       fastcgi_pass 127.0.0.1:9000;
        #       # With php7.0-fpm:
        #       fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #       deny all;
        #}
}

# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
#       listen 80;
#       listen [::]:80;
#
#       server_name example.com;
#
#       root /var/www/example.com;
#       index index.html;
#
#       location / {
#               try_files $uri $uri/ =404;
#       }
#}

Can’t see where that extra ‘}’ appears!

@julsgud

We’d need to see the full server block to take a look at the configuration. It looks like the one you’ve posted has been cut off :-).

Also, please run the following command and post the output in a code block as well:

tail -20 /var/log/nginx/error.log