chrisburton
By:
chrisburton

Letsencrypt on Ubuntu 16.04/Nginx

April 13, 2017 6.2k views
Let's Encrypt Nginx Ubuntu 16.04

I tried following the tutorial below but when I go to check the connection via SSL Labs, I get Assessment failed: Unable to connect to the server. SSL Labs suggests this is a common error due to firewall settings.

My firewall settings are:

To                         Action      From
--                         ------      ----
22                         LIMIT       Anywhere                  
443                        ALLOW       Anywhere                  
80                         ALLOW       Anywhere                  
22 (v6)                    LIMIT       Anywhere (v6)             
443 (v6)                   ALLOW       Anywhere (v6)             
80 (v6)                    ALLOW       Anywhere (v6)

https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04

Log In to Comment
4 Answers
chrisburton April 13, 2017
Accepted Answer

So after editing the digitalocean file, it is now working. However, I have no idea when or why I created this file.

Reply
  • FernandoMutis April 29, 2017

    Hi Criss, I have the same problem, i have the same file in "sites-available" but i dont know how you solve the problem, what you change in te digitalocean file??

    Thanks for your time!

hansen April 13, 2017

Hi @chrisburton
But when you visit your domain through a browser, do you get any errors? Have a look at the error log too in /var/log/nginx/error.log

Reply
  • chrisburton April 13, 2017

    No errors in /var/log/nginx/error.log.

    Here is my domain: chrisburton.me

    • hansen April 13, 2017

      Have you restarted Nginx after you made the new server block that listens on 443?

      sudo service nginx restart

      You can also run the following command to list all services that are listening on a port:

      sudo lsof -iTCP -sTCP:LISTEN -P
      • chrisburton April 13, 2017

        Have you restarted Nginx after you made the new server block that listens on 443?

        Several times but still no luck.

        The output of sudo lsof -iTCP -sTCP:LISTEN -P is:

        php-fpm7. 1369     root    8u  IPv4  15962      0t0  TCP localhost:9000 (LISTEN)
sshd      1385     root    3u  IPv4  14568      0t0  TCP *:22 (LISTEN)
sshd      1385     root    4u  IPv6  14577      0t0  TCP *:22 (LISTEN)
mysqld    1447    mysql   26u  IPv4  16179      0t0  TCP localhost:3306 (LISTEN)
php-fpm7. 1558 www-data    0u  IPv4  15962      0t0  TCP localhost:9000 (LISTEN)
php-fpm7. 1559 www-data    0u  IPv4  15962      0t0  TCP localhost:9000 (LISTEN)
nginx     2179     root    6u  IPv4  21480      0t0  TCP *:80 (LISTEN)
nginx     2179     root    7u  IPv6  21481      0t0  TCP *:80 (LISTEN)
nginx     2180 www-data    6u  IPv4  21480      0t0  TCP *:80 (LISTEN)
nginx     2180 www-data    7u  IPv6  21481      0t0  TCP *:80 (LISTEN)
hansen April 13, 2017

@chrisburton

Okay, Nginx is not listening on port 443, which likely means you have not created server block configuration for https - or you have not activated it.

Do you have a https-configuration in /etc/nginx/site-enabled ?

You are welcome to post your configuration.

Reply
chrisburton April 13, 2017

I have a file digitalocean inside of that directory with the following configuration:

server {
        listen 80 default_server;
        listen [::]:80 default_server ipv6only=on;

       root /var/www/html;
        index index.php index.html index.htm;

        # Make site accessible from http://localhost/
        server_name localhost;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
                # Uncomment to enable naxsi on this location
                # include /etc/nginx/naxsi.rules
        }

        error_page 404 /404.html;
        error_page 500 502 503 504 /50x.html;

        location = /50x.html {
                root /usr/share/nginx/html;
        }

        location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        }

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #       deny all;
        #}
}

# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
#       listen 8000;
#       listen somename:8080;
#       server_name somename alias another.alias;
#       root html;
#       index index.html index.htm;
#
#       location / {
#               try_files $uri $uri/ =404;
#       }
#}


# HTTPS server
#
#server {
#       listen 443;
#       server_name localhost;
#
#       root html;
#       index index.html index.htm;
#
#       ssl on;
#       ssl_certificate cert.pem;
#       ssl_certificate_key cert.key;
#
#       ssl_session_timeout 5m;
#
#       ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
#       ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
#       ssl_prefer_server_ciphers on;
#
#       location / {
#               try_files $uri $uri/ =404;
#       }
#}
Reply
Have another answer? Share your knowledge.

Related Questions