Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
letsencrypt invalid SSL Cert Question Question
Why my site which uses "Let's Encrypt" is marked as "not safe" by Chrome? Question Question

Question

Letsencrypt on Ubuntu 16.04/Nginx

Posted April 13, 2017 10k views
NginxLet's EncryptUbuntu 16.04

I tried following the tutorial below but when I go to check the connection via SSL Labs, I get Assessment failed: Unable to connect to the server. SSL Labs suggests this is a common error due to firewall settings.

My firewall settings are:

To                         Action      From
--                         ------      ----
22                         LIMIT       Anywhere                  
443                        ALLOW       Anywhere                  
80                         ALLOW       Anywhere                  
22 (v6)                    LIMIT       Anywhere (v6)             
443 (v6)                   ALLOW       Anywhere (v6)             
80 (v6)                    ALLOW       Anywhere (v6)

https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04

Add a comment
chrisburton
By:
chrisburton

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
letsencrypt invalid SSL Cert Question Question
Why my site which uses "Let's Encrypt" is marked as "not safe" by Chrome? Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
4 answers
chrisburton April 13, 2017

So after editing the digitalocean file, it is now working. However, I have no idea when or why I created this file.

Reply Report
  • FernandoMutis April 29, 2017

    Hi Criss, I have the same problem, i have the same file in “sites-available” but i dont know how you solve the problem, what you change in te digitalocean file??

    Thanks for your time!

    Reply Report
hansen April 13, 2017

Hi @chrisburton
But when you visit your domain through a browser, do you get any errors? Have a look at the error log too in /var/log/nginx/error.log

Reply Report
  • chrisburton April 13, 2017

    No errors in /var/log/nginx/error.log.

    Here is my domain: chrisburton.me

    Reply Report
    • hansen April 13, 2017

      Have you restarted Nginx after you made the new server block that listens on 443?

      sudo service nginx restart

      You can also run the following command to list all services that are listening on a port:

      sudo lsof -iTCP -sTCP:LISTEN -P
      Reply Report
      • chrisburton April 13, 2017

        Have you restarted Nginx after you made the new server block that listens on 443?

        Several times but still no luck.

        The output of sudo lsof -iTCP -sTCP:LISTEN -P is:

        php-fpm7. 1369     root    8u  IPv4  15962      0t0  TCP localhost:9000 (LISTEN)
sshd      1385     root    3u  IPv4  14568      0t0  TCP *:22 (LISTEN)
sshd      1385     root    4u  IPv6  14577      0t0  TCP *:22 (LISTEN)
mysqld    1447    mysql   26u  IPv4  16179      0t0  TCP localhost:3306 (LISTEN)
php-fpm7. 1558 www-data    0u  IPv4  15962      0t0  TCP localhost:9000 (LISTEN)
php-fpm7. 1559 www-data    0u  IPv4  15962      0t0  TCP localhost:9000 (LISTEN)
nginx     2179     root    6u  IPv4  21480      0t0  TCP *:80 (LISTEN)
nginx     2179     root    7u  IPv6  21481      0t0  TCP *:80 (LISTEN)
nginx     2180 www-data    6u  IPv4  21480      0t0  TCP *:80 (LISTEN)
nginx     2180 www-data    7u  IPv6  21481      0t0  TCP *:80 (LISTEN)
        Reply Report
hansen April 13, 2017

@chrisburton

Okay, Nginx is not listening on port 443, which likely means you have not created server block configuration for https - or you have not activated it.

Do you have a https-configuration in /etc/nginx/site-enabled ?

You are welcome to post your configuration.

Reply Report
chrisburton April 13, 2017

I have a file digitalocean inside of that directory with the following configuration:

server {
        listen 80 default_server;
        listen [::]:80 default_server ipv6only=on;

       root /var/www/html;
        index index.php index.html index.htm;

        # Make site accessible from http://localhost/
        server_name localhost;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
                # Uncomment to enable naxsi on this location
                # include /etc/nginx/naxsi.rules
        }

        error_page 404 /404.html;
        error_page 500 502 503 504 /50x.html;

        location = /50x.html {
                root /usr/share/nginx/html;
        }

        location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        }

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #       deny all;
        #}
}

# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
#       listen 8000;
#       listen somename:8080;
#       server_name somename alias another.alias;
#       root html;
#       index index.html index.htm;
#
#       location / {
#               try_files $uri $uri/ =404;
#       }
#}


# HTTPS server
#
#server {
#       listen 443;
#       server_name localhost;
#
#       root html;
#       index index.html index.htm;
#
#       ssl on;
#       ssl_certificate cert.pem;
#       ssl_certificate_key cert.key;
#
#       ssl_session_timeout 5m;
#
#       ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
#       ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
#       ssl_prefer_server_ciphers on;
#
#       location / {
#               try_files $uri $uri/ =404;
#       }
#}
Reply Report

Related

Looking for something else?

Ask a new question Search for more help