Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
Nginx, Prestashop - TTFB too much slow Question Question
Nginx users list - how to display Question Question

Question

Setup https on nginx

Posted May 28, 2020 5.4k views
Nginx

I’ve tried following three or four tutorials, but I still can’t get my site to load with https. I bought a ssl certificate from namecheap and they gave me three files when I generated the ssl. A Key, A Certificate and the csr. I have saved each in
/root/example.com.crt
/root/example.com.key
/root/example.com.csr

Following along the tutorial found at https://www.digitalocean.com/community/tutorials/how-to-install-an-ssl-certificate-from-a-commercial-certificate-authority
I have rebuilt my /etc/nginx/sites-available/example.com file to be this:

#Redirect from 80
server {
    listen 80;
    server_name example.com;
    rewrite ^/(.*) https://example.com/$1 permanent;
}

server {
  listen 443 ssl;
  server_name example.com;
  ssl_certificate /root/example.com.crt;
  ssl_certificate_key /root/example.com.key;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
  root /var/www/html;
  index index.html;
  default_type "text/html";

  location / {
    try_files $uri $uri/ /index.html;
  }

#redirect for api's to node server.
  location /api {
    # Serve api requests here. This will connect to your node
    # process that is running on port 3001.
    proxy_pass http://localhost:3001;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
  }
}

Before I tried to get this running on ssl everything was running fine. When I run sudo service nginx restart. Currently it restarts just fine. 

I have changed /etc/nginx/sites-available/default to

server {
 listen 443 ssl default_server;
 root /var/www/html;
 index index.html index.htm index.nginx-debian.html;
 server_name _;
 location / {
   try_files $uri $uri/ =404;
 }
}

Any thoughts?

Add a comment
gabrielsuttner
By:
gabrielsuttner
edited by MattIPv4

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
Nginx, Prestashop - TTFB too much slow Question Question
Nginx users list - how to display Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer
bobbyiliev May 29, 2020

Hi there @gabrielsuttner,

The configuration file looks correct, what happens when you try to visit your domain via https? Are you getting any errors?

Also what happens when you run an Nginx config test:

  • sudo nginx -t

I would also recommend checking your Nginx error log as well:

  • sudo tail -100 /var/log/nginx/error.log

Another thing that I could suggest is taking a look at this Nginx Config tool here which would help you to generate a correct Nginx configuration file:

https://www.digitalocean.com/community/tools/nginx

Regards,
Bobby

Reply Report
  • gabrielsuttner May 30, 2020

    I just ran sudo nginx -t and it says
    nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
    nginx: configuration file /etc/nginx/nginx.conf test is successful

    If I try to get the url of my site via http or https, I get the
    Hmmm… can’t reach this page
    example.com took too long to respond
    page.

    I checked my error.log and it was empty so then I checked a file called error.log.1 and it had a bunch of lines that should be unrelated to this issue, but the last 10 lines should be part of this issue. This is what they were. 

    
2020/05/28 23:08:37 [emerg] 4727#4727: PEM_read_bio_X509_AUX("/root/example.com.crt") failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)
2020/05/28 23:09:58 [emerg] 4738#4738: PEM_read_bio_X509_AUX("/root/example.com.crt") failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)
2020/05/28 23:10:49 [emerg] 4750#4750: PEM_read_bio_X509_AUX("/root/example.com.crt") failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)
2020/05/28 23:17:24 [emerg] 4778#4778: SSL_CTX_use_PrivateKey_file("/root/example.com.key") failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: ANY PRIVATE KEY error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib)
2020/05/28 23:18:04 [notice] 4797#4797: signal process started
2020/05/28 23:18:04 [error] 4797#4797: open() "/run/nginx.pid" failed (2: No such file or directory)
2020/05/28 23:22:36 [emerg] 4855#4855: SSL_CTX_use_PrivateKey_file("/root/example.com.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
2020/05/28 23:22:48 [emerg] 4868#4868: SSL_CTX_use_PrivateKey_file("/root/example.com.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
2020/05/28 23:26:24 [notice] 4882#4882: signal process started
2020/05/28 23:26:24 [error] 4882#4882: open() "/run/nginx.pid" failed (2: No such file or directory)
2020/05/28 23:26:35 [notice] 4904#4904: signal process started
2020/05/28 23:33:08 [notice] 4912#4912: signal process started
2020/05/28 23:33:55 [notice] 4934#4934: signal process started
2020/05/28 23:44:27 [alert] 4993#4993: *3 open socket #3 left in connection 3
2020/05/28 23:44:27 [alert] 4993#4993: aborting

    The highlighted error I was getting when I would try to reload my server , but If I restart my server and then reloaded it, it would work fine.

    The preconfig link that you sent, would that build a new server? If so that is fine, and I’ll go through it the stuff I just posted doesn’t give you any insights.

    Also, we have a subdomain on our site that isn’t https and it is working fine. so if I go to http://example.com or https://example.com it can’t find it. but if I go to http://sub.example.com it works just fine.

    Reply Report

Related

Looking for something else?

Ask a new question Search for more help