Website inaccessible after installing Let's encrypt certificate

Posted September 23, 2019 1.3k views
NginxLet's Encrypt

I set up a droplet and configured nginx to serve a small static website. Everything was working fine until I installed a certificate using the Certbot script.

This is the nginx configuration file for the website:

server {

    root /var/www/;
    index index.php index.html index.htm;


    location / {
        try_files $uri $uri/ =404;

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

server {
    if ($host = {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    return 404; # managed by Certbot

Following their instructions, I tested the certificate here but I get an error:

What might be the issue?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

1 answer

Hello @qarlo,

The syntax of your configuration file looks fine. What I could suggest here is:

  • First check if nginx is running:
systemctl status nginx
  • If Nginx is not running you could try starting it:
systemctl start nginx
  • If this is not the case, check if Nginx is actually listening on port 443:
netstat -plant | grep 443
  • If you don’t see any output, run a config test:
nginx -t
  • And if you get Syntax OK restart Nginx:
systemctl restart nginx
  • Lastly if all that does not help, make sure to check your Nginx error logs:
tail -100 /var/log/nginx/error.log

Hope that this helps!

  • Hello,
    thanks a lot for your detailed answer.

    Running nginx -t produces these errors:

    nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (13: Permission denied)
    2019/09/24 07:27:56 [warn] 22638#22638: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:1
    2019/09/24 07:27:56 [emerg] 22638#22638: BIO_new_file("/etc/letsencrypt/live/") failed (SSL: error:0200100D:system library:fopen:Permission denied:fopen('/etc/letsencrypt/live/','r') error:2006D002:BIO routines:BIO_new_file:system lib)
    nginx: configuration file /etc/nginx/nginx.conf test failed

    I’ve tried reading a bit about it, but I’m not sure how to fix it.

    There are the nginx processes:

    > ps aux | grep [n]ginx
    root      6692  0.0  0.9 143092  9156 ?        Ss   Sep22   0:00 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
    www-data  6810  0.0  0.6 145392  6540 ?        S    Sep22   0:00 nginx: worker process

    Thanks again for your help

    • Hello,

      I think that you need to run nginx -t with sudo:

      sudo nginx -t

      If you get Syntax OK try restarting Nginx:

      systemctl restart nginx

      Then check if it is listening on port 443:

      netstat -plant | grep 443

      Let me know how that goes.

      • You’re right.
        So, syntax is ok and restarting Nginx doesn’t work. I mean, the command works, but the website is still inaccessible.

        And then:

        > sudo netstat -plant | grep 443
        tcp        0      0   *               LISTEN      23455/nginx: master

        Thanks again

        • Hi @qarlo,

          That is quite interesting. Can you check if there are any errors in your error log:

          sudo tail -100 /var/log/nginx/error.log

          Also, one thing that initially I totally forgot about, can you check if port 443 is open via your firewall? If you are using Ubuntu you could do that with:

          sudo ufw status

          If you don’t see port 443 or https there, then you need to make sure that you open that port so that traffic could go through:

          sudo ufw allow 443

          Let me know how it goes!

Submit an Answer