Website inaccessible after installing Let's encrypt certificate

September 23, 2019 125 views
Let's Encrypt Nginx

Hello,
I set up a droplet and configured nginx to serve a small static website. Everything was working fine until I installed a certificate using the Certbot script.

This is the nginx configuration file for the website:

server {

    root /var/www/angelacapillo.com;
    index index.php index.html index.htm;

    server_name angelacapillo.com www.angelacapillo.com;

    location / {
        try_files $uri $uri/ =404;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/angelacapillo.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/angelacapillo.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = www.angelacapillo.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = angelacapillo.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    server_name angelacapillo.com www.angelacapillo.com;
    listen 80;
    return 404; # managed by Certbot
}

Following their instructions, I tested the certificate here but I get an error: https://www.ssllabs.com/ssltest/analyze.html?d=www.angelacapillo.com

What might be the issue?

1 Answer

Hello @qarlo,

The syntax of your configuration file looks fine. What I could suggest here is:

  • First check if nginx is running:
systemctl status nginx
  • If Nginx is not running you could try starting it:
systemctl start nginx
  • If this is not the case, check if Nginx is actually listening on port 443:
netstat -plant | grep 443
  • If you don’t see any output, run a config test:
nginx -t
  • And if you get Syntax OK restart Nginx:
systemctl restart nginx
  • Lastly if all that does not help, make sure to check your Nginx error logs:
tail -100 /var/log/nginx/error.log

Hope that this helps!
Regards,
Bobby

  • Hello,
    thanks a lot for your detailed answer.

    Running nginx -t produces these errors:

    nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (13: Permission denied)
    2019/09/24 07:27:56 [warn] 22638#22638: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:1
    2019/09/24 07:27:56 [emerg] 22638#22638: BIO_new_file("/etc/letsencrypt/live/angelacapillo.com/fullchain.pem") failed (SSL: error:0200100D:system library:fopen:Permission denied:fopen('/etc/letsencrypt/live/angelacapillo.com/fullchain.pem','r') error:2006D002:BIO routines:BIO_new_file:system lib)
    nginx: configuration file /etc/nginx/nginx.conf test failed
    

    I’ve tried reading a bit about it, but I’m not sure how to fix it.

    There are the nginx processes:

    > ps aux | grep [n]ginx
    root      6692  0.0  0.9 143092  9156 ?        Ss   Sep22   0:00 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
    www-data  6810  0.0  0.6 145392  6540 ?        S    Sep22   0:00 nginx: worker process
    

    Thanks again for your help

    • Hello,

      I think that you need to run nginx -t with sudo:

      sudo nginx -t
      

      If you get Syntax OK try restarting Nginx:

      systemctl restart nginx
      

      Then check if it is listening on port 443:

      netstat -plant | grep 443
      

      Let me know how that goes.
      Regards,
      Bobby

      • You’re right.
        So, syntax is ok and restarting Nginx doesn’t work. I mean, the command works, but the website is still inaccessible.

        And then:

        
        > sudo netstat -plant | grep 443
        
        tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      23455/nginx: master
        

        Thanks again

        • Hi @qarlo,

          That is quite interesting. Can you check if there are any errors in your error log:

          sudo tail -100 /var/log/nginx/error.log
          

          Also, one thing that initially I totally forgot about, can you check if port 443 is open via your firewall? If you are using Ubuntu you could do that with:

          sudo ufw status
          

          If you don’t see port 443 or https there, then you need to make sure that you open that port so that traffic could go through:

          sudo ufw allow 443
          

          Let me know how it goes!
          Regards,
          Bobby

Have another answer? Share your knowledge.