404 not found after ssl installation

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: pingclothes.com

I ran this command: ```
certbot --nginx --redirect -d pingclothes.com -d www.pingclothes.com -m admin@pingclothes.com** --agree-tos


It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for pingclothes.com
http-01 challenge for www.pingclothes.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/conf.d/default.conf
Deploying Certificate to VirtualHost /etc/nginx/conf.d/default.conf
Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/default.conf
Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/default.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://pingclothes.com and
https://www.pingclothes.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=pingclothes.com
https://www.ssllabs.com/ssltest/analyze.html?d=www.pingclothes.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/pingclothes.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/pingclothes.com/privkey.pem
   Your cert will expire on 2021-02-23. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le
 

My web server is (include version): nginx

The operating system my web server runs on is (include version): ubuntu

My hosting provider, if applicable, is:vultr

I can login to a root shell on my machine (yes or no, or I don't know):y

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of `certbot --version` or `certbot-auto --version` if you're using Certbot):
2

Could you perhaps share the relevant nginx configuration files with us please? It should be an original configuration file for your HTTP vhost and a new one with a le-ssl.conf suffix.

1 Like
3

how do I find original configuration file for my http vhost? Im new to linux, can you write the command to find it?

4

Not sure, as I don't use nginx on Ubuntu, but probably somewhere in /etc/nginx/sites-enabled/.

1 Like
5

well, it says no such file or directory.

6

Then have a look in /etc/nginx/ for a relevant file.

7

You could show the entire nginx config (presuming it is hosting just that site) with:
nginx -T

8

These are the files in my nginx directory.
/etc/nginx# ls
conf.d koi-utf modules scgi_params win-utf
fastcgi_params koi-win nginx.conf ssl
htpasswd mime.types orig uwsgi_params

9

the result is:
nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

10

Please have a look at my host file:
nano /etc/hosts
127.0.0.1 localhost
127.0.1.1 vultr.guest

The following lines are desirable for IPv6 capable hosts

::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

I guess I am missing my host files, can I just edit it here?

11

That's not the correct command, please read more carefully and try again.

Also, your hosts file doesn't matter.

12

Extremely sorry for misunderstanding. Please have a look:
nginx -T
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

configuration file /etc/nginx/nginx.conf:

user nginx;
worker_processes 1;

error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;

events {
worker_connections 1024;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
server_tokens off;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log  /var/log/nginx/access.log  main;

sendfile        on;
#tcp_nopush     on;

keepalive_timeout  65;

#gzip  on;

include /etc/nginx/conf.d/*.conf;

}

configuration file /etc/nginx/mime.types:

types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;

text/mathml                                      mml;
text/plain                                       txt;
text/vnd.sun.j2me.app-descriptor                 jad;
text/vnd.wap.wml                                 wml;
text/x-component                                 htc;

image/png                                        png;
image/svg+xml                                    svg svgz;
image/tiff                                       tif tiff;
image/vnd.wap.wbmp                               wbmp;
image/webp                                       webp;
image/x-icon                                     ico;
image/x-jng                                      jng;
image/x-ms-bmp                                   bmp;

font/woff                                        woff;
font/woff2                                       woff2;

application/java-archive                         jar war ear;
application/json                                 json;
application/mac-binhex40                         hqx;
application/msword                               doc;
application/pdf                                  pdf;
application/postscript                           ps eps ai;
application/rtf                                  rtf;
application/vnd.apple.mpegurl                    m3u8;
application/vnd.google-earth.kml+xml             kml;
application/vnd.google-earth.kmz                 kmz;
application/vnd.ms-excel                         xls;
application/vnd.ms-fontobject                    eot;
application/vnd.ms-powerpoint                    ppt;
application/vnd.oasis.opendocument.graphics      odg;
application/vnd.oasis.opendocument.presentation  odp;
application/vnd.oasis.opendocument.spreadsheet   ods;
application/vnd.oasis.opendocument.text          odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
                                                 pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
                                                 xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
                                                 docx;
application/vnd.wap.wmlc                         wmlc;
application/x-7z-compressed                      7z;
application/x-cocoa                              cco;
application/x-java-archive-diff                  jardiff;
application/x-java-jnlp-file                     jnlp;
application/x-makeself                           run;
application/x-perl                               pl pm;
application/x-pilot                              prc pdb;
application/x-rar-compressed                     rar;
application/x-redhat-package-manager             rpm;
application/x-sea                                sea;
application/x-shockwave-flash                    swf;
application/x-stuffit                            sit;
application/x-tcl                                tcl tk;
application/x-x509-ca-cert                       der pem crt;
application/x-xpinstall                          xpi;
application/xhtml+xml                            xhtml;
application/xspf+xml                             xspf;
application/zip                                  zip;

application/octet-stream                         bin exe dll;
application/octet-stream                         deb;
application/octet-stream                         dmg;
application/octet-stream                         iso img;
application/octet-stream                         msi msp msm;

audio/midi                                       mid midi kar;
audio/mpeg                                       mp3;
audio/ogg                                        ogg;
audio/x-m4a                                      m4a;
audio/x-realaudio                                ra;

video/3gpp                                       3gpp 3gp;
video/mp2t                                       ts;
video/mp4                                        mp4;
video/mpeg                                       mpeg mpg;
video/quicktime                                  mov;
video/webm                                       webm;
video/x-flv                                      flv;
video/x-m4v                                      m4v;
video/x-mng                                      mng;
video/x-ms-asf                                   asx asf;
video/x-ms-wmv                                   wmv;
video/x-msvideo                                  avi;

}

configuration file /etc/nginx/conf.d/cockpit.conf:

server {
listen 9080 ssl;
server_name _;

ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;

# set max upload size
client_max_body_size 2G;
fastcgi_buffers 64 4K;

access_log /var/log/nginx/cockpit_access.log combined;
error_log /var/log/nginx/cockpit_error.log;

server_tokens off;

location / {
	auth_basic "Restricted"; #COCKPIT_AUTH
	auth_basic_user_file /etc/nginx/htpasswd/cockpit; #COCKPIT_AUTH
	#COCKPIT_AUTH
	location ~* \.(htaccess|htpasswd) { #COCKPIT_AUTH
		deny all; #COCKPIT_AUTH
	} #COCKPIT_AUTH

	# Required to proxy the connection to Cockpit
    proxy_pass https://127.0.0.1:9090;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Proto $scheme;

    # Required for web sockets to function
    proxy_http_version 1.1;
    proxy_buffering off;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";

    # Pass ETag header from Cockpit to clients.
    # See: https://github.com/cockpit-project/cockpit/issues/5239
    gzip off;
}

}

configuration file /etc/nginx/conf.d/default.conf:

server {
server_name pingclothes.com www.pingclothes.com;

listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/pingclothes.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/pingclothes.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
if ($host = www.pingclothes.com) {
return 301 https://$host$request_uri;
} # managed by Certbot

if ($host = pingclothes.com) {
    return 301 https://$host$request_uri;
} # managed by Certbot


server_name pingclothes.com www.pingclothes.com;
listen 80;
return 404; # managed by Certbot

}

configuration file /etc/letsencrypt/options-ssl-nginx.conf:

This file contains important security parameters. If you modify this file

manually, Certbot will be unable to automatically provide future security

updates. Instead, Certbot will print and log an error message with a path to

the up-to-date file that you will need to refer to when manually updating

this file.

ssl_session_cache shared:le_nginx_SSL:1m;
ssl_session_timeout 1440m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;

ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";

configuration file /etc/nginx/conf.d/wordpress_http.conf:

upstream php-handler-http {
server 127.0.0.1:9000;
}

server {
listen 80 default_server;
server_name _;
#server_name wordpress.example.com;

root /var/www/html/;
index index.php;

# set max upload size
client_max_body_size 2G;
fastcgi_buffers 64 4K;

access_log /var/log/nginx/wordpress_http_access.log combined;
error_log /var/log/nginx/wordpress_http_error.log;

server_tokens off;

location = /favicon.ico {
	log_not_found off;
	access_log off;
}

location = /robots.txt {
	allow all;
	log_not_found off;
	access_log off;
}

location / {
	try_files $uri $uri/ /index.php?$args ;
}

# protected area (XHProf)
location ^~ /xhprof/xhprof_html/ {
	auth_basic "Restricted";
	auth_basic_user_file /etc/nginx/htpasswd/xhprof;

	location ~ \.php(?:$|/) {
	  fastcgi_split_path_info ^(.+\.php)(/.+)$;
	  include fastcgi_params;
	  fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	  fastcgi_param PATH_INFO $fastcgi_path_info;
	  fastcgi_param PHP_FLAG "session.auto_start=off \n mbstring.encoding_translation=off";
	  fastcgi_param PHP_VALUE "assert.active=0 \n mbstring.http_input=pass \n mbstring.http_output=pass";
	  fastcgi_pass php-handler-http ;
	  fastcgi_read_timeout 60s;
	}
}

# protected area (phpmyadmin)
location ^~ /mysqladmin/ {
	auth_basic "Restricted";
	auth_basic_user_file /etc/nginx/htpasswd/phpmyadmin;

	location ~ \.php(?:$|/) {
	  fastcgi_split_path_info ^(.+\.php)(/.+)$;
	  include fastcgi_params;
	  fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	  fastcgi_param PATH_INFO $fastcgi_path_info;
	  fastcgi_param PHP_FLAG "session.auto_start=off \n mbstring.encoding_translation=off";
	  fastcgi_param PHP_VALUE "assert.active=0 \n mbstring.http_input=pass \n mbstring.http_output=pass";
	  fastcgi_pass php-handler-http ;
	  fastcgi_read_timeout 60s;
	}
}

location ^~ /wp-admin/ {
	auth_basic "Restricted"; #SAFE TO REMOVE
	auth_basic_user_file /etc/nginx/htpasswd/wpadmin; #SAFE TO REMOVE

	location ~* \.(htaccess|htpasswd) {
		deny all;
	}

	location ~ \.php(?:$|/) {
		fastcgi_split_path_info ^(.+\.php)(/.+)$;
		include fastcgi_params;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
		fastcgi_param PATH_INFO $fastcgi_path_info;
		fastcgi_param PHP_VALUE "auto_prepend_file=/var/www/html/xhprof/external/header.php";
		fastcgi_pass php-handler-http;
		fastcgi_read_timeout 60s;
	}
}

location ~* \.(htaccess|htpasswd) {
	deny all;
}

location ~ \.php(?:$|/) {
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	include fastcgi_params;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	fastcgi_param PATH_INFO $fastcgi_path_info;
	fastcgi_param PHP_VALUE "auto_prepend_file=/var/www/html/xhprof/external/header.php";
	fastcgi_pass php-handler-http;
	fastcgi_read_timeout 60s;
}

# set long EXPIRES header on static assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
	expires 30d;
	access_log off;
}

}

configuration file /etc/nginx/fastcgi_params:

fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;

fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;

fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;

fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;

PHP only, required if PHP was built with --enable-force-cgi-redirect

fastcgi_param REDIRECT_STATUS 200;

configuration file /etc/nginx/conf.d/wordpress_https.conf:

upstream php-handler-https {
server 127.0.0.1:9000;
}

server {
listen 443 ssl default_server;
server_name _;
#server_name wordpress.example.com;

ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;

root /var/www/html/;
index index.php;

# set max upload size
client_max_body_size 2G;
fastcgi_buffers 64 4K;

access_log /var/log/nginx/wordpress_https_access.log combined;
error_log /var/log/nginx/wordpress_https_error.log;

server_tokens off;

location = /favicon.ico {
	log_not_found off;
	access_log off;
}

location = /robots.txt {
	allow all;
	log_not_found off;
	access_log off;
}

location / {
	try_files $uri $uri/ /index.php?$args ;
}

# protected area (XHProf)
location ^~ /xhprof/xhprof_html/ {
	auth_basic "Restricted";
	auth_basic_user_file /etc/nginx/htpasswd/xhprof;

	location ~ \.php(?:$|/) {
	  fastcgi_split_path_info ^(.+\.php)(/.+)$;
	  include fastcgi_params;
	  fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	  fastcgi_param PATH_INFO $fastcgi_path_info;
	  fastcgi_param PHP_FLAG "session.auto_start=off \n mbstring.encoding_translation=off";
	  fastcgi_param PHP_VALUE "assert.active=0 \n mbstring.http_input=pass \n mbstring.http_output=pass";
	  fastcgi_pass php-handler-http ;
	  fastcgi_read_timeout 60s;
	}
}

# protected area (phpmyadmin)
location ^~ /mysqladmin/ {
	auth_basic "Restricted";
	auth_basic_user_file /etc/nginx/htpasswd/phpmyadmin;

	location ~ \.php(?:$|/) {
	  fastcgi_split_path_info ^(.+\.php)(/.+)$;
	  include fastcgi_params;
	  fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	  fastcgi_param PATH_INFO $fastcgi_path_info;
	  fastcgi_param PHP_FLAG "session.auto_start=off \n mbstring.encoding_translation=off";
	  fastcgi_param PHP_VALUE "assert.active=0 \n mbstring.http_input=pass \n mbstring.http_output=pass";
	  fastcgi_pass php-handler-http ;
	  fastcgi_read_timeout 60s;
	}
}

location ^~ /wp-admin/ {
	auth_basic "Restricted"; #SAFE TO REMOVE
	auth_basic_user_file /etc/nginx/htpasswd/wpadmin; #SAFE TO REMOVE

	location ~* \.(htaccess|htpasswd) {
		deny all;
	}

	location ~ \.php(?:$|/) {
		fastcgi_split_path_info ^(.+\.php)(/.+)$;
		include fastcgi_params;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
		fastcgi_param PATH_INFO $fastcgi_path_info;
		fastcgi_param HTTPS on;
		fastcgi_param PHP_VALUE "auto_prepend_file=/var/www/html/xhprof/external/header.php";
		fastcgi_pass php-handler-https;
		fastcgi_read_timeout 60s;
	}
}

location ~* \.(htaccess|htpasswd) {
	deny all;
}

location ~ \.php(?:$|/) {
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	include fastcgi_params;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	fastcgi_param PATH_INFO $fastcgi_path_info;
	fastcgi_param HTTPS on;
	fastcgi_param PHP_VALUE "auto_prepend_file=/var/www/html/xhprof/external/header.php";
	fastcgi_pass php-handler-https;
	fastcgi_read_timeout 60s;
}

# set long EXPIRES header on static assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
	expires 30d;
	access_log off;
}

}

root@vultr:~#

13

The server block from default.conf seems to be missing a root directive. However, I'm not sure if that's the correct server block to begin with? It seems to me those wordpress_http.conf and wordpress_https.conf are quite complex and probably meant for a site. I just don't know if it's your site they are meant for?

14

my site name is pingclothes.com. Is there any solution to solve this issue?

15

I'm not sure, it depends on how your nginx originally worked with your site. Which configuration file was used. Because how I see it now, before certbot came along, your site wouldn't have worked too.

Who set up your nginx in the first place? Perhaps he/she can help? Because I could guess how you might fix it, but perhaps we'll only make things worse..

16

Actually I tried to set ssl from lets encrypt and so that I had to install nginx. Before that it was automatically set by default. I didnt know which server I used before installing nginx, but things were quite good.

17

Do I need to uninstall nginx and ssl and reinstall it again? I have nothing important in my server/website, it can be easily destroyed, so please do not hesitate to suggest. Basically I want to learn this things more accurately. You can suggest me anything you prefer, it maybe a tutorial or anything to learn or to understand more precisely.

18

But how did your site work before you installed nginx? I mean, you should have had a webserver, right?

19

I just deployed an instance in vultr.com and followed some command, I didnt know it was apache or nginx. I didnt know nothing about linux before start using vultr for my domain or website. I just followed what is necessary and someone I start learning linux to better understanding things. Now I am seriously trapped and I want a solid way out. I have nothing more to say, but I want to learn this thing.

20

Did you follow some kind of guide to install a LE certificate? If so, which guide? Perhaps we can retrace your steps back to a working system.