Bad request (400) on nginx after obtaining cert


#1

Hi guys! I’m quite new to everything web.

I’m trying to get a cert for my website, and i followed this tutorial.

However, i’m stuck after obtaining a cert (using the command sudo certbot certonly -a webroot --webroot-path=/var/www/demo -d yourdomain.here -d www.yourdomain.here) and adding a ssl block in /etc/nginx/sites-enabled/default.conf.

And my website currently shows this:

Any help would be greatly appreciated.

My domain is: lucidkodo.pw

I ran this command: cat /etc/nginx/sites-enabled/default.conf

It produced this output:

server {
    listen 80;
    server_name lucidkodo.pw www.lucidkodo.pw;
    root /var/www/lucidkodo.pw/html;

    location / {
        if ($scheme = http) {
            return 301 https://$server_name$request_uri;
        }
    }
}


server {
    listen 443 ssl http2 default_server;
    server_name lucidkodo.pw www.lucidkodo.pw;
    ssl_protocols TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
    ssl_prefer_server_ciphers On;
    ssl_certificate /etc/letsencrypt/live/lucidkodo.pw-0001/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/lucidkodo.pw-0001/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/lucidkodo.pw-0001/chain.pem;
    ssl_session_cache shared:SSL:128m;
    add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";
    ssl_stapling on;
    ssl_stapling_verify on;
    # Your favorite resolver may be used instead of the Google one below
    # resolver 8.8.8.8;
    root /var/www/lucidkodo.pw/html;
    index index.html;

    location '/.well-known/acme-challenge' {
        root        /var/www/lucidkodo.pw/challenges;
    }
}
Summary

This text will be hidden

My web server is (include version): nginx 1.14.0

The operating system my web server runs on is (include version): Ubuntu 18.04

My hosting provider, if applicable, is: DigitalOcean

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


#2

Somehow HTTPS got enabled on port 80 (the HTTP port). This link works:

https://lucidkodo.pw:80/

Check the Nginx configuration for something like “listen 80 ssl;” or an “ssl on;” directive in an HTTP server block.

("ssl on;" is deprecated, you’re supposed to use the ssl flag on listen directives. Just not on port 80.)

If you can’t find any issues with Nginx’s configuration, it could be an errant port forwarding or firewall setting redirecting port 80 to port 443.


#3

thank you so much for your hasty reply!

wow i’m surprised that worked!

I’ve searched every where, i do not have ssl on anywhere and the ssl flag had always been on the 443 server block in my one and only sites-enabled/default.conf file.

Since you brought up firewall, i ran ufw status, and it gave me this:

Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                  
Nginx HTTP                 ALLOW       Anywhere                  
OpenSSH (v6)               ALLOW       Anywhere (v6)             
Nginx HTTP (v6)            ALLOW       Anywhere (v6)             

22/tcp                     ALLOW OUT   Anywhere                  
80/tcp                     ALLOW OUT   Anywhere                  
443/tcp                    ALLOW OUT   Anywhere                  
22/tcp (v6)                ALLOW OUT   Anywhere (v6)             
80/tcp (v6)                ALLOW OUT   Anywhere (v6)             
443/tcp (v6)               ALLOW OUT   Anywhere (v6)

is this normal?