My domain is: www.stoke-fest.co.uk
I ran this command: sudo certbot --nginx -d stoke-fest.co.uk -d www.stoke-fest.co.uk
It produced this output: Connection reset by peer
My web server is (include version): Nginx 1.10.1
The operating system my web server runs on is (include version): Ubuntu 16.04
My hosting provider, if applicable, is: Digital Ocean
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
I’ve been attempting to set up my website to work with https today, at first I was running into issues actually generating certificates using the certbot --nginx flag, but managed to get it to work using --webroot, I have my config set up to use ssl and when I port scan my domain it shows 443 open.
I’ve tried various commands to verify ufw etc aren’t blocking the connection, and that nginx is listening on 443.
When I attempt to us certbot --nginx it errors out with: Connection reset by peer.
I’m using hurricane electric for dns.
Let me know if i can provide any additional information.
Thanks
stoke-fest.co.uk server config
server {
listen 80;
listen [::]:80;
#SSL
listen 443 ssl;
listen [::]:443 ssl;
index index.html index.php;
ssl on;
include snippets/ssl-stoke-fest.co.uk.conf;
include snippets/ssl-params.conf;
## Begin - ServerInfo
root /var/www/stoke-fest.co.uk/html;
server_name stoke-fest.co.uk www.stoke-fest.co.uk;
## End - Server Info
location ~ /.well-known {
allow all;
}
## Begin - Index
location / {
try_files $uri $uri/ /index.php?_url=$uri&$query_string;
}
## End - Index
## Begin - Security
# deny all direct access for these folders
location ~* /(.git|cache|bin|logs|backup|tests)/.*$ { return 403; }
# deny running scripts inside core system folders
location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny running scripts inside user folder
location ~* /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny access to specific files in the root folder
location ~ /(LICENSE.txt|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess) { return 403; }
## End - Security
## Begin - PHP
location ~ \.php$ {
# Choose either a socket or TCP/IP address
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
}
## End - PHP
}
ssl-stoke-fest.co.uk.conf
ssl_certificate /etc/letsencrypt/live/stoke-fest.co.uk/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/stoke-fest.co.uk/privkey.pem;
ssl-params.conf
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
sudo lsof -i :443
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 6782 root 8u IPv4 12769716 0t0 TCP *:https (LISTEN)
nginx 6782 root 9u IPv6 12769717 0t0 TCP *:https (LISTEN)
nginx 6784 www-data 8u IPv4 12769716 0t0 TCP *:https (LISTEN)
nginx 6784 www-data 9u IPv6 12769717 0t0 TCP *:https (LISTEN)
netstat -tulpen|grep 443
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 0 12769716 -
tcp6 0 0 :::443 :::* LISTEN 0 12769717 -
sudo ufw status
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
Nginx Full ALLOW Anywhere
1194/udp ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Nginx Full (v6) ALLOW Anywhere (v6)
1194/udp (v6) ALLOW Anywhere (v6)