Can't access the site after ssl certificate generation

Help
1

Hello! My domain is: kanban.pm

Nginx conf:

server {

  listen 80 ;
  listen [::]:80 ;
  server_name kanban.pm;

      location / {
        proxy_pass http://localhost:3001;
    }
}

When you go to the site, the login panel appears, its ok.

I ran this command: sudo certbot --nginx -d kanban.pm

Output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/default

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.

1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.

Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Future versions of Certbot will automatically configure the webserver so that all requests redirect to secure HTTPS access. You can control this behavior and disable this warning with the --redirect and --no-redirect flags.

Congratulations! You have successfully enabled https://kanban.pm

You should test your configuration at:
SSL Server Test: kanban.pm (Powered by Qualys SSL Labs)

IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/kanban.pm/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/kanban.pm/privkey.pem
    Your cert will expire on 2022-10-14. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot again
    with the "certonly" option. To non-interactively renew all of
    your certificates, run "certbot renew"

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let's Encrypt: Donate - Let's Encrypt
    Donating to EFF: Support EFF's Work on Let's Encrypt | Electronic Frontier Foundation

and changed nginx conf on:

server {

  listen 80 ;
  listen [::]:80 ;
  server_name kanban.pm;

      location / {
        proxy_pass http://localhost:3001;
    }

}

server {

	listen [::]:443 ssl;
	listen 443 ssl;
	server_name kanban.pm;

location / {
        proxy_pass http://localhost:3001;
    }

	ssl_certificate /etc/letsencrypt/live/kanban.pm/fullchain.pem; # managed by Certbot
    	ssl_certificate_key /etc/letsencrypt/live/kanban.pm/privkey.pem; # managed by Certbot
    	include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

and ran this command: sudo service nginx restart

After that I can't access the site via https. I tried deleting the certificate, renewing it, checked that ports 443 and 80 are open, that failtoban did not ban my ip. Can you tell me what I'm doing wrong?

VPS
Ubuntu 20.04.4 LTS (GNU/Linux 5.15.0-30-generic x86_64)
I'm do not using a control panel to manage my site
Certbot version: 0.40.0
I can login to a root shell on my machine

2

Before that also lost access to the site, although previously all was well. The certificate was renewed

3

Log from the last few days:
letsencrypt.txt (129.7 KB)

4

Port 443 is inaccessible from my point of reference. Please double or triple check that it's actually accessible from the outside world. Perhaps a missing portmap in your NAT router?

5 Likes
5

Yes, it was the 443 port, but it's very strange. I use ufw to control port access, and when I run the ufw status command, the above port is listed as available ipv6/ipv4

P:S: after restarting ufw everything works, thx

1 Like
6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.