First, I would like to thank the developers for this awesome certbot but I have some problems configuring it on my server.
I have followed all instructions here - https://certbot.eff.org/#ubuntuxenial-nginx
I installed certbot, the nginx plugin, I have set the cron, restarted server and… Sites are not https. Actually some sites (only wordpress ones) work with https but the stylesheets are not being read and they look so screwed. Do I have to manually redirect in the nginx config all enabled sites to ssl? Also there is only one error I got from following the instructions and it was:
Cannot find a VirtualHost matching domain reverse-xxx.xxx.xxx.xxx.domain.tld
where xxx is parts of the IP and domain.tld is the domain from PTR record of the host.
Any idea how to fix this? It looks like it is almost done, I just need to add something but I am not quite sure what that may be. Also, sites are using cloudflare for free, not sure how that is related but thought to mention it.
OK. Example domain name allfree.xxx
Without even changing the config it works on https://allfree.xxx but it does not redirect to https.
<!— NSFW! —>
I think it is because the stylesheets come from unauthorized sources without https but they are on the same domain.
Also, I assume I should edit wordpress settings and set the urls to https but that only leads to the screwed version where the stylesheets could not be read. As for non-wordpress sites, they don’t even work with https after the install. Also, not all wordpress sites work with https after the install. This is kind of odd. What should I modify in the sites enabled or default configs to make cerbot works properly?
In case of mixed content, you may easily spot the reason with the help of the following site: https://www.whynopadlock.com/
You have to make sure that all resources are loaded via https if the page is displayed via https.
That means, you should avoid full qualified urls (http://foobar.com/css/main.css) and use path names to the resources (/css/main.css) instead. If the resources are located on an external site, you have to include them via https://...
On the same server? This error indicates that nginx is not listening on port 443. I also notice, that your first mentioned (nsfw) domain is hosted via cloudflare, do you terminate your ssl there and only offer http on your server?
You can check that with the following command on the server:
netstat -tpln
It shows, which program is listening on which port.
Of course - nginx is listening on port 80. I did not know I had to change it manually on all enabled sites to 443. That’s pretty much what I was asking. So, I have to do all the rewrites from http to https and http://www. to https://? Oh… I thought the nginx plugin does that automatically. I change the port, restart the server, but I still get “Unable to connect” error.