Hello,
certbot ran successfully: there are certificates, there are SSL lines in the nginx server block, nginx has restarted. http://folkrnn.org works, as before. But https://folkrnn.org doesn’t connect.
This all feels quite vanilla, but it’s not working for me, I can’t work out why, and it’s driving me mad. In particular I can’t find any sign of why it’s not working in e.g. systemctl status nginx.
(I’m reverse-proxying a daphne ASGI app. But even requesting a static file, entirely handled by nginx, doesn’t work. I’ve included the nginx conf below, at the end.)
I’ve read many threads here with other people’s issues but not got any leads.
Any pointers?
Thanks in advance,
Toby
My domain is:
I ran this command:
sudo certbot --non-interactive --nginx --agree-tos -m <redacted> -d folkrnn.org -d www.folkrnn.org -d themachinefolksession.org -d www.themachinefolksession.org
It produced this output:
…is beyond scrollback’s reach. But it said it was happy. And, e.g.
$ sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Found the following certs:
Certificate Name: folkrnn.org
Domains: folkrnn.org themachinefolksession.org www.folkrnn.org www.themachinefolksession.org
Expiry Date: 2018-08-13 16:21:58+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/folkrnn.org/fullchain.pem
Private Key Path: /etc/letsencrypt/live/folkrnn.org/privkey.pem
-------------------------------------------------------------------------------
My web server is (include version):
$ nginx -V
nginx version: nginx/1.10.3 (Ubuntu)
built with OpenSSL 1.0.2g 1 Mar 2016
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_v2_module --with-http_sub_module --with-http_xslt_module --with-stream --with-stream_ssl_module --with-mail --with-mail_ssl_module --with-threads
The operating system my web server runs on is (include version):
Ubuntu 16.04
My hosting provider, if applicable, is:
N/A
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No
Aaaaaand for good measure, here is the nginx sites-available file.
$ cat /etc/nginx/sites-available/folkrnn.org
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
server_name folkrnn.org www.folkrnn.org;
client_max_body_size 1000M;
location /static {
alias /folk_rnn_static;
}
location / {
proxy_pass http://unix:/folk_rnn_tmp/folk_rnn.org.socket;
proxy_set_header Host folkrnn.org;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/folkrnn.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/folkrnn.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}