Expiry issue is fixed now thank you all for your support.
They install SSL in proxy server also after I install the SSL in this instance
So the certificate was fetched from that server and it was not used from the server i have access
That's why whatever I tried it didn't work and I have asked this issue before coming here also but the non-technical guy in between didn't give me proper answer.
I have pasted the output in above reply also
nginx: [warn] conflicting server name "fra.kucm.ac.kr" on 0.0.0.0:80, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
When certbot install SSL it remove listen 80 from previous block but it cause TOO_MANY_REDIRECT error so i have to add that and it runs but gives this warning. Please sugesst me how to fix the warning.
Search for where it is used with:
sudo grep -Ri fra.kucm.ac.kr /etc/nginx/
For this case at first I have this code no warning or any issue here:
server {
listen 80;
server_name fra.kucm.ac.kr;
....
}
After I install SSL the code becomes
server {
server_name fra.kucm.ac.kr;
....
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/fra.kucm.ac.kr/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/fra.kucm.ac.kr/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = fra.kucm.ac.kr) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name fra.kucm.ac.kr;
return 404; # managed by Certbot
}
Additional code is added by certbot and listen 80 is removed but it causes too_many_redirect error in site
So i again add listen 80 back in the main server block now the site runs fine but shows a warning in test
server {
listen 80;
server_name fra.kucm.ac.kr;
.......
Not a serious problem but why it happens, in my case now i don't need certbot code in my instance so no issue for me but just want to know this.
This is probably the step that is making the problem:
Please show the output of:
And also show output of:
sudo nginx -t
I already removed certbot code since i no longer need it, it has no problem now
I am in my first block code i mention above
sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
sudo grep -Ri fra.kucm.ac.kr /etc/nginx/
/etc/nginx/sites-available/kosin.save.1: server_name fra.kucm.ac.kr;
/etc/nginx/sites-available/kosin.save.1: ssl_certificate /etc/letsencrypt/liv e/fra.kucm.ac.kr/fullchain.pem; # managed by Certbot
/etc/nginx/sites-available/kosin.save.1: ssl_certificate_key /etc/letsencrypt /live/fra.kucm.ac.kr/privkey.pem; # managed by Certbot
/etc/nginx/sites-available/kosin.save.1: if ($host = fra.kucm.ac.kr) {
/etc/nginx/sites-available/kosin.save.1: server_name fra.kucm.ac.kr;
/etc/nginx/sites-available/kosin: server_name fra.kucm.ac.kr;
/etc/nginx/sites-available/kosin.save: server_name fra.kucm.ac.kr;
/etc/nginx/sites-available/kosin.save: ssl_certificate /etc/letsencrypt/live/ fra.kucm.ac.kr/fullchain.pem; # managed by Certbot
/etc/nginx/sites-available/kosin.save: ssl_certificate_key /etc/letsencrypt/l ive/fra.kucm.ac.kr/privkey.pem; # managed by Certbot
/etc/nginx/sites-available/kosin.save: if ($host = fra.kucm.ac.kr) {
/etc/nginx/sites-available/kosin.save: server_name fra.kucm.ac.kr;
/etc/nginx/sites-available/kosin.save: if ($host = fra.kucm.ac.kr) {
/etc/nginx/sites-available/kosin.save: server_name fra.kucm.ac.kr;
/etc/nginx/sites-enabled/kosin: server_name fra.kucm.ac.kr;
root@kosin-prof-new:/home/ubuntu# sudo grep -Ri fra.kucm.ac.kr /etc/nginx/
/etc/nginx/sites-available/kosin.save.1: server_name fra.kucm.ac.kr;
/etc/nginx/sites-available/kosin.save.1: ssl_certificate /etc/letsencrypt/liv e/fra.kucm.ac.kr/fullchain.pem; # managed by Certbot
/etc/nginx/sites-available/kosin.save.1: ssl_certificate_key /etc/letsencrypt /live/fra.kucm.ac.kr/privkey.pem; # managed by Certbot
/etc/nginx/sites-available/kosin.save.1: if ($host = fra.kucm.ac.kr) {
/etc/nginx/sites-available/kosin.save.1: server_name fra.kucm.ac.kr;
/etc/nginx/sites-available/kosin: server_name fra.kucm.ac.kr;
/etc/nginx/sites-available/kosin.save: server_name fra.kucm.ac.kr;
/etc/nginx/sites-available/kosin.save: ssl_certificate /etc/letsencrypt/live/ fra.kucm.ac.kr/fullchain.pem; # managed by Certbot
/etc/nginx/sites-available/kosin.save: ssl_certificate_key /etc/letsencrypt/l ive/fra.kucm.ac.kr/privkey.pem; # managed by Certbot
/etc/nginx/sites-available/kosin.save: if ($host = fra.kucm.ac.kr) {
/etc/nginx/sites-available/kosin.save: server_name fra.kucm.ac.kr;
/etc/nginx/sites-available/kosin.save: if ($host = fra.kucm.ac.kr) {
/etc/nginx/sites-available/kosin.save: server_name fra.kucm.ac.kr;
/etc/nginx/sites-enabled/kosin: server_name fra.kucm.ac.kr;
I can simulate all three-step if you like to see
Is this issue is also due to proxy having SSL in both server like that
because certbot install shouldn't result in error i was wondering that
Yes, I can't fix it when it is not broken
I think you will continue to have this problem every time you run certbot
with nginx
installer.
Until we fix it the right way.
This is the file we need to see when it is broken:
/etc/nginx/sites-enabled/kosin
When you post the file, please put three backticks above and also below it.
Like this:
```
your posted file
```
Thanks it will help to read it better
This is the second state code block I mention above
proxy_cache_path /home/ubuntu/log/cache levels=1:2 keys_zone=my_cache:10m max_size=10g
inactive=60m use_temp_path=off;
# Expires map
map $sent_http_content_type $expires {
default off;
text/html epoch;
text/css max;
application/javascript max;
~image/ max;
}
server {
server_name fra.kucm.ac.kr;
expires $expires;
location /static {
alias /home/ubuntu/kosin/static;
}
location /media {
alias /home/ubuntu/kosin/media;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/ubuntu/kosin/ppes.sock;
proxy_cache my_cache;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502
http_503 http_504;
proxy_cache_background_update on;
proxy_cache_lock on;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
if ($request_uri ~* ".(ico|css|js|gif|jpe?g|png|woff2)$") {
expires 30d;
access_log off;
add_header Pragma public;
add_header Pragma public;
add_header Cache-Control "public";
break;
}
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/fra.kucm.ac.kr/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/fra.kucm.ac.kr/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = fra.kucm.ac.kr) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name fra.kucm.ac.kr;
return 404; # managed by Certbot
}
Please see the site is down now fra.kucm.ac.kr
I can't keep site down for long so
OK now post what you have when you fix it.
And, if you can, also show:
nginx -t
for both cases.
I just add listen 80 in first server block and it will run, but gives warning
I have already posted this above two times
nginx: [warn] conflicting server name "fra.kucm.ac.kr" on 0.0.0.0:80, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
That is not a real fix.
Show
nginx -t
We need to remove that problem and have your site working...
hmm...
Show the "working" copy of the file please.
This is the thrid block of code i mention above
proxy_cache_path /home/ubuntu/log/cache levels=1:2 keys_zone=my_cache:10m max_size=10g
inactive=60m use_temp_path=off;
# Expires map
map $sent_http_content_type $expires {
default off;
text/html epoch;
text/css max;
application/javascript max;
~image/ max;
}
server {
listen 80;
server_name fra.kucm.ac.kr;
expires $expires;
location /static {
alias /home/ubuntu/kosin/static;
}
location /media {
alias /home/ubuntu/kosin/media;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/ubuntu/kosin/ppes.sock;
proxy_cache my_cache;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502
http_503 http_504;
proxy_cache_background_update on;
proxy_cache_lock on;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
if ($request_uri ~* ".(ico|css|js|gif|jpe?g|png|woff2)$") {
expires 30d;
access_log off;
add_header Pragma public;
add_header Cache-Control "public";
break;
}
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/fra.kucm.ac.kr/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/fra.kucm.ac.kr/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = fra.kucm.ac.kr) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name fra.kucm.ac.kr;
return 404; # managed by Certbot
}
It runs fine but gives warning in nginx -t which i have pasted above
OK try this:
- remove the second server block:
- add after listen 80; line:
if ($ssl_protocol = "") {
return 301 https://$host$request_uri;
}# if
- restart nginx
- show:
nginx -t
ok but why installing certbot (certbot added code) gives error that shouldn't have happened yes?
Yes, it should not have happened.
I can't really find anything wrong with the code certbot
created.
Please now show again:
nginx -t
and does the site work now?
- Does HTTP redirect to HTTPS?
- Does HTTPS work?
- Did nginx stop complaining about the conflicting name?
nginx works fine but it is the same as 2nd step of the code
It gives too_many_redirect error
May be it is due to proxy server I guess because your method also acting as certbot added code
I am ok since I don't have to write the certbot in this server so i am fine with the first step of the code
Thank you for your support I guess we shouldn't stress more on it probably due to proxy it is giving too many redirect