Hi @beau.haus,
So this is the guilty for your timeouts ;). What you can do instead of destroy it, is add two new rules in the inbound part adding port 80 and port 443.
Cheers,
sahsanu
1 Like
oh jeeze. I apologize for not being explicit about this. --The instructor in this excellent class enables it in the GUI and seems to have no prob getting it all up & running.
Okay, I’ll try to do that as instructed.
using
sudo ufw allow 443
&
sudo ufw allow 80
–I’ll then report back–
ufw adjusts the firewall in your kernel. You have to change DigitalOcean’s Cloud Firewall thing in the control panel. On the page with the “New rule” button from before.
1 Like
It is working fine now, I can connect to your server and the location is working fine so go ahead and get the cert 
$ curl -IkL -m10 beau.haus
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Tue, 27 Mar 2018 22:12:42 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 209
Connection: keep-alive
X-Powered-By: Express
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Sat, 24 Mar 2018 11:33:01 GMT
ETag: W/"d1-16257c88528"
$ curl -IkL -m10 beau.haus/.well-known/acme-challenge/test
HTTP/1.1 404 Not Found
Server: nginx/1.10.3 (Ubuntu)
Date: Tue, 27 Mar 2018 22:13:36 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Both outputs show we are doing it well
My God. You’ve gone to such trouble on my behalf. ok
I will go ahead with the following:
certbot certonly -a webroot -w /tmp -d beau.haus,www.beau.haus
1 Like
Amazing.
You are a genius!
I’m endlessly grateful.
–I’ve learnt a great deal from this–
Cheers,
Beau
1 Like
No, I’m not a genius but thank you. I suppose you got the Congratulations message so now you should create the server block for port 443 that I posted above, restart nginx and test the connection. It is too late here so I’ll take a look tomorrow morning just in case there is any other issue.
Good Morning!
I have edited the sites-available/default (as advised)
CopyPasta from my terminal
beau@beauhaus:/etc/nginx/sites-available$ sudo service nginx restart
beau@beauhaus:/etc/nginx/sites-available$ cat default
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
# server_name beau.haus www.beau.haus;
server_name _;
location ~ /.well-known/acme-challenge/ {
allow all;
default_type "text/plain";
root /tmp;
}
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
proxy_pass http://127.0.0.1:3001;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php7.0-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php7.0-fpm:
# fastcgi_pass unix:/run/php/php7.0-fpm.sock;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
server_name beau.haus www.beau.haus;
location / {
proxy_pass http://127.0.0.1:3001;
}
ssl_certificate /etc/letsencrypt/live/beau.haus/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/beau.haus/privkey.pem;
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
}
beau@beauhaus:/etc/nginx/sites-available$
Although, I’d like to create a new file & create a symbolic link, I thought minimizing the complexity (rather than go swimming out beyond my depth) might be more practical for the time-being.
–Although sudo nginx -t seems not to complain, perhaps I have a bit more to do.
I have one issue in that.
https://beau.haus & https://www.beau.haus are secure. 
As typed manually, they’re just fine. (SSL Labs gives me an A)
However, beau.haus or www.beau.haus are not redirecting to https://beau.haus.
(I thought it might be a caching issue, but perhaps not).
Incognito browser does the same.
At any rate… As always I’m grateful.
I gotta say, as a front-end guy… I have acquired massive respect for people who do backend & I’m sure this is just a hint of what it must be like.
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.