Do_handshake() failed when front and back on same server

I have an Amazon EC2 instance with my front end in Angular and back end in python Flask.
I want to serve both apps on that instance using Nginx.

I can serve the front without problems using Nginx and the Certbot certification is working.
But then when I add the backend and try to reach it through the front end, I get the do_handshake() failed error. Note that if I just do a get on the back end, Nginx can serve it, only if the request comes from the front that it doesn't work and the error appears.

Here's my Nginx server config file:

server {
        location / {
                    root /home/ubuntu/front_end/dist/;
        location /gan {
                    proxy_pass http:;
        listen 443 ssl; # managed by Certbot
        ssl_certificate /etc/letsencrypt/live/; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

server {
       if ($host = {
            return 301 https://$host$request_uri;
       } # managed by Certbot

      if ($host = {
            return 301 https://$host$request_uri;
      } # managed by Certbot

     listen 80;
     return 404; # managed by Certbot

And here some part of the Nginx error file

2022/03/06 08:56:40 [crit] 3668#3668: *608 SSL_do_handshake() failed 
(SSL: error:14201044:SSL routines:tls_choose_sigalg:internal error) while SSL
 handshaking client:, server:

My domain is:

My web server is (include version): nginx 1.18

The operating system my web server runs on is (include version): Ubuntu 20.04.3

I can login to a root shell on my machine (yes or no, or I don't know): yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 0.40.0

Thank you in advance for any help provided.

1 Like

I think your location blocks are in the wrong order.

Your proxy_pass directive forgot two slashes after the colon, and it doesn't usually live alone. There are several reverse proxy configuration directives.

What does your browser console tell you, anyhow?

PS: port 5000, http or https?

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.