Hi, I have kind of a reverse proxy setup with Nginx, here’s my config:

server {
        listen 80;
        return 301$request_uri;
server {
        listen 443;
        ssl_certificate /etc/letsencrypt/live/;
        ssl_certificate_key /etc/letsencrypt/live/;
        location / {
                proxy_read_timeout      90;

Chrome on my laptop and phone are returning an ERR_SSL_PROTOCOL_ERROR and SSL Labs is telling me my site doesn’t even have a certificate. The two certificate files do exist, and this same type of configuration works perfectly on other servers of mine. I can’t think of any reason this shouldn’t work, but maybe I’m just being dumb. Nginx gives no errors and works fine, and I’ve tried everything I can think of, I even made the files and directories all with 777 permissions (this isn’t a production server, it’ll be down in a few days) and nothing.

Any idea?


Well, something is wrong indeed:

osiris@desktop ~ $ openssl s_client -connect -servername
139865335457424:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:795:
no peer certificate available
No client certificate CA names sent
SSL handshake has read 7 bytes and written 342 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
osiris@desktop ~ $ telnet 443
Connected to
Escape character is '^]'.
GET / HTTP/1.1

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)

From the nginx docs:

To configure an HTTPS server, the ssl parameter must be enabled on listening sockets in the server block, and the locations of the server certificate and private key files should be specified:

server {
    listen              443 ssl;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;

So that’s your problem. You’ve got to add ssl to the listen 443 part to enable TLS in the first place…