I’m banging my head since yesterday. Even reformatted my DO droplet.
My domain is y21.xyz
I’ve installed Letsencrypt certs and keys with ‘successful’ msg thru my ubuntu terminal.
I used this command to install: certbot --nginx
My Nginx conf file is as under:
server {
if ($host = y21.xyz) {
return 301 https://$host$request_uri;} # managed by Certbot
listen 80;
listen [::]:80;
server_name y21.xyz;
root /var/www/y21-wp;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
}
server {
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
server_name y21.xyz;
root /var/www/y21-wp;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
# ssl_certificate /etc/ssl/y21.xyz.crt;
# ssl_certificate_key /etc/ssl/y21.xyz.key;
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/y21.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/y21.xyz/privkey.pem; # managed by Certbot
}
It produced this output on FF/Even on mobile: An error occurred during a connection to y21.xyz. PR_END_OF_FILE_ERROR
My web server is (include version): Nginx 1.14.0
The operating system my web server runs on is (include version): Linux 1c-3g-60g-3tb 4.15.0-70-generic #79-Ubuntu SMP Tue Nov 12 10:36:11 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
My hosting provider, if applicable, is: DigitalOcean
I can login to a root shell on my machine (yes or no, or I don’t know): Yes.
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.27.0
Nginx -T is like this (they are actually 2 conf files inside 'conf.d' directory. One 'y21.conf' I though have already pasted above, but anyway, here goes the output of the command):
root@1c-3g-60g-3tb:~# nginx -T
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
# configuration file /etc/nginx/modules-enabled/50-mod-http-geoip.conf:
load_module modules/ngx_http_geoip_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-http-image-filter.conf:
load_module modules/ngx_http_image_filter_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf:
load_module modules/ngx_http_xslt_filter_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-mail.conf:
load_module modules/ngx_mail_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-stream.conf:
load_module modules/ngx_stream_module.so;
# configuration file /etc/nginx/mime.types:
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
image/svg+xml svg svgz;
image/webp webp;
application/font-woff woff;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.wap.wmlc wmlc;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}
# configuration file /etc/nginx/conf.d/bathinda.conf:
server {
listen 80;
listen [::]:80;
server_name bathinda.xyz;
root /var/www/bathinda;
index index.html index.htm index.nginx-debian.html index.php;
# If you comment the above line (/var/www/5), then uncomment the next one.
# return 404; # managed by Certbot
if ($host = bathinda.xyz) {
return 301 https://$host$request_uri;} # managed by Certbot
}
server {
listen 443 ssl http2; listen [::]:443 ssl http2;
server_name bathinda.xyz; # <-- change this
# ssl on; #the following is the path of ssl certs if you generated them thru certbot, not thru disco installation.
# ssl_certificate /etc/ssl/certs/chosen_name.crt;
# ssl_certificate_key /etc/ssl/private/chosen_name.key;
# ssl_certificate /var/discourse/shared/web_only/letsencrypt/bobu.xyz/bobu.xyz.cer; #this path is guess from disco orig installation.
# ssl_certificate_key /var/discourse/shared/web_only/letsencrypt/bobu.xyz/bobu.xyz.key; #this path is guess from disco orig installation.
# ssl_certificate /var/discourse/shared/bathinda/ssl/bathinda.xyz.cer;
# ssl_certificate_key /var/discourse/shared/bathinda/ssl/bathinda.xyz.key;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
add_header Strict-Transport-Security "max-age=63072000;";
# ssl_stapling on; #(for increased security, disco uses stapling, but I had to turn it off if I built the disco my way, from self signed certs)
ssl_stapling_verify on;
client_max_body_size 0;
location / {
proxy_pass http://unix:/var/discourse/shared/bathinda/nginx.http.sock:;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Real-IP $remote_addr;
}
location /errorpages/ {
alias /var/www/errorpages/;
}
error_page 502 =502 /errorpages/discourse_offline.html;
error_page 504 =504 /errorpages/discourse_offline.html;
proxy_intercept_errors on;
}
# configuration file /etc/nginx/conf.d/y21-wp.conf:
server {
listen 80;
listen [::]:80;
# return 302 https://$server_name$request_uri;
server_name y21.xyz;
root /var/www/y21-wp;
index index.html index.htm index.nginx-debian.html;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
# Uncomment the below line if it works ok (it should, if you created the snippets files).
# include /etc/nginx/snippets/ssl-params.conf;
server_name y21.xyz;
root /var/www/y21-wp;
index index.html index.htm index.nginx-debian.html;
ssl_certificate /etc/letsencrypt/live/y21.xyz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/y21.xyz/privkey.pem;
location / {
try_files $uri $uri/ =404;
}
}
And curl command:
root@1c-3g-60g-3tb:~# curl https://y21.xyz/
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to y21.xyz:443
I’ve pasted the output for nginx -T.
Do you see any errors there? You say it worked for a moment. Then I was changing code in the conf files (was just experimenting a bit).
Actually I’ve two websites on the same droplet. Thus 2 conf files.
When I generated and installed ssl certificates, there were successful msgs. Without any errors.
When I check out and reload nginx, there are no errors. All ok.
When certs are OK. Nginx is ok. Http version is ok. What remains?
Checked internal, https has send the complete nginx default website with a valid SSL-connection.
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Inside www/y21-wp</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
So that time -> there was a valid and working configuration.