How do I cleanly install ssl certificate on my website after change of server?

Noddy · April 30, 2022, 5:56pm

Hello dear letsencrypt community,

I am running a website (sustainableeateries.com)based on R shiny. I had installed ssl certificates for the domain and they were working perfectly fine.

At some point, I had to move to a new EC2 instance for my website, and I followed a tutorial to migrate the certificates to the new server.

However now I get an error whenever I try to open the website which says there are too many redirects. It will work best for me, if I can simply delete my old certificate and generate new one however since the domain name is the same I am not sure how to do this (basically only the server has changed and not the domain name).

Any help will be deeply appreciated since currently the website is down due to this issue.

Many thanks in advance!

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: sustainableeateries.com

I ran this command: Opening the website on chrome
It produced this output: Too many redirects

My web server is (include version): t2 micro AWS

The operating system my web server runs on is (include version): ubuntu-bionic-18.04-amd64-server

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.26.0

MikeMcQ · April 30, 2022, 6:35pm

Welcome @Noddy

The redirect problem is not caused by your certs. Your nginx server is redirecting requests to itself without end. You need to review your nginx server config. Example:

curl -I https://sustainableeateries.com/

HTTP/1.1 301 Moved Permanently
Server: nginx/1.14.0 (Ubuntu)
Date: Sat, 30 Apr 2022 18:30:53 GMT
Content-Type: text/html
Content-Length: 194
Connection: keep-alive
Location: https://sustainableeateries.com/

(following the Location results in the same redirect forever)

Noddy · April 30, 2022, 6:43pm

Hi @MikeMcQ ,

Thank you for your response. How do I remove the redirect requests from the nginx server?

I simply had let the certbot do the changes to nginx file. I do not know what exactly to change.

Any quick tips?
Thanks again.

9peppe · April 30, 2022, 7:13pm

Somewhere in your nginx config there's a server block that contains:

a listen 443 ssl directive;
a server_name directive including sustainableeateries.com
the redirect

Find it, and show it to us.

Noddy · April 30, 2022, 7:25pm


server {
    # listen 80 means the Nginx server listens on the 80 port.
    # Replace it with your (sub)domain name.
    server_name sustainableateries.com www.sustainableeateries.com 3.142.45.225;
    # The reverse proxy, keep this unchanged:
    location / {
        proxy_pass http://localhost:3838;
        proxy_redirect http://localhost:3838/ $scheme://$host/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_read_timeout 20d;
        proxy_buffering off;


  }
    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/sustainableeateries.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/sustainableeateries.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}


server {
    if ($host = sustainableeateries.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = www.sustainableeateries.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    listen [::]:80;
    server_name sustainableateries.com www.sustainableeateries.com 3.142.45.225;
    return 404; # managed by Certbot

}

This is the entire config file (shiny.conf)

9peppe · April 30, 2022, 10:48pm

This config should work. Are you sure that's all?

rg305 · May 1, 2022, 1:30am

No, it shouldn't.

TYPO
In the middle:

the first has "leat"
the second (and third) has "leeat"

So, it will only work for the "www" site (not the base site).

Noddy · May 1, 2022, 4:31am

Oops! obviously! Embarrassed for the silly thing that I couldn't see.

Thank you!