How do I troubleshoot The TLS connection was non-properly terminated

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: https://www.open-plant.com

I ran this command: curl -l https://www.open-plant.com

It produced this output: curl: (35) gnutls_handshake() failed: The TLS connection was non-properly terminated.

My web server is (include version): nginx/1.10.3 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 16.04.7 LTS

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 0.31.0

The first thing I'd look is in the nginx logs. If those don't tell you much, you should increase the verbosity, until the logs tell you something useful.

Hi @azrinsani and welcome to the LE community forum

Is this the first secure vhost running on this server?
In any case, we should have a look at the full nginx config, with:
nginx -T

Hi, thank you for the fast reply. Here is attached the output of my Nginx -T command. Never knew about this command. It's a very long file!

Btw none of my websites are working at the moment.

This is the output I get from command 'cat /var/log/nginx/error.log' after trying to open https://www.open-plant.com

2022/01/16 08:16:53 [error] 30879#30879: *846 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 220.158.189.181, server: 0.0.0.0:443
2022/01/16 08:16:53 [error] 30879#30879: *847 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 220.158.189.181, server: 0.0.0.0:443
2022/01/16 08:16:55 [error] 30879#30879: *848 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 220.158.189.181, server: 0.0.0.0:443
2022/01/16 08:16:55 [error] 30879#30879: *849 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 220.158.189.181, server: 0.0.0.0:443

Why would you do this?:

    # include /etc/nginx/sites-enabled/*.conf;
    include /etc/nginx/sites-available/*.conf;

What do you mean? The main config file is
/etc/nginx/sites-available/default.conf

this is where everything goes.

Then you are entirely missing the value of the /sites-enabled/ folder.

I'd make this a bit more standard:

        listen 80;listen [::]:80;

Like:

        listen 80;
        listen [::]:80;

[not very likely to fix anything - but easier on the eye]

Try changing:

        listen [::]:443 ssl ipv6only=on; # managed by Certbot
        listen 443 ssl; # managed by Certbot

To:

        listen 443 ssl; # managed by Certbot

Thanks for the suggestiosn but I tried both suggestions neither of them seems to work. It still says (in nginx logs)

2022/01/16 14:04:12 [error] 1557#1557: *14 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 220.158.189.181, server: 0.0.0.0:443

when I try browsing the website. Weird its saying no SSL certificate but my SSL certs are all valid

Certificate Name: open-plant.com
Domains: open-plant.com
Expiry Date: 2022-03-23 15:02:26+00:00 (VALID: 66 days)
Certificate Path: /etc/letsencrypt/live/open-plant.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/open-plant.com/privkey.pem

Thank for the suggestions but none of them worked, I am still seeting the same error when browsing my website (nginx logs)

2022/01/16 14:04:12 [error] 1557#1557: *14 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 220.158.189.181, server: 0.0.0.0:443

This problem is happening to all my websites, therefore it must be something related to a global setting.

The only strange thing I can find is that there's only a server_name www.open-plant.com which is missing the hostname open-plant.com (i.e.: without www).

But if that's going to fix your nginx, I'm not sure.

Also, I've never seen that error message before. Usually, a webserver refuses to start if it can't find the certificate at start up.. So why is it only complaining when connecting? I dunno..

Thank you all for the help. I found the culprit. It was actually due to two similar "include" statements found in the various conf files. Particularly it was the '/etc/nginx/sites-available/default.conf' file and the '/etc/nginx/sites-enabled/00-default.conf' files

Nginx is so convoluted!

It was nothing to do with Lets Encrypt. But thank you very much for all the help, definitely it pointed me to the right direction.

I wish I could buy you guys a coffee or two

As Rudy already somewhat hinted to, but not explicitely said:

The sites-available is a directory where AVAILABLE configuration files are placed. Usually, one would ENABLE some (or all, if required) of those configuration files by symbolically linking files from the sites-available to the sites-enabled directory. And in the main nginx configuration, one would only include the sites-enabled directory. That way, by aid of the symbolic links, one can choose which configuration file one does and doesn't want to have enabled.

Including the entire sites-available directory is not how the nginx directory structure is supposed to work.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.