Https://check-your-website.server-daten.de/?q=ggc.world : fatal error: No https - result with http-status 200, no encryption

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: ggc.world

I ran this command:

Hi!,

Following these well done indications: https://gist.github.com/cecilemuller/a26737699a7e70a7093d4dc115915de8 I installed the certification:

(base) marco@pc01:~$ sudo nano /etc/nginx/sites-available/ggc.world.conf

server {
listen 80;
listen [::]:80;

    server_name ggc.world www.ggc.world;
    root /var/www/ggc.world;

    index index.html;
    location / {
            try_files $uri $uri/ =404;
    }

}

(base) marco@pc01:~ sudo rm /etc/nginx/sites-enabled/default (base) marco@pc01:~ sudo ln -s /etc/nginx/sites-available/ggc.world.conf /etc/nginx/sites-enabled/ggc.world.conf
(base) marco@pc01:~ sudo systemctl reload nginx (base) marco@pc01:~ sudo systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2020-02-11 11:16:22 CET; 1h 3min ago
Docs: man:nginx(8)
Process: 19025 ExecReload=/usr/sbin/nginx -g daemon on; master_process on; -s reload (code=exited, status=0/SUCCESS)
Main PID: 4461 (nginx)
Tasks: 9 (limit: 4915)
CGroup: /system.slice/nginx.service
├─ 4461 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
├─19026 nginx: worker process
├─19027 nginx: worker process
├─19028 nginx: worker process
├─19029 nginx: worker process
├─19030 nginx: worker process
├─19031 nginx: worker process
├─19032 nginx: worker process
└─19033 nginx: worker process

feb 11 11:16:22 pc01 systemd[1]: Starting A high performance web server and a reverse proxy server…
feb 11 11:16:22 pc01 systemd[1]: Started A high performance web server and a reverse proxy server.
feb 11 11:59:29 pc01 systemd[1]: Reloading A high performance web server and a reverse proxy server.
feb 11 11:59:29 pc01 systemd[1]: Reloaded A high performance web server and a reverse proxy server.
feb 11 12:19:28 pc01 systemd[1]: Reloading A high performance web server and a reverse proxy server.
feb 11 12:19:28 pc01 systemd[1]: Reloaded A high performance web server and a reverse proxy server.
(base) marco@pc01:~$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

(base) marco@pc01:~ sudo apt-get update Ign:1 http://dl.google.com/linux/chrome/deb stable InRelease Hit:2 http://it.archive.ubuntu.com/ubuntu bionic InRelease Get:3 http://security.ubuntu.com/ubuntu bionic-security InRelease [88,7 kB] Get:4 http://it.archive.ubuntu.com/ubuntu bionic-updates InRelease [88,7 kB] Hit:5 http://dl.google.com/linux/chrome/deb stable Release Get:6 http://it.archive.ubuntu.com/ubuntu bionic-backports InRelease [74,6 kB] Get:8 http://it.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages [851 kB] Get:9 http://security.ubuntu.com/ubuntu bionic-security/main amd64 DEP-11 Metadata [38,6 kB] Get:10 http://security.ubuntu.com/ubuntu bionic-security/main DEP-11 48x48 Icons [17,6 kB] Get:11 http://security.ubuntu.com/ubuntu bionic-security/main DEP-11 64x64 Icons [41,5 kB] Get:12 http://security.ubuntu.com/ubuntu bionic-security/universe amd64 DEP-11 Metadata [42,1 kB] Get:13 http://security.ubuntu.com/ubuntu bionic-security/universe DEP-11 64x64 Icons [111 kB] Get:14 http://security.ubuntu.com/ubuntu bionic-security/multiverse amd64 DEP-11 Metadata [2.464 B] Get:15 http://it.archive.ubuntu.com/ubuntu bionic-updates/main amd64 DEP-11 Metadata [294 kB] Get:16 http://it.archive.ubuntu.com/ubuntu bionic-updates/main DEP-11 48x48 Icons [73,8 kB] Get:17 http://it.archive.ubuntu.com/ubuntu bionic-updates/main DEP-11 64x64 Icons [140 kB] Get:18 http://it.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 DEP-11 Metadata [264 kB] Get:19 http://it.archive.ubuntu.com/ubuntu bionic-updates/universe DEP-11 48x48 Icons [203 kB] Get:20 http://it.archive.ubuntu.com/ubuntu bionic-updates/universe DEP-11 64x64 Icons [464 kB] Get:21 http://it.archive.ubuntu.com/ubuntu bionic-updates/multiverse amd64 DEP-11 Metadata [2.468 B] Get:22 http://it.archive.ubuntu.com/ubuntu bionic-backports/universe amd64 DEP-11 Metadata [8.280 B] Fetched 2.807 kB in 1s (3.005 kB/s) Reading package lists... Done (base) marco@pc01:~ sudo apt-get install software-properties-common
Reading package lists… Done
Building dependency tree
Reading state information… Done
software-properties-common is already the newest version (0.96.24.32.12).
software-properties-common set to manually installed.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
(base) marco@pc01:~ sudo add-apt-repository universe 'universe' distribution component is already enabled for all sources. (base) marco@pc01:~ sudo add-apt-repository ppa:certbot/certbot
This is the PPA for packages prepared by Debian Let’s Encrypt Team and backported for Ubuntu.

Note: Packages are only provided for currently supported Ubuntu releases.
More info: https://launchpad.net/~certbot/+archive/ubuntu/certbot
Press [ENTER] to continue or Ctrl-c to cancel adding it.

Hit:1 http://it.archive.ubuntu.com/ubuntu bionic InRelease
Hit:2 http://it.archive.ubuntu.com/ubuntu bionic-updates InRelease
Hit:3 http://it.archive.ubuntu.com/ubuntu bionic-backports InRelease
Ign:4 http://dl.google.com/linux/chrome/deb stable InRelease
Hit:5 http://security.ubuntu.com/ubuntu bionic-security InRelease
Get:6 http://ppa.launchpad.net/certbot/certbot/ubuntu bionic InRelease [21,3 kB]
Hit:7 http://dl.google.com/linux/chrome/deb stable Release
Get:9 http://ppa.launchpad.net/certbot/certbot/ubuntu bionic/main amd64 Packages [8.032 B]
Get:10 http://ppa.launchpad.net/certbot/certbot/ubuntu bionic/main i386 Packages [8.028 B]
Get:11 http://ppa.launchpad.net/certbot/certbot/ubuntu bionic/main Translation-en [4.176 B]
Fetched 41,5 kB in 1s (58,8 kB/s)
Reading package lists… Done

(base) marco@pc01:~$ sudo apt-get update
Hit:1 http://ppa.launchpad.net/certbot/certbot/ubuntu bionic InRelease
Hit:2 http://it.archive.ubuntu.com/ubuntu bionic InRelease
Ign:3 http://dl.google.com/linux/chrome/deb stable InRelease
Hit:4 http://it.archive.ubuntu.com/ubuntu bionic-updates InRelease
Hit:5 http://it.archive.ubuntu.com/ubuntu bionic-backports InRelease
Hit:6 http://dl.google.com/linux/chrome/deb stable Release
Hit:7 http://security.ubuntu.com/ubuntu bionic-security InRelease
Reading package lists… Done

(base) marco@pc01:~ sudo apt-get install certbot python-certbot-nginx Reading package lists... Done Building dependency tree Reading state information... Done certbot is already the newest version (0.31.0-1+ubuntu18.04.1+certbot+1). python-certbot-nginx is already the newest version (0.31.0-1+ubuntu18.04.1+certbot+1). 0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded. (base) marco@pc01:~ sudo certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter ‘c’ to
cancel): ippolito.marco@gmail.com


Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory


(A)gree/©ancel: A


Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let’s Encrypt project and the non-profit
organization that develops Certbot? We’d like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.


(Y)es/(N)o: N

Which names would you like to activate HTTPS for?


1: ggc.world
2: www.ggc.world


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel):
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for ggc.world
http-01 challenge for www.ggc.world
Waiting for verification…
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/ggc.world.conf
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/ggc.world.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.


1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you’re confident your site works on HTTPS. You can undo this
change by editing your web server’s configuration.


Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/ggc.world.conf
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/ggc.world.conf


Congratulations! You have successfully enabled https://ggc.world and
https://www.ggc.world

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=ggc.world
https://www.ssllabs.com/ssltest/analyze.html?d=www.ggc.world


IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/ggc.world/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/ggc.world/privkey.pem
    Your cert will expire on 2020-05-11. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot again
    with the “certonly” option. To non-interactively renew all of
    your certificates, run “certbot renew”

  • Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

Following the indications here: https://gist.github.com/cecilemuller/a26737699a7e70a7093d4dc115915de8
I then modified /etc/nginx/sites-available/ggc.world.conf and /etc/letsencrypt/options-ssl-nginx.conf for a tighter security:

(base) marco@pc01:~$ sudo nano /etc/nginx/sites-available/ggc.world.conf

server {

        server_name ggc.world www.ggc.world;
        root /var/www/ggc.world;

        index index.html;
        location / {
                try_files $uri $uri/ =404;
        }

    #listen [::]:443 ssl ipv6only=on; # managed by Certbot
    #listen 443 ssl; # managed by Certbot

    listen [::]:443 ssl http2 ipv6only=on;
    listen 443 ssl http2;
    gzip off;

    ssl_certificate /etc/letsencrypt/live/ggc.world/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/ggc.world/privkey.pem; # managed by Certbot

    ssl_trusted_certificate /etc/letsencrypt/live/ggc.world/chain.pem;

    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    if ($host = www.ggc.world) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = ggc.world) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        listen 80;
        listen [::]:80;

        server_name ggc.world www.ggc.world;
    return 404; # managed by Certbot

}

(base) marco@pc01:~$ sudo nano /etc/letsencrypt/options-ssl-nginx.conf

# This file contains important security parameters. If you modify this file
# manually, Certbot will be unable to automatically provide future security
# updates. Instead, Certbot will print and log an error message with a path to
# the up-to-date file that you will need to refer to when manually updating
# this file.

ssl_session_cache shared:le_nginx_SSL:1m;
ssl_session_timeout 1d;
ssl_session_tickets off;

ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;

ssl_stapling on;
ssl_stapling_verify on;

add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload;";
add_header Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; script-src 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; form-action 'self';";
add_header Referrer-Policy "no-referrer, strict-origin-when-cross-origin";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";

I then reloaded and restarted nginx server:

(base) marco@pc01:~$ sudo systemctl reload nginx
(base) marco@pc01:~$ sudo systemctl start nginx
(base) marco@pc01:~$ sudo systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2020-02-11 11:16:22 CET; 1h 30min ago
     Docs: man:nginx(8)
  Process: 23810 ExecReload=/usr/sbin/nginx -g daemon on; master_process on; -s reload (code=exited, status=0/SUCCESS)
 Main PID: 4461 (nginx)
    Tasks: 9 (limit: 4915)
   CGroup: /system.slice/nginx.service
           ├─ 4461 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
           ├─23813 nginx: worker process
           ├─23815 nginx: worker process
           ├─23816 nginx: worker process
           ├─23817 nginx: worker process
           ├─23818 nginx: worker process
           ├─23819 nginx: worker process
           ├─23820 nginx: worker process
           └─23821 nginx: worker process

feb 11 11:16:22 pc01 systemd[1]: Starting A high performance web server and a reverse proxy 
server...
feb 11 11:16:22 pc01 systemd[1]: Started A high performance web server and a reverse proxy 
server.
feb 11 11:59:29 pc01 systemd[1]: Reloading A high performance web server and a reverse proxy 
server.
feb 11 11:59:29 pc01 systemd[1]: Reloaded A high performance web server and a reverse proxy 
server.
feb 11 12:19:28 pc01 systemd[1]: Reloading A high performance web server and a reverse proxy 
server.
feb 11 12:19:28 pc01 systemd[1]: Reloaded A high performance web server and a reverse proxy 
server.
feb 11 12:46:16 pc01 systemd[1]: Reloading A high performance web server and a reverse proxy 
server.
feb 11 12:46:16 pc01 systemd[1]: Reloaded A high performance web server and a reverse proxy 
server.
(base) marco@pc01:~$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

It produced this output:

According to https://www.ssllabs.com/ssltest/analyze.html?d=www.ggc.world the overall rating reached is A: https://drive.google.com/open?id=1VdItr6osTNCedxQ8OZcKQC4eVi9f8IC_

I then checked with https://check-your-website.server-daten.de/ :
https://check-your-website.server-daten.de/?q=ggc.world

and I see two errors:
|C| Error - no version with Http-Status 200|

|H| fatal error: No https - result with http-status 200, no encryption

My web server is (include version): nginx version: nginx/1.14.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 18.04.4 Desktop

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot --version certbot 0.31.0

1 Like

It's giving you a result of M because your frontpage currently have a response code of 403. No need to worry.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.