I have an opensuse (V15.3) server. It has been running nginx with http for some time. I have recently installed cerbot onto a test domain, and successfully installed the certificate. Cerbot modified my nginx conf (for that domain) as shown below.
Unfortunately, it is NOT working, and I am seeking help to fix it.
server {
server_name my.domain.name *.my.domain.name;
access_log on;
access_log /BaseFolder/my.domain.name/logs/access.log;
error_log on;
error_log /BaseFolder/my.domain.name/logs/error.log;
location / {
root /BaseFolder/my.domain.name/defaultpage/;
index index.html;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/my.domain.name/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/my.domain.name/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = my.domain.name) {
return 301 https://$host$request_uri;
} # managed by Certbot
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Your port 80 is open but port 443 is not. Check your firewall and router if you have one
nmap petersplace.net.au -p80,443
rDNS record for 14.201.33.13: 14-201-33-13.static.tpgi.com.au
PORT STATE SERVICE
80/tcp open http
443/tcp filtered https
curl -I https://petersplace.net.au
curl: (28) Failed to connect to petersplace.net.au port 443 after 131288 ms: Connection timed out
Can you describe more about your hosting? Are you hosting at home?
If at home check each piece of equipment from your server which connects to your ISP. You have some sort of modem or router connecting to your ISP. You might have other equipment between that and your server. Check all of them.
There is nothing in the wide internet infrastructure that could do this. It is most likely on your premises or less likely in your hosting service.
EDIT:
Can you reach your https site from outside your local network? Maybe try a mobile phone but disable wifi so it uses the cell network.
This is the way I have been testing it - I tethered my laptop to my phone, then I can switch it from internal to external.
Yes, I am hosting at this location. I have been running the site for many years using http - all good. I am looking to transition to https - petersplace.net.au is just a trial.
I have been in contact ALL parties upstream. I suspect it is the modem my ISP has provided. My ISP is trying to locate an earlier model which MAY resolve this issue.
When I started this topic, I had 3 problems - 404, Timeout, Denial. Hopefully, I have fixed the 404. But will unblocking 443 fix the other 2?
Thank you very much for the heads-up on the wildcard certificates.
I will look further into that when I get time. In the meantime, I have split my domain into two separate certificates (petersplace.net.au & www.petersplace.net.au).
An update:- I have received a replacement modem from my ISP, this has resolved the port 443 blockage. However, it has created some other challenges for me...
Thank you everyone for your assistance with this matter.