I can login to a root shell on my machine (yes or no, or I don’t know): Yes using PuTTY
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No (I do use WordPress on the site, does it count?)
More detail:
Hello there. I am junior developer at the company. My boss has gave me a domain for me to develop our new website. Right now, I am configuring WordPress on the temporary domain, before it is moved to permanent domain. I have followed the instruction as per ubuntuxenial-nginx. Everything went smoothly. I even restarted nginx and apache2. When I navigate to the website, it says it can’t be reached. Help me, I’m stuck and don’t know what to do.
download https://temp.raqib.co -h
Error (1): Die zugrunde liegende Verbindung wurde geschlossen: Unerwarteter Fehler beim Senden..
SendFailure
Fehler bei Authentifizierung, da die Gegenseite den Transportstream geschlossen hat.
Ein Fehler ist während einer Verbindung mit temp.raqib.co:80 aufgetreten. SSL hat einen Eintrag erhalten, der die maximal erlaubte Länge überschritten hat. Fehlercode: SSL_ERROR_RX_RECORD_TOO_LONG
So it looks like you send http-content over https. And the 443-port has a wrong configuration.
2018/06/24 07:36:25 [warn] 7824#7824: conflicting server name "test.raqib.co" on 0.0.0.0:443, ignored
2018/06/24 08:06:46 [error] 27255#27255: *4063 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 141.212.122.112, server: 0.0.0.0:443
2018/06/24 08:34:50 [error] 27255#27255: *4066 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 146.0.75.216, server: 0.0.0.0:443
2018/06/24 14:21:37 [error] 27256#27256: *4137 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 74.82.47.5, server: 0.0.0.0:443
2018/06/24 17:33:34 [warn] 11822#11822: conflicting server name "test.raqib.co" on 0.0.0.0:443, ignored
2018/06/24 17:41:37 [error] 27256#27256: *4158 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 139.162.113.204, server: 0.0.0.0:443
2018/06/24 23:58:29 [error] 27256#27256: *4191 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 36.5.176.226, server: 0.0.0.0:443
2018/06/25 01:33:57 [error] 27256#27256: *5268 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 185.35.63.215, server: 0.0.0.0:443
2018/06/25 01:39:45 [error] 27256#27256: *5538 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 60.54.120.129, server: 0.0.0.0:443
2018/06/25 01:39:45 [error] 27256#27256: *5539 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 60.54.120.129, server: 0.0.0.0:443
2018/06/25 01:39:45 [error] 27256#27256: *5540 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 60.54.120.129, server: 0.0.0.0:443
2018/06/25 01:39:45 [error] 27256#27256: *5541 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 60.54.120.129, server: 0.0.0.0:443
2018/06/25 01:39:46 [error] 27256#27256: *5542 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 60.54.120.129, server: 0.0.0.0:443
2018/06/25 01:39:46 [error] 27256#27256: *5543 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 60.54.120.129, server: 0.0.0.0:443
2018/06/25 01:39:46 [error] 27256#27256: *5544 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 60.54.120.129, server: 0.0.0.0:443
2018/06/25 01:39:47 [error] 27256#27256: *5545 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 60.54.120.129, server: 0.0.0.0:443
The problem is that you haven’t actually created any live certificates for test.raqib.co , at any point in the past, which means you probably did not fully complete the instructions at https://certbot.eff.org/lets-encrypt/ubuntuxenial-nginx .
Try
sudo certbot --nginx
and follow the instructions. If you run into any problems, please show the output of the command.
You have an existing certificate that has exactly the same domains or certificat e name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/temp.raqib.co.conf)
What would you like to do?
1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Keeping the existing certificate
Deploying Certificate to VirtualHost /etc/nginx/conf.d/temp.raqib.co.conf
nginx: [warn] conflicting server name "test.raqib.co" on 0.0.0.0:443, ignored
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP ac cess.
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Traffic on port 80 already redirecting to ssl in /etc/nginx/conf.d/temp.raqib.co .conf
nginx: [warn] conflicting server name "test.raqib.co" on 0.0.0.0:443, ignored
Congratulations! You have successfully enabled https://temp.raqib.co
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=temp.raqib.co
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/temp.raqib.co/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/temp.raqib.co/privkey.pem
Your cert will expire on 2018-09-20. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
root@raqib:~# service apache2 restart
root@raqib:~# service nginx restart