Installed for 1 website but now all other websites on the same nginx server are not working


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: properties.fatpalm.com

I ran this command: sudo letsencrypt certonly -a webroot --webroot-path=/home/api.fatpalm.com/html/properties/properties/ -d properties.fatpalm.com -d properties.fatpalm.com

It produced this output:
it installed letsenrypt successfully
My web server is (include version): nginx

The operating system my web server runs on is (include version):
ubunto 17.10
My hosting provider, if applicable, is:
linode.com
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no, i use shell

I installed for one domain name but now all the rest of the websites that are configured under the same nginx are not working. they seem to be directed to the same domain name which i installed the certificate for:
https://properties.fatpalm.com/


#2

Hi @edgebasis,

With certonly you would have had to install the certificate yourself by editing the nginx configuration file; did you do that, and what kind of modifications did you make to your nginx configuration? Could you share the nginx configuration here?


#3

Can you give one example of a site that is NOT working?

and why do you list the same domain twice?:


#4

hi @schoen
this is my properties.fatpalm.com configuration(the one that is working):

server {

    listen 80;
    listen [::]:80;

    root /home/api.fatpalm.com/html/properties/properties;
    index index.php index.htm index.html;
    server_name properties.fatpalm.com;
    return 301 https://$host$request_uri;
    location / {
    try_files $uri $uri/ =404;
    }

     location ~ \.php$ {
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/run/php/php7.1-fpm.sock;
}

}

server {
server_name properties.fatpalm.com;
listen 443 ssl;
listen [::]:443 ssl;
root /home/api.fatpalm.com/html/properties/properties;
index index.php index.htm index.html;
ssl_certificate /etc/letsencrypt/live/properties.fatpalm.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/properties.fatpalm.com/privkey.pem;

}

this is the nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
worker_connections 768;
multi_accept on;
}

http {

    ##
    # Basic Settings
    ##

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    # server_tokens off;

     server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # SSL Settings
    ##

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;

    ##
    # Logging Settings
    ##

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ##
    # Gzip Settings
gzip on;
    gzip_disable "msie6";

    # gzip_vary on;
    # gzip_proxied any;
    # gzip_comp_level 6;
    # gzip_buffers 16 8k;
    # gzip_http_version 1.1;
    # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    ##
    # Virtual Host Configs
    ##

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;

}


#5

i think it was a mistake that i blindly followed the instructions when you do domain.com and www.domain.com !! i thought it is a must to mention in both fields…

the websites that are not working are mujtaba.net edgebasis.com

thanks


#6

I’m getting connection refused on both IPv4 and IPv6 (port 80)
Have you restarted your web server?

Port 443 seems to return 404 not found for all sites.


#7

Yes, it also seems to me that the server isn’t listening on port 80 at all. Is there an nginx error when nginx starts up, perhaps in the error logs in /var/log?


#8

it is starting i tested it
nginx: configuration file /etc/nginx/nginx.conf test is successful


#9

Things look better now.
Please retry the command.


#10

i can see the other websites but not the ssl encrypted website properties.fatpalm.com :slight_smile:
i was seeing this when i was restarting nginx

Jan 05 16:16:53 hostname nginx[5133]: nginx: [emerg] bind() to [::]:443 failed (98: Address already in use)
Jan 05 16:16:54 hostname nginx[5133]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
Jan 05 16:16:54 hostname nginx[5133]: nginx: [emerg] bind() to [::]:443 failed (98: Address already in use)
Jan 05 16:16:55 hostname nginx[5133]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
Jan 05 16:16:55 hostname nginx[5133]: nginx: [emerg] bind() to [::]:443 failed (98: Address already in use)
Jan 05 16:16:55 hostname nginx[5133]: nginx: [emerg] still could not bind()
Jan 05 16:16:55 hostname systemd[1]: nginx.service: Control process exited, code=exited status=1
Jan 05 16:16:55 hostname systemd[1]: Failed to start A high performance web server and a reverse proxy server.
Jan 05 16:16:55 hostname systemd[1]: nginx.service: Unit entered failed state.
Jan 05 16:16:55 hostname systemd[1]: nginx.service: Failed with result ‘exit-code’.

what i did is as follows:
sudo fuser -k 443/tcp

now i cant see the website that i have installed the letsencrypt ssl certificate on

i think there was something to do with this port 443!/


#11

this is the firewall status:

To                         Action      From
--                         ------      ----
27017                      ALLOW IN    45.33.27.142              
20/tcp                     ALLOW IN    Anywhere                  
21/tcp                     ALLOW IN    Anywhere                  
22/tcp                     ALLOW IN    Anywhere                  
80/tcp                     ALLOW IN    Anywhere                  
3000/tcp                   ALLOW IN    Anywhere                  
3000/udp                   ALLOW IN    Anywhere                  
27017/tcp                  ALLOW IN    Anywhere                  
3001/tcp                   ALLOW IN    Anywhere                  
3306/tcp                   ALLOW IN    Anywhere                  
3306                       ALLOW IN    Anywhere                  
8080/tcp                   ALLOW IN    Anywhere                  
8080                       ALLOW IN    Anywhere                  
443/tcp                    ALLOW IN    Anywhere                  
443                        ALLOW IN    Anywhere                  
80,443/tcp                 ALLOW IN    Anywhere                  
20/tcp (v6)                ALLOW IN    Anywhere (v6)             
21/tcp (v6)                ALLOW IN    Anywhere (v6)             
22/tcp (v6)                ALLOW IN    Anywhere (v6)             
80/tcp (v6)                ALLOW IN    Anywhere (v6)             
3000/tcp (v6)              ALLOW IN    Anywhere (v6)             
3000/udp (v6)              ALLOW IN    Anywhere (v6)             
27017/tcp (v6)             ALLOW IN    Anywhere (v6)             
3001/tcp (v6)              ALLOW IN    Anywhere (v6)             
3306/tcp (v6)              ALLOW IN    Anywhere (v6)             
3306 (v6)                  ALLOW IN    Anywhere (v6)             
8080/tcp (v6)              ALLOW IN    Anywhere (v6)             
8080 (v6)                  ALLOW IN    Anywhere (v6)             
443/tcp (v6)               ALLOW IN    Anywhere (v6)             
443 (v6)                   ALLOW IN    Anywhere (v6)             
80,443/tcp (v6)            ALLOW IN    Anywhere (v6)

#12

okay,
I have a nodejs api process hosted on the domain properties.fatpalm.com and that is using a 443 port.
so when i restarted the node service , the website worked back again (properties.fatpalm.com) and stopped (the access) the other websites!

so we are back to square 1!


#13

Looks like something else is already using port 443.


#14

is it because nodejs is working as a webserver and it uses the same port?


#15

It would seem they are fighting for the same port on the same IP.
You will need to decide which will come first…


#16

Yes, this is very important. A common configuration would be to use the nginx proxy_pass directive to make nginx forward connections to the Node.js process on the local machine. This works well for most cases where you have a Node.js web application with general static web content served by nginx and with HTTPS handled by the nginx service.


#17

thanks everyone, @schoen @rg305
when a front end messes up with back end, crazy things happen!
I was configuring both nginx and node with the same ports 443!
So i made a bypass proxy on nginx and it worked like a charm.

thank you letsencrypt… keep encrypting … life saver for startups…


#18

Hey, I’m glad that turned out to be the problem! Feel free to suggest this idea to other Node devs you may know if they’re wondering about HTTPS, because it seems like this is becoming a very popular solution. (nginx gives you a lot of power on the HTTPS side, if you want it, and the proxy_pass method gives you the ability to develop pretty much all of the application logic in Node.)


closed #19

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.