I have it set up that I access a reverse proxy with nginx which I have a file in sites-available called joshakirby and blahfoobar ect. I can access the rest of the sites fine. I changed Nginx to FULL so both port 80 and 443 should work fine. I get the error that my site is taking too long to load after restarting nginx post SSL install.
My domain is: joshakirby.com
I ran this command:
sudo certbot --authenticator standalone --installer nginx
-d joshakirby.com --pre-hook “service nginx stop” --post-hook "service nginx start"
It produced this output:
Congratulations! You have successfully enabled https://joshakirby.com
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/joshakirby.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/joshakirby.com/privkey.pem
Your cert will expire on 2018-05-02. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the “certonly” option. To non-interactively renew all of
your certificates, run “certbot renew”
Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
If you like Certbot, please consider supporting our work by:
The operating system my web server runs on is (include version):
Ubuntu server 16.04
My hosting provider, if applicable, is:
Local
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No
Port 443, the one used for HTTPS, appears to be blocked by a firewall.
This website appears to be using a home/business cable connection and not a colocated server so the first thing I would suggest you check is that port 443 is forwarded from your router to the server, if necessary.
If the port is forwarded properly or the server is directly connected to the Internet and not through a router, your operating system firewall is probably blocking the port instead. To unblock it, run sudo ufw allow https
$ nmap joshakirby.com -p80,443
Starting Nmap 7.60 ( https://nmap.org ) at 2018-02-01 15:16 MST
Nmap scan report for joshakirby.com (67.193.215.88)
Host is up (0.11s latency).
rDNS record for 67.193.215.88: d67-193-215-88.home3.cgocable.net
PORT STATE SERVICE
80/tcp open http
443/tcp filtered https
Nmap done: 1 IP address (1 host up) scanned in 8.69 seconds
Okay I have installed the reverse proxy and am back to where I should be before SSL certs. Is there a guide for let’s crypt with the new method you know of for multiple sites/subdomains on the same install?
If you are using certbot 0.21.0 or later (you can check with certbot --version) you can just run:
sudo certbot --nginx
and it will read your nginx configuration and prompt you to get certificates for all your domains.
If you are using an older version of certbot, such as the one currently shipped by Ubuntu, due to a security issue that command won’t work, and you will need to run a slightly different command that will ask more questions: