Let´s Encrypt + Nginx reverse proxy

My domain is: possumus.cloud

I ran this command:
–> sudo certbot --nginx

It produced this output:

Congratulations! You have successfully enabled

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=staging.servidoresevangelio.possumus.cloud


IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/staging.servidoresevangelio.possumus.cloud/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/staging.servidoresevangelio.possumus.cloud/privkey.pem
    Your cert will expire on 2020-08-26. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot again
    with the “certonly” option. To non-interactively renew all of
    your certificates, run “certbot renew”

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

My web server is (include version):

The operating system my web server runs on is (include version): Debian 10

My hosting provider, if applicable, is: Local Server

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.31.0

Good day dear and I hope you can help me

I need to generate a Lets Encrypt certificate for the staging.servidoresevangelio.possumus.cloud subdomain. This domain is pointing to the public IP of my Reverse Proxy.

The certificate could be generated without problems with “sudo certbot --nginx”

My virtual host at nginex is:

server {
server_name staging.servidoresevangelio.possumus.cloud;
location / {
proxy_pass http://192.168.223.202:80;
proxy_set_header X-Real-IP remote_addr; proxy_set_header Host http_host;

    }

listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/staging.servidoresevangelio.possumus.cloud/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/staging.servitoresevangelio.possumus.cloud/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

My website is made in Wordpress and attaching the plugin “Really Simple SSL” it fails to detect the certificate.

However, I managed to get to the site with HTTPS but the CSS of the website is broken.

In the information on the site I can see that the website takes my Let´s Encrypt certificate but my Wordpress does not detect it.

1 Like

Hi @possumus

that’s not a nginx or a general Wordpress problem.

Your site uses the certificate, so that part has worked.

It’s only mixed content - see https://check-your-website.server-daten.de/?q=staging.servidoresevangelio.possumus.cloud#html-content

You have a lot of links with http, that’s wrong.

http://staging.servidoresevangelio.possumus.cloud/wp-content/cache/autoptimize/autoptimize_fbdf9e63879bdfc774ba415ceced3afb.php

So that stylesheet and other links are blocked.

Change these links.

  • relative links (start with /) (or)
  • absolute links with your domain name

But that’s more a WordPress problem how to change that. Your WordPress must know that you use a certificate and that all content is loaded via https + your domain name.

PS: Your certificate

CN=staging.servidoresevangelio.possumus.cloud
	28.05.2020
	26.08.2020
expires in 90 days	staging.servidoresevangelio.possumus.cloud - 1 entry

is ok.

3 Likes

Thank you very much for the quick answer

I have kept in mind the issue of mixed content on the site. However, I did not understand why the “Really Simple SSL” plugin does not recognize the certificate. In previous experiences, when the plugin detects the SSL certificate, it enables you to reload the site with HTTPS.

I’m going to try to fix the mixed content issue first and see if it gets resolved.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.