Set up everything but still not working HTTPS

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: ambrola.ge

I ran this command:
certbot certonly -d ambrola.ge *.ambrola.ge

It produced this output:
i got certificares

My web server is (include version):
nginx

The operating system my web server runs on is (include version):nginx/1.14.1

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.10.0

I have gottten certificates through dns challange enabled ssl like this and also pointed to certificate and priv key

For more information on configuration, see:

* Official English Documentation: nginx documentation

* Official Russian Documentation: nginx: документация

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  _;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }

#Settings for a TLS enabled server.

   server {
       listen       443 ssl http2 default_server;
       listen       [::]:443 ssl http2 default_server;
       server_name  _;
       root         /usr/share/nginx/html;

       ssl_certificate "/etc/letsencrypt/live/ambrola.ge/cert.pem";
       ssl_certificate_key "/etc/letsencrypt/live/ambrola.ge/privkey.pem";
       ssl_session_cache shared:SSL:1m;
       ssl_session_timeout  10m;
       ssl_ciphers PROFILE=SYSTEM;
       ssl_prefer_server_ciphers on;

       # Load configuration files for the default server block.
       include /etc/nginx/default.d/*.conf;

       location / {
       }

       error_page 404 /404.html;
           location = /40x.html {
       }

       error_page 500 502 503 504 /50x.html;
           location = /50x.html {
       }
   }

}

still htttps doesn;'t seem to be wokring when i enter ambrola.ge on webbrowser

2

This needs to be pointing to fullchain.pem instead of cert.pem, in order to send the intermediates.

See "Where are my certificates?" in the Certbot documentation for the files that are available.

5 Likes
3

still the same result

4

Qualys SSL Labs shows everything fine now (whereas before it showed that it was missing sending the intermediate):

https://www.ssllabs.com/ssltest/analyze.html?d=ambrola.ge&hideResults=on

You might need to be clearer about what failures you're seeing on which clients/devices.

3 Likes
5

oh yea that got fixed, but still when i browse ambrola.ge i get nginx working fine page but not secured icon

7

Did you try that with https://?
[https://ambrola.ge]

Actually, for me, both [http and https (at least via IPv4)] produce the same nginx start page.
But the secure page is secure.

Here is what Qualys sees: SSL Server Test: ambrola.ge (Powered by Qualys SSL Labs)

3 Likes
8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.