Ssl certificate does not work

Good afternoon. I'm trying to deploy my first website but I'm having problems with SSL. If anyone could help me I would be very grateful.

My domain is: intdrivingacademy.com & www.intdrivingacademy.com

I ran this command: sudo certbot --nginx -d intdrivingacademy.com -d www.intdrivingacademy.com

It produced this output: (Y)es/(N)o: y
Account registered.
Requesting a certificate for intdrivingacademy.com

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/intdrivingacademy.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/intdrivingacademy.com/privkey.pem
This certificate expires on 2024-05-08.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for intdrivingacademy.com to /etc/nginx/sites-enabled/default.conf
Congratulations! You have successfully enabled HTTPS on https://intdrivingacademy.com
We were unable to subscribe you the EFF mailing list because your e-mail address appears to be invalid. You can try again later by visiting https://act.eff.org.

My web server is (include version): nginx version: nginx/1.21.4

The operating system my web server runs on is (include version): Ubuntu 22.04.3 LTS"

My hosting provider, if applicable, is: VPS HOSTINGER

The problem is that apparently I had the certificate without any problem, but when I try to enter my domain I get ERR_SSL_UNRECOGNIZED_NAME_ALERT.

This is my configuration in Nginx
/etc/nginx/sites-available/default
server {

     listen 80;
     server_name intdrivingacademy.com www.intdrivingacademy.com;

     location / {
             proxy_pass http://localhost:4000/;
     }

}
and the configuration that was added after certification in
/etc/nginx/sites-enabled/default.conf
server {
listen 80 default_server;
listen [::]:80 default_server;
ssl_reject_handshake on;
server_name _;
return 444;
}
server {
ssl_reject_handshake on;
server_name intdrivingacademy.com; # managed by Certbot
return 444;

 listen [::]:443 ssl ipv6only=on; # managed by Certbot
 listen 443 ssl; # managed by Certbot
 ssl_certificate /etc/letsencrypt/live/intdrivingacademy.com/fullchain.pem; # managed by Certbot
 ssl_certificate_key /etc/letsencrypt/live/intdrivingacademy.com/privkey.pem; # managed by Certbot
 include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
 ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}server {
if ($host = intdrivingacademy.com) {
return 301 https://$host$request_uri;
} # managed by Certbot

listen 80 ;
listen [::]:80 ;
server_name intdrivingacademy.com;
return 404; # managed by Certbot

}
I would be very grateful if anyone can help me. I'm new to this, and I've been trying to solve it for two days. I have reset my vps and reinstalled everything but I always get the same error when accessing my domain

Your problem is just a poorly coded nginx server. When you used certbot --nginx it got confused by your prior config and made it worse.

Let's start by changing the above 4 lines to be just these 2 lines. Then reload nginx and it should start working better.

server {
server_name intdrivingacademy.com www.intdrivingacademy.com;

However, there is still (much) more to do. This is just the first step.

Then, after restarting show us the output of this command

sudo nginx -T

An upper case T is essential. Please use 3 backticks before and after the (long) output for best formatting.

Hello Mike, I thank you with all my soul for being able to help me. This is what the command gives me.

root@srv471375:/etc/nginx/sites-enabled# sudo nginx -T

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
user root;
worker_processes auto;
pid /run/nginx.pid;
worker_rlimit_nofile 8192;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 2000;
    # multi_accept on;
}

http {

    ##
    # Basic Settings
    ##

    geoip_country /etc/nginx/geoip/GeoIP.dat; # the country IP database
    geoip_city    /etc/nginx/geoip/GeoLiteCity.dat; # the city IP database

    real_ip_recursive on;

    set_real_ip_from 127.0.0.1;
    set_real_ip_from 10.0.0.0/8;
    set_real_ip_from 172.16.0.0/12;
    set_real_ip_from 192.168.0.0/16;
    set_real_ip_from 0.0.0.0/0;
    #real_ip_header X-Forwarded-For;

    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

    log_format cloudflare '$http_cf_connecting_ip - $remote_user [$time_local] "$request" '
                          '$status $body_bytes_sent "$http_referer" '
                          '"$http_user_agent" "$http_x_forwarded_for"';

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;

    client_body_buffer_size  1K;
    client_header_buffer_size 1k;
    client_max_body_size 64M;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    server_tokens off;
    port_in_redirect off;
    access_log off;

    map $scheme $fastcgi_https { ## Detect when HTTPS is used
      default off;
      https on;
    }

    include /etc/nginx/blocked_ips;

    pagespeed off;
    pagespeed XHeaderValue 1;

    ##
    # Security Settings
    ##

    #add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    #add_header Content-Security-Policy "img-src 'self' data:;";
    add_header X-Permitted-Cross-Domain-Policies master-only;
    add_header Referrer-Policy same-origin;
    #add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), sync-xhr=(self 'https://haveibeenpwned.com/' 'https://twofactorauth.org/%27), usb=(), vr=()";

    ##
    # SSL Settings
    ##

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_session_cache builtin:1000 shared:SSL:10m;
    ssl_session_timeout 10m;
    ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
    ssl_prefer_server_ciphers on;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_dhparam /etc/nginx/ssl/dhparams.pem;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # Logging Settings
    ##

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ##
    # Limit the requests for php
    ##

    limit_req_zone $binary_remote_addr zone=limit:10m rate=1r/s;

    ##
    # Gzip Settings
    ##

    gzip on;
    gzip_disable "msie6";
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 8;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript image/png image/gif image/jpeg application/javascript image/svg+xml;

    ##
    # Brotli Settings
    ##

    brotli on;
    brotli_comp_level 8;
    brotli_static on;
    brotli_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript image/png image/gif image/jpeg application/javascript image/svg+xml;

    ##
    # Virtual Host Configs
    ##

    include /etc/nginx/sites-enabled/*.conf;
}

# configuration file /etc/nginx/modules-enabled/50-mod-http-auth-pam.conf:
load_module modules/ngx_http_auth_pam_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-dav-ext.conf:
load_module modules/ngx_http_dav_ext_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-echo.conf:
load_module modules/ngx_http_echo_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-geoip.conf:
load_module modules/ngx_http_geoip_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-image-filter.conf:
load_module modules/ngx_http_image_filter_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-subs-filter.conf:
load_module modules/ngx_http_subs_filter_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-upstream-fair.conf:
load_module modules/ngx_http_upstream_fair_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf:
load_module modules/ngx_http_xslt_filter_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-mail.conf:
load_module modules/ngx_mail_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-ngx-brotli.conf:
load_module modules/ngx_http_brotli_filter_module.so;
load_module modules/ngx_http_brotli_static_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-ngx-pagespeed.conf:
load_module modules/ngx_pagespeed.so;

# configuration file /etc/nginx/modules-enabled/50-mod-stream.conf:
load_module modules/ngx_stream_module.so;

# configuration file /etc/nginx/blocked_ips:

# configuration file /etc/nginx/mime.types:

types {
    text/html                             html htm shtml;
    text/css                              css;
    text/xml                              xml;
    image/gif                             gif;
    image/jpeg                            jpeg jpg;
    application/javascript                js;
    application/atom+xml                  atom;
    application/rss+xml                   rss;

    text/mathml                           mml;
    text/plain                            txt;
    text/vnd.sun.j2me.app-descriptor      jad;
    text/vnd.wap.wml                      wml;
    text/x-component                      htc;

    image/png                             png;
    image/tiff                            tif tiff;
    image/vnd.wap.wbmp                    wbmp;
    image/x-icon                          ico;
    image/x-jng                           jng;
    image/x-ms-bmp                        bmp;
    image/svg+xml                         svg svgz;
    image/webp                            webp;

    application/font-woff                 woff;
    application/java-archive              jar war ear;
    application/json                      json;
    application/mac-binhex40              hqx;
    application/msword                    doc;
    application/pdf                       pdf;
    application/postscript                ps eps ai;
    application/rtf                       rtf;
    application/vnd.apple.mpegurl         m3u8;
    application/vnd.ms-excel              xls;
    application/vnd.ms-fontobject         eot;
    application/vnd.ms-powerpoint         ppt;
    application/vnd.wap.wmlc              wmlc;
    application/vnd.google-earth.kml+xml  kml;
    application/vnd.google-earth.kmz      kmz;
    application/x-7z-compressed           7z;
    application/x-cocoa                   cco;
    application/x-java-archive-diff       jardiff;
    application/x-java-jnlp-file          jnlp;
    application/x-makeself                run;
    application/x-perl                    pl pm;
    application/x-pilot                   prc pdb;
    application/x-rar-compressed          rar;
    application/x-redhat-package-manager  rpm;
    application/x-sea                     sea;
    application/x-shockwave-flash         swf;
    application/x-stuffit                 sit;
    application/x-tcl                     tcl tk;
    application/x-x509-ca-cert            der pem crt;
    application/x-xpinstall               xpi;
    application/xhtml+xml                 xhtml;
    application/xspf+xml                  xspf;
    application/zip                       zip;

    application/octet-stream              bin exe dll;
    application/octet-stream              deb;
    application/octet-stream              dmg;
    application/octet-stream              iso img;
    application/octet-stream              msi msp msm;

    application/vnd.openxmlformats-officedocument.wordprocessingml.document    docx;
    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet          xlsx;
    application/vnd.openxmlformats-officedocument.presentationml.presentation  pptx;

    audio/midi                            mid midi kar;
    audio/mpeg                            mp3;
    audio/ogg                             ogg;
    audio/x-m4a                           m4a;
    audio/x-realaudio                     ra;

    video/3gpp                            3gpp 3gp;
    video/mp2t                            ts;
    video/mp4                             mp4;
    video/mpeg                            mpeg mpg;
    video/quicktime                       mov;
    video/webm                            webm;
    video/x-flv                           flv;
    video/x-m4v                           m4v;
    video/x-mng                           mng;
    video/x-ms-asf                        asx asf;
    video/x-ms-wmv                        wmv;
    video/x-msvideo                       avi;
}

# configuration file /etc/nginx/sites-enabled/default.conf:
server {
  listen 80 default_server;
  listen [::]:80 default_server;
  ssl_reject_handshake on;
  server_name _;
  return 444;
}
server {

    server_name intdrivingacademy.com www.intdrivingacademy.com;

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/intdrivingacademy.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/intdrivingacademy.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}server {
    if ($host = intdrivingacademy.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


  listen 80 ;
  listen [::]:80 ;
    server_name intdrivingacademy.com;
    return 404; # managed by Certbot


}

# configuration file /etc/letsencrypt/options-ssl-nginx.conf:
# This file contains important security parameters. If you modify this file
# manually, Certbot will be unable to automatically provide future security
# updates. Instead, Certbot will print and log an error message with a path to
# the up-to-date file that you will need to refer to when manually updating
# this file.

ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 1440m;
ssl_session_tickets off;

ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;

ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";

root@srv471375:/etc/nginx/sites-enabled#

In the above set of lines:

1. Make the server_name:
   server_name intdrivingacademy.com www.intdrivingacademy.com;
2. Add below 3 lines after the similar 3 lines for intdrivingacademy.
3. Restart nginx again.

if ($host = www.intdrivingacademy.com) {
return 301 https://$host$request_uri;
} # managed by Certbot

Then, show output of this

sudo certbot certificates

I made the modifications you mentioned but I have a new error when restarting nginx

server {
listen 80 default_server;
listen [::]:80 default_server;
ssl_reject_handshake on;
server_name _;
return 444;
}

server {

server_name intdrivingacademy.com www.intdrivingacademy.com;

listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/intdrivingacademy.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/intdrivingacademy.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {

server_name intdrivingacademy.com www.intdrivingacademy.com;

if ($host = intdrivingacademy.com) {
    return 301 https://$host$request_uri;
} # managed by Certbot

if ($host = www.intdrivingacademy.com {
    return 301 https://$host$request_uri;
} # managed by Certbot


listen 80 ;
listen [::]:80 ;
server_name intdrivingacademy.com;
return 404; # managed by Certbot

}
root@srv471375:/etc/nginx/sites-enabled# sudo systemctl restart nginx
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xeu nginx.service" for details.
root@srv471375:/etc/nginx/sites-enabled# nano default.conf

root@srv471375:/etc/nginx/sites-enabled# sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Found the following certs:
Certificate Name: intdrivingacademy.com
Serial Number: 323b8585accf722466340c42e27c783714f
Key Type: RSA
Domains: intdrivingacademy.com
Expiry Date: 2024-05-08 03:17:51+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/intdrivingacademy.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/intdrivingacademy.com/privkey.pem

root@srv471375:/etc/nginx/sites-enabled#

Oh, we can look at the detailed messages but it is likely the duplicate server_name.

In this group delete the server_name with just the one domain name in it.

I'll be stepping away for a bit. But, there is still work to resolve your cert.

Your only active cert on your system has just the one domain name in it. I see you got certs with both names earlier so we need to get that setup again. It's possible you are rate limited so that may take time.

Others will be able to help or I will check in later.

server {
  listen 80 default_server;
  listen [::]:80 default_server;
  ssl_reject_handshake on;
  server_name _;
  return 444;
}

server {

    server_name intdrivingacademy.com www.intdrivingacademy.com;

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/intdrivingacademy.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/intdrivingacademy.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    server_name intdrivingacademy.com ;

    if ($host = intdrivingacademy.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = www.intdrivingacademy.com {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80 ;
    listen [::]:80 ;
    server_name intdrivingacademy.com;
    return 404; # managed by Certbot


}

I'm sorry but I don't get it.
Should you delete the entire line or just the one with www.
If I leave it as the previous configuration I get the same error

The job for nginx.service failed because the control process ended with an error code.

and I removed the server_name line and I still get the same error like that

server {
listen 80 default_server;
listen [::]:80 default_server;
ssl_reject_handshake on;
server_name _;
return 444;
}

server {

server_name intdrivingacademy.com www.intdrivingacademy.com;

listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/intdrivingacademy.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/intdrivingacademy.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {

if ($host = intdrivingacademy.com) {
    return 301 https://$host$request_uri;
} # managed by Certbot

if ($host = www.intdrivingacademy.com {
    return 301 https://$host$request_uri;
} # managed by Certbot


listen 80 ;
listen [::]:80 ;
server_name intdrivingacademy.com;
return 404; # managed by Certbot

}

I was checking my history and I put this command
sudo certbot --nginx -d intdrivingacademy.com

because when I put sudo certbot --nginx -d intdrivingacademy.com 1 -d www.intdrivingacademy.com I got this error

(E)xpand/(C)ancel: e
Renewing an existing certificate for intdrivingacademy.com and www.intdrivingacademy.com
An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: intdrivingacademy.com,www.intdrivingacademy.com, retry after 2024-02-09T10:25:55Z: see Duplicate Certificate Limit - Let's Encrypt
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
root@srv471375:/etc/nginx/sites-enabled#

Excuse me for the confusion

It should look like above. You can only have one server_name line which includes all your domains. You want your server block server_name for port 80 to be the same as you have for port 443.

If the above change does not start correctly please show output of these:

ooh I see, I hadn't seen what you mean that there were two server_names in the same block

server {
listen 80 default_server;
listen [::]:80 default_server;
ssl_reject_handshake on;
server_name _;
return 444;
}

server {

server_name intdrivingacademy.com www.intdrivingacademy.com;

listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/intdrivingacademy.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/intdrivingacademy.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {

server_name intdrivingacademy.com www.intdrivingacademy.com;

if ($host = intdrivingacademy.com) {
    return 301 https://$host$request_uri;
} # managed by Certbot

if ($host = www.intdrivingacademy.com {
    return 301 https://$host$request_uri;
} # managed by Certbot


listen 80 ;
listen [::]:80 ;
return 404; # managed by Certbot

}
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xeu nginx.service" for details.
root@srv471375:/etc/nginx/sites-enabled#

root@srv471375:/etc/nginx/sites-enabled# systemctl status nginx.service
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since Thu 2024-02-08 22:24:43 UTC; 180ms ago
Docs: man:nginx(8)
Process: 27870 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=1/FAILURE)
CPU: 42ms
root@srv471375:/etc/nginx/sites-enabled#

root@srv471375:/etc/nginx/sites-enabled# journalctl -xeu nginx.service
░░ The job identifier is 105026 and the job result is failed.
Feb 08 22:26:49 srv471375 systemd[1]: nginx.service: Scheduled restart job, restart counter is at 123.
░░ Subject: Automatic restarting of a unit has been scheduled
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ Automatic restarting of the unit nginx.service has been scheduled, as the result for
░░ the configured Restart= setting for the unit.
Feb 08 22:26:49 srv471375 systemd[1]: Stopped A high performance web server and a reverse proxy server.
░░ Subject: A stop job for unit nginx.service has finished
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A stop job for unit nginx.service has finished.
░░
░░ The job identifier is 105107 and the job result is done.
Feb 08 22:26:49 srv471375 systemd[1]: Starting A high performance web server and a reverse proxy server...
░░ Subject: A start job for unit nginx.service has begun execution
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit nginx.service has begun execution.
░░
░░ The job identifier is 105107.
Feb 08 22:26:49 srv471375 nginx[27918]: nginx: [emerg] invalid condition "www.intdrivingacademy.com" in /etc/nginx/sites-enabled/default.conf:29
Feb 08 22:26:49 srv471375 nginx[27918]: nginx: configuration file /etc/nginx/nginx.conf test failed
Feb 08 22:26:49 srv471375 systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ An ExecStartPre= process belonging to unit nginx.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 1.
Feb 08 22:26:49 srv471375 systemd[1]: nginx.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ The unit nginx.service has entered the 'failed' state with result 'exit-code'.
Feb 08 22:26:49 srv471375 systemd[1]: Failed to start A high performance web server and a reverse proxy server.
░░ Subject: A start job for unit nginx.service has failed
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit nginx.service has finished with a failure.
░░
░░ The job identifier is 105107 and the job result is failed.
lines 5828-5875/5875 (END)

Hmmm. Can you post the contents of /etc/nginx/sites-enabled/default.conf

And please add 3 backticks before and after the contents for best formatting. Like
```
nginx config data
```
(on US keyboard a backtick is usually just under the escape key and shares with the tilde)

I already saw what the problem was, I was missing a ) in the if. Now the command root@srv471375:/etc/nginx/sites-enabled# sudo systemctl restart nginx now works
root@srv471375:/etc/nginx/sites-enabled#
This is the file we've been looking at
/etc/sites-enabled-default.conf

server {
listen 80 default_server;
listen [::]:80 default_server;
ssl_reject_handshake on;
server_name _;
return 444;
}

server {

server_name intdrivingacademy.com www.intdrivingacademy.com;

listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/intdrivingacademy.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/intdrivingacademy.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {

server_name intdrivingacademy.com www.intdrivingacademy.com;

if ($host = intdrivingacademy.com) {
    return 301 https://$host$request_uri;
} # managed by Certbot

if ($host = www.intdrivingacademy.com) {
    return 301 https://$host$request_uri;
} # managed by Certbot


listen 80 ;
listen [::]:80 ;
return 404; # managed by Certbot

}

WOWWW Thank you very much!! Finally the domain is already in charge but the sample is the html of nginx and that of my nodejs and react is not, and I had it configured like this in nginx
/etc/nginx/sites-available/default

server {

  listen 80;
  server_name intdrivingacademy.com www.intdrivingacademy.com;

  location / {
          proxy_pass http://localhost:4000/;
  }

}

Okay. The good news is HTTP and HTTPS are now working for your root domain.

The www subdomain redirects HTTP requests to HTTPS as it should. But, the cert used by nginx only has your root name in it so gets a warning about "insecure" from browsers.

Your current Certbot set of certs only has your root name in it. And, we won't be able to get a new cert for both names because you already got your Rate Limit (5/week with identical set of names). You can see your cert history at a site like crt.sh (link here)

So, we can't fully fix your situation but we can test to make sure you are in good shape for next week.

What does this show? (it is only a test, it will not affect your production cert)

sudo certbot certonly --nginx -d intdrivingacademy.com -d www.intdrivingacademy.com

Your port 443 (HTTPS) server block is now handling requests. So, you need to move your proxy statement to that server block.

Configuring your nginx for whatever app you want is up to you. There is some learning curve involved. Perhaps a large learning curve.

I just wanted to get your setup working so you can manage your Let's Encrypt certs. And, as my prior post points out we can't quite finish that because you got yourself Rate Limited (see details here).

Mike you are the best. I really appreciate you taking your time to help me, anything you need about driver's licenses in Florida let me know.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.