SSL certificate is active but site not working

madhav · June 9, 2023, 8:49am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: api.gosalworks.com

I ran this command: certbot certificates

It produced this output:

As per attached screenshot, certificate is created for api.gosalworks.com but site doesn't load and gives 'This site can’t be reached' error on browser. As it was working for almost one year and stopped working couple of days back. Also, I have tried to recreate the certificate for the same domain but still no luck. My application is down since last two days and seeking for immediate help.

My web server is (include version): nginx version: nginx/1.18.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 22.04 LTS

My hosting provider, if applicable, is: godaddy.com

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.21.0

rg305 · June 9, 2023, 9:19am

Hi @madhav, and welcome to the LE community forum

Where did you run this command?:

If on that same server, please show us the full nginx configuration, with:
sudo nginx -T

MikeMcQ · June 9, 2023, 9:39am

You say you are hosted at godaddy but your DNS is resolving to an Amazon EC2 location. Have you changed your IP address? If you are using AWS EC2 have you checked your security group rules to ensure port 443 is allowed?

madhav · June 9, 2023, 9:59am

Hi @rg305, Thanks for your quick response.

Where did you run this command?:

I ran this command on nginx server

Please check the below nginx configuration.

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

{

	 server_name api.gosalworks.com;
	 access_log      /var/log/nginx/access.log;
	 error_log       /var/log/nginx/error.log;
	 access_log      on;
	 location / {
	             proxy_pass_header Server;
	             proxy_set_header Host $http_host;
	             proxy_redirect off;
	             proxy_set_header X-Real-IP $remote_addr;
	             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	             proxy_set_header X-Scheme $scheme;
	             proxy_pass http://localhost:3800/;
	             proxy_connect_timeout       600;
	             proxy_send_timeout 600;
	             proxy_read_timeout          600;
	             send_timeout                600;
	             client_max_body_size        15M;
	  }
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/api.gosalworks.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/api.gosalworks.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server
{
    if ($host = api.gosalworks.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    server_name api.gosalworks.com;
    listen 80;
    return 404; # managed by Certbot
}

MikeMcQ · June 9, 2023, 1:13pm

Your nginx looks fine.

But, again, have you checked your EC2 Security Group settings to make sure you allow port 443? Because HTTP (port 80) requests to your domain work but HTTPS (port 443) timeout. Or, any firewall settings in Ubuntu itself?

I know you say you host at GoDaddy but your DNS says otherwise:

nmap -p80,443 api.gosalworks.com

Nmap scan report for api.gosalworks.com (100.21.183.139)
rDNS record for 100.21.183.139: ec2-100-21-183-139.us-west-2.compute.amazonaws.com

PORT    STATE    SERVICE
80/tcp  open     http
443/tcp filtered https

filtered means blocked usually by a firewall

madhav · June 10, 2023, 7:11am

Thanks a ton! @MikeMcQ.

There was an issue with EC2 Security Group settings which is resolved.

system · July 10, 2023, 7:11am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.