When I obtained a new certificate, the certificates are generated, the nginx server config for the vhost is updated, yet when I access the HTTPS server seems to reset connection during loading.
Is anyone having this issue, or knows how to fix it ? Thanks !
server:
server {
listen 80;
root /home/elkinoo_tv/web/;
index index.html index.htm;
server_name elkinoo.tv www.elkinoo.tv;
location /home/elkinoo_tv/web {
try_files $uri $uri/ index.html;
}
location ~ \/(src\/assets\/.*) {
try_files $uri $uri/ =404;
}
location ~ \/(node_modules\/|src\/|package(-lock)?.json|README.md|webpack.config.js) {
return 404;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/elkinoo.tv-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/elkinoo.tv-0001/privkey.pem; # managed by Certbot
ssl_session_cache shared:le_nginx_SSL:1m; # managed by Certbot
ssl_session_timeout 1440m; # managed by Certbot
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # managed by Certbot
ssl_prefer_server_ciphers on; # managed by Certbot
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-A$
}
https://www.ssllabs.com/ssltest/analyze.html?d=elkinoo.tv
https://crt.sh/?q=elkinoo.tv
My domain is: elkinoo.tv
I ran this command: certbot --authenticator webroot --webroot-path /home/elkinoo_tv/web/ --installer nginx -d elkinoo.tv
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Cert not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/elkinoo.tv-0001.conf)
What would you like to do?
-------------------------------------------------------------------------------
1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Keeping the existing certificate
Deployed Certificate to VirtualHost /etc/nginx/sites-enabled/elkinoo.tv for set(['www.elkinoo.tv', 'elkinoo.tv'])
Please choose whether HTTPS access is required or optional.
-------------------------------------------------------------------------------
1: Easy - Allow both HTTP and HTTPS access to these sites
2: Secure - Make all requests redirect to secure HTTPS access
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
-------------------------------------------------------------------------------
Congratulations! You have successfully enabled https://elkinoo.tv
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=elkinoo.tv
-------------------------------------------------------------------------------
My web server is (include version): Nginx 1.10.3
The operating system my web server runs on is (include version): Debian 9
My hosting provider, if applicable, is: /
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no