Ssl validity is upto 20-05-2022 but my website is not opeing in https mode

tkdhanasekar · February 21, 2022, 9:25am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

ssl validity is upto 20 MAY 2022 but my site runs in only not secure mode , not running in https://erp.zhamennagam.in. till prior to 19 FEB 2022 it runs fine in https mode , any clues to fix the issue

My domain is: erp.zhamennagam.in

I ran this command:

It produced this output:

My web server is (include version): nginx version: nginx/1.14.0 (Ubuntu)

The operating system my web server runs on is (include version): "Ubuntu 18.04.5 LTS"

My hosting provider, if applicable, is: digital ocean

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.23.0

9peppe · February 21, 2022, 9:39am

Yes, that's true. crt.sh | 6210177057

But it doesn't throw errors, it goes in timeout. Like if there wasn't a server at all.

What command did you run to get and renew the certificate?

Show us the output of certbot certificates and show us the output of grep -ir listen /etc/nginx and grep -ir ssl /etc/nginx

tkdhanasekar · February 21, 2022, 9:54am

$ sudo certbot certificates

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: erp.zhamennagam.in
    Serial Number: 4625d4ccc6d35a098ef716144e5b0e77988
    Key Type: RSA
    Domains: erp.zhamennagam.in udhayamerp.zhamennagam.in umrkterp.zhamennagam.in
    Expiry Date: 2022-05-20 22:13:51+00:00 (VALID: 88 days)
    Certificate Path: /etc/letsencrypt/live/erp.zhamennagam.in/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/erp.zhamennagam.in/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

$ grep -ir listen /etc/nginx

/etc/nginx/sites-available/default:	listen 80 default_server;
/etc/nginx/sites-available/default:	listen [::]:80 default_server;
/etc/nginx/sites-available/default:	# listen 443 ssl default_server;
/etc/nginx/sites-available/default:	# listen [::]:443 ssl default_server;
/etc/nginx/sites-available/default:#	listen 80;
/etc/nginx/sites-available/default:#	listen [::]:80;
/etc/nginx/nginx.conf:#		listen     localhost:110;
/etc/nginx/nginx.conf:#		listen     localhost:143;

$ grep -ir ssl /etc/nginx

/etc/nginx/sites-available/default:	# SSL configuration
/etc/nginx/sites-available/default:	# listen 443 ssl default_server;
/etc/nginx/sites-available/default:	# listen [::]:443 ssl default_server;
/etc/nginx/sites-available/default:	# Note: You should disable gzip for SSL traffic.
/etc/nginx/sites-available/default:	# Read up on ssl_ciphers to ensure a secure configuration.
/etc/nginx/sites-available/default:	# Self signed certs generated by the ssl-cert package
/etc/nginx/nginx.conf:	# SSL Settings
/etc/nginx/nginx.conf:	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
/etc/nginx/nginx.conf:	ssl_prefer_server_ciphers on;
/etc/nginx/snippets/snakeoil.conf:# Self signed certificates generated by the ssl-cert package
/etc/nginx/snippets/snakeoil.conf:ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
/etc/nginx/snippets/snakeoil.conf:ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;

9peppe · February 21, 2022, 9:56am

Show us this file.

Is there nothing in /etc/nginx/sites-enabled?

Did you switch servers?

tkdhanasekar · February 21, 2022, 10:00am

yes nothing in that file

no i didnot switch server

9peppe · February 21, 2022, 10:03am

Tell me the output of

ss -tlpn | grep ':80 '

ss -tlpn | grep ':443 '

(if there is no ss on ubuntu 18.04, use netstat -tulpn | grep ':80 ' and netstat -tulpn | grep ':443 ')

tkdhanasekar · February 21, 2022, 10:04am

$ ss -tlpn | grep ':80 '
LISTEN 0 511 0.0.0.0:80 0.0.0.0:*

no output its not listen

9peppe · February 21, 2022, 10:06am

what's the sixth column?

this means nginx is not listening on the https port.

MikeMcQ · February 21, 2022, 3:10pm

Might need sudo ss -tlpn | grep ':80' to see sixth column

tkdhanasekar · February 22, 2022, 5:27am

ssl details and server block missing in /etc/nginx/conf.d/erpnext.conf
added the details , now the server runs in https ,

$ sudo ss -tlpn | grep 443
LISTEN   0         511                 0.0.0.0:443              0.0.0.0:*        users:(("nginx",pid=10895,fd=8),("nginx",pid=10893,fd=8))

thanks for the inputs

system · March 24, 2022, 5:27am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Ssl certificate is renewed, but still in website i get website not secure Help	3	500	December 14, 2022
Installed SSL but Not Secure Help	6	806	July 6, 2020
Installed SSL Certificate successfully on a website, still getting the “your connection is not secure” message Help	3	1274	May 17, 2019
Https site not loading Help	5	571	September 28, 2019
The https SSL Certificate is not working for my site. https://shinesbudget.com/#!/budgets Help	12	527	December 14, 2022

Ssl validity is upto 20-05-2022 but my website is not opeing in https mode

Related topics