The SSL certificate has been generated, but it is not appearing on the website

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: staging.jwero.com

I ran this command: I have created a Python script that automates the entire SSL process. I am attaching the script.
SSL Script.txt (1.3 KB)

sudo python3 script.py and curl -X POST -d 'domain=staging.jwero.com' http://139.59.69.1:5000/configure

It produced this output:

• Serving Flask app 'script'
• Debug mode: off
  WARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead.
• Running on all addresses (0.0.0.0)
• Running on http://127.0.0.1:5000
• Running on http://139.59.69.1:5000
  Press CTRL+C to quit
  Saving debug log to /var/log/letsencrypt/letsencrypt.log
  Requesting a certificate for staging.jwero.comSuccessfully received certificate.
  Certificate is saved at: /etc/letsencrypt/live/staging.jwero.com/fullchain.pem
  Key is saved at: /etc/letsencrypt/live/staging.jwero.com/privkey.pem
  This certificate expires on 2023-09-28.
  These files will be updated when the certificate renews.
  Certbot has set up a scheduled task to automatically renew this certificate in the background.- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  If you like Certbot, please consider supporting our work by:
• Donating to ISRG / Let's Encrypt: Donate - Let's Encrypt
• Donating to EFF: Support EFF's Work on Let's Encrypt | Electronic Frontier Foundation

My web server is (include version): nginx version: nginx/1.25.1

The operating system my web server runs on is (include version): Ubuntu 22.10

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.29.0

The following is attachment file which will need to troubleshoot issue:-
nginx conf.txt (678 Bytes)
staging.jwero.com.conf.txt (320 Bytes)

The cert--specifically, one generated a few hours ago (4 Jul 23 at 1124Z)--is being used by your website, but your SSL virtual host isn't pointing to any content, nor is your web server redirecting HTTP to HTTPS. I presume you intend to serve something on your site other than a 404 error page. You'll need to configure nginx properly to serve your site over HTTPS, and also to redirect HTTP to HTTPS. The nginx docs can help.

Hi @vanshdamania, and welcome to the LE community forum

I see only this one secure vhost config:

server {
        listen         *:443 ssl;
        server_name    staging.jwero.com;
    	ssl_certificate /etc/letsencrypt/live/staging.jwero.com/fullchain.pem; 
    	ssl_certificate_key /etc/letsencrypt/live/staging.jwero.com/privkey.pem; 
        return         301 https://www.staging.jwero.com$request_uri;
}

Where is the one for the "www"?
[both names resolve to the same IP]

I have also include "www" like follows:-

server {
        listen         *:443 ssl;
        server_name    staging.jwero.com www.staging.jwero.com;
    	ssl_certificate /etc/letsencrypt/live/staging.jwero.com/fullchain.pem; 
    	ssl_certificate_key /etc/letsencrypt/live/staging.jwero.com/privkey.pem; 
        return         301 https://www.staging.jwero.com$request_uri;
}

Both name resolves to same IP but its not working.

The Let's Encrypt certificate on both is correct, and is correctly installed. So as @danb35 said, the problem is that your nginx setup isn't correct yet for the site content that you want to serve, but not any problem with the Let's Encrypt certificate or your HTTPS configuration.

If in use, that would create a loop for https://www.staging.jwero.com/*

I have successfully set up everything and it's working perfectly. Are there any improvements I should consider making?

server {
        listen 80;
        server_name staging.jwero.com www.staging.jwero.com;
        return 301 https://staging.jwero.com$request_uri;
    }

    server {
        listen         443 ssl;
        http2          on;
        server_name    www.staging.jwero.com;
        ssl_certificate /etc/letsencrypt/live/staging.jwero.com-0004/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/staging.jwero.com-0004/privkey.pem;
        #return         301 https://staging.jwero.com$request_uri;
    }

    server {
        listen         443 ssl;
        http2          on;
        server_name    staging.jwero.com;
        ssl_certificate /etc/letsencrypt/live/staging.jwero.com-0004/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/staging.jwero.com-0004/privkey.pem;
    }

The separation seems like a step in the right direction.

Seeing a cert with "-0004" seems like something has gone wrong.
We should have a look at the output of:
certbot certificates

The "www" server block now has the redirection disabled.

The last server block is missing a "root" statement.

Can you please tell me in the above code where should i define my root directory?

Something like:

    server {
        listen         443 ssl;
        http2          on;
        server_name    staging.jwero.com;
        root /the/path/to/your/site/content; ###################
        ssl_certificate /etc/letsencrypt/live/staging.jwero.com-0004/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/staging.jwero.com-0004/privkey.pem;
    }

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.