Trying to get website running locally and securely


#1

I have a website online which works and has letsencrypt security certificates. I am trying to run it locally.

When I try

I get

Cannot find a VirtualHost matching domain backend.ultimaterehabestimator.com. In order for Certbot to correctly perform the challenge please add a corresponding server_name directive to your nginx configuration: https://nginx.org/en/docs/http/server_names.html

But I have this:

server {
listen 443 ssl;
listen [::]:443 ssl;
server_name backend.ultimaterehabestimator.com;

        ssl_certificate /etc/letsencrypt/live/ultimaterehab.charstarstar.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/ultimaterehab.charstarstar.com/privkey.pem;
        ssl_trusted_certificate /etc/letsencrypt/live/ultimaterehab.charstarstar.com/fullchain.pem;

        location / {
            proxy_pass http://127.0.0.1:4567;
        }
    }

in my nginx.conf file (and I restarted it after adding it)


#2

@erica, would you mind taking a look at this?


#3

Also, if you’re doing this for local development and testing, could you use a self-signed certificate instead of a new publicly-trusted certificate? This is usually a reasonable option when you’re the only one who will access the server. (For “realism”, you could even choose to save the self-signed certificate in the same path where the Let’s Encrypt certificate goes on the production server.)


#4

Thanks for the reply.

I’m using something called ngrok which allows me to easily put locally running websites online.


#5

Would you mind posting:

  • the entire contents of your nginx.conf file
  • the results of tree /etc/nginx/
  • the results of nginx -t

Also, I don’t know how ngrok works, but I’d honestly be surprised if it works with Certbot out of the box, because Certbot is designed to run on the server that’s hosting the site.


#6

If I can’t use Certbot I can use digital ocean (but I’m not sure if just an IP would work).

nginx -t fails unless I use sudo, it gives me:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

here is the tree:

/etc/nginx/
├── conf.d
├── fastcgi.conf
├── fastcgi_params
├── koi-utf
├── koi-win
├── mime.types
├── modules-available
├── modules-enabled
│ ├── 50-mod-http-geoip.conf -> /usr/share/nginx/modules-available/mod-http-geoip.conf
│ ├── 50-mod-http-image-filter.conf -> /usr/share/nginx/modules-available/mod-http-image-filter.conf
│ ├── 50-mod-http-xslt-filter.conf -> /usr/share/nginx/modules-available/mod-http-xslt-filter.conf
│ ├── 50-mod-mail.conf -> /usr/share/nginx/modules-available/mod-mail.conf
│ └── 50-mod-stream.conf -> /usr/share/nginx/modules-available/mod-stream.conf
├── nginx.conf
├── proxy_params
├── scgi_params
├── sites-available
│ └── default
├── sites-enabled
│ └── default -> /etc/nginx/sites-available/default
├── snippets
│ ├── fastcgi-php.conf
│ ├── self-signed.conf
│ ├── snakeoil.conf
│ └── ssl-params.conf
├── uwsgi_params
└── win-utf

and here’s the file:

user www-data;
worker_processes 3;
pid /run/nginx.pid;

events {
worker_connections 768;
# multi_accept on;
}

http {

    ## 
    # Basic Settings 
    ## 

    sendfile on; 
    tcp_nopush on; 
    tcp_nodelay on; 
    keepalive_timeout 65; 
    types_hash_max_size 2048; 
    # server_tokens off; 

    # server_names_hash_bucket_size 64; 
    # server_name_in_redirect off; 

    include /etc/nginx/mime.types; 
    default_type application/octet-stream; 

    ## 
    # SSL Settings 
    ## 

    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;

    ssl_protocols TLSv1.2;
    ssl_ciphers EECDH+AESGCM:EECDH+AES;
    ssl_ecdh_curve secp384r1;
    ssl_prefer_server_ciphers on;

    ssl_stapling on;
    ssl_stapling_verify on;

    add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload";
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;

    ## 
    # Logging Settings 
    ## 

    access_log /var/log/nginx/access.log; 
    error_log /var/log/nginx/error.log; 

    ## 
    # Gzip Settings 
    ## 

    gzip on; 
    gzip_disable "msie6"; 

    # gzip_vary on; 
    # gzip_proxied any; 
    # gzip_comp_level 6; 
    # gzip_buffers 16 8k; 
    # gzip_http_version 1.1; 
    # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; 

    ## 
    # Virtual Host Configs 
    ## 

    # include /etc/nginx/conf.d/*.conf; 
    # include /etc/nginx/sites-enabled/*; 

    server {
        listen 80 default_server;
        listen [::]:80 default_server ipv6only=on;
        server_name domain.com.com;

        location / {
            return 301 https://domain.com$request_uri;
        }
    }

server {

# SSL configuration

listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;

}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name backend.domain.com.com;

        ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
        ssl_trusted_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;

        location / {
            proxy_pass http://127.0.0.1:4567;
        }
    }
    server {
        listen 5000 ssl;
        listen [::]:5000 ssl;
        server_name backend.domain.com.com;

        ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
        ssl_trusted_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;

        location / {
            proxy_pass http://127.0.0.1:4567;
        }
    }

    server {
        listen 444 ssl;
        listen [::]:444 ssl;
        server_name domain.com;

        ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
        ssl_trusted_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;

        location / {
            proxy_pass http://127.0.0.1:5000;
        }
    }

}


#7

So it looks like this server block is the one you’re hoping to install a cert into, is that right? There’s no server-name directive in this block. Unless you’re trying to get a cert for backend.domain.com?

server {

# SSL configuration

listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;

}

#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.