Unable to connect to sub.domain.com after enable SSL (website with subdomain host on different server)

My domain is: mydomain.com

I use hestiacp to enable SSL for mydomain.com (letsencrypt) and it works (LEMP stack - laravel 8)
My server is a Shared CPU VPS from Linode running Ubuntu 20.04. I call it LinServer.

I run another Virtual box Ubuntu 20.04 on my desktop and install LEMP stack manually. Call this VServer. I'm using static IP from ISP so I forward port 80 and 22 on my router to my VServer (static private IP). Then I created a test website on VServer.

Then I use Linode Domain manager to add an A record
Hostname: sub
IP Address: VServer IP
TTL: 30 seconds

Now I can access my test website at sub.mydomain.com. Everything look good.
Then on VServer I want to enable SSL for sub.mydomain.com.

I run these command:

sudo add-apt-repository universe && sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update && sudo apt-get install certbot python-certbot-nginx
sudo certbot --nginx -d sub.mydomain.com

It produce this result

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for sub.mydomain.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/test

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/test

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://sub.mydomain.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=sub.mydomain.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/sub.mydomain.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/sub.mydomain.com/privkey.pem
   Your cert will expire on 2022-01-10. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Look good. But I can't access sub.mydomain.com anymore. I also follow the link www.ssllabs.com... to test SSL. But it says :
SSL Report: sub.mydomain.com (VServer IP)
Assessment failed: Unable to connect to the server

I have root access to both servers (LinServer and VServer)
I hope someone can help me to resolve this problem and this topic could help someone else in the same situation. Thanks in advance

Hello @cubicasa,

Did you forward port 443 on your router to your VServer? Did you allow port 443 in your VServer's firewall?

Cheers,
sahsanu

3 Likes

Oh rightttt, your word enlightens me. Thank you so much

2 Likes