So I've setup LetsEncrypt on my Nginx server but cannot connect over https. If I run
curl https://my.domain.com
Then I get the error
curl: (7) Failed to connect to my.domain.com port 443: Connection refused
So for some reason my Nginx server is not listening on port 443. If I run 'sudo netstat -anltp' then I can definitely see this
tcp 0 0 0.0.0.0:4747 0.0.0.0:*
LISTEN 16145/sshd
tcp 0 0 0.0.0.0:111 0.0.0.0:*
LISTEN 155/rpcbind
tcp 0 0 0.0.0.0:80 0.0.0.0:*
LISTEN 15413/nginx: master
tcp 0 0 0.0.0.0:25 0.0.0.0:*
LISTEN 507/master
tcp 0 0 168.235.68.234:4747 204.148.137.74:10163
ESTABLISHED 17096/0
tcp6 0 0 :::4747 :::*
LISTEN 16145/sshd
tcp6 0 0 :::111 :::*
LISTEN 155/rpcbind
tcp6 0 0 :::80 :::*
LISTEN 15413/nginx: master
tcp6 0 0 :::25 :::*
LISTEN 507/master
My sites-available config file:
server {
listen 443 default_server ssl;
listen [::]:443 default_server ssl;
root /var/www/my_domain/html/;
index index.html index.htm index.php;
server_name my.domain.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/my_domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my_domain.com/privkey.pem;
location / {
root /var/www/my_domain.com/html/;
index index.html index.php;
}
location /robots.txt/ {
root /var/www/my_domain.com/html/robots.txt;
}
location /.well-known/acme-challenge {
root /var/www/letsencrypt;
}
My Nginx.conf :
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
load_module /etc/nginx/modules/ngx_http_fancyindex_module.so;
events {
worker_connections 1024;
}
http {
include mime.types;
include /etc/nginx/sites-enabled/*;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local]
"$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
# HTTPS server
#
#server {
#listen 443 ssl;
#server_name localhost;
#ssl_certificate
/etc/letsencrypt/live/my.domain.com/fullchain.pem;
#ssl_certificate_key
/etc/letsencrypt/live/my.domain.com/privkey.pem;
#ssl_session_cache shared:SSL:1m;
#ssl_session_timeout 5m;
#ssl_ciphers HIGH:!aNULL:!MD5;
#ssl_prefer_server_ciphers on;
#location / {
#root html;
#index index.html index.htm;
#}
#}
}
My UFW Status :
To Action From
-- ------ ----
22 DENY Anywhere
4747 DENY Anywhere
80 ALLOW Anywhere
443 ALLOW Anywhere
22 (v6) DENY Anywhere (v6)
4747 (v6) DENY Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
Hopefully my two conf files aren't too much of a mess. If anyone has any ideas on why port 443 is being rejected I'd appreciate it. I thought maybe it might have something to do with the location of my .key files but wasn't sure on that. Also running 'nginx -t' works with no errors.
Also yes I'm aware that this post NGINX won't listen on port 443 exists but it was voted 'off topic' because the creator abandoned the post and so no solution was ever found.
Best Answer
Your config file is in the directory
sites-available, but your nginx config includes files fromsites-enabled. You either have to move your file to the correct directory, or, if you prefer the Debian way, create a symlink to your config file insites-enabled. Then restart or reload nginx.