NGINX SSL Certificate Not Working

nginxsslUbuntu

I've been working on SSL stuff and getting nowhere from like 4 tutorials…
I've bought an SSL for pingrglobe.com, and now trying to apply it to my servers.
Here's my nginx code:

    http {
      server {
            listen 80;

            server_name pingrglobe.com;
            rewrite ^(.*) http://www.pingrglobe.com$1 permanent;
      }
      server {
        listen 443;
        ssl on;
        ssl_certificate /etc/nginx/ssl/pingrglobe.crt;
        ssl_certificate_key /etc/nginx/ssl/pingrglobe.key;
        #enables SSLv3/TLSv1, but not SSLv2 which is weak and should no longer be used.
        ssl_protocols SSLv3 TLSv1;
        #Disables all weak ciphers
        ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM;
        server_name www.pingrglobe.com;

            root /var/www/pingrglobe.com;
            index index.html index.php;

            location / {
                try_files $uri $uri/ @extensionless-php;
                add_header Access-Control-Allow-Origin *;
            }

            rewrite ^/blog/blogpost/(.+)$ /blog/blogpost?post=$1 last;  
            rewrite ^/viewticket/(.+)/(.*)$ /viewticket?tid=$1&$2 last;
            rewrite ^/vemail/(.+)$ /vemail?eid=$1 last;
            rewrite ^/serversettings/(.+)$ /serversettings?srvid=$1 last;
            rewrite ^/notification/(.+)$ /notification?id=$1 last;
            rewrite ^/viewreport/(.+)$ /viewreport?srvid=$1 last;
            rewrite ^/removeserver/(.+)$ /removeserver?srvid=$1 last;
            rewrite ^/staffviewticket/(.+)/(.*)$ /staffviewticket?tid=$1&$2 last;
            rewrite ^/activate/(.*)/(.*)/(.*)$ /activate?user=$1&code=$2&email=$3 last;
            rewrite ^/activate2/(.*)/(.*)/(.*)$ /activate2?user=$1&code=$2&email=$3 last;
            rewrite ^/passwordtoken/(.+)/(.*)/(.*)$ /passwordtoken?user=$1&token=$2&email=$3 last;
            location ~ \.php$ {
                try_files $uri =404;
                fastcgi_pass unix:/var/run/php5-fpm.sock;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
            }

            location @extensionless-php {
               rewrite ^(.*)$ $1.php last;
            }

            location ~ /\. {
               deny all;
            }
      }
    }

SSL doesn't work as you see here:
https://www.pingrglobe.com

Best Answer

Replace your existing complete file content with the following at report back what nginx -t is says if you still can't reload.

# Redirect ALL non-https traffic to https
server {
    server_name pingrglobe.com *.pingrglobe.com;
    return 301 https://$server_name$request_uri;
}

# Redirect www to non-www
server {
    listen                 443 ssl;
    server_name            www.pingrglobe.com;
    return 301 $scheme://pingrglobe.com$request_uri;
}

server {
    listen                 443 ssl;
    server_name            pingrglobe.com;
    ssl_certificate        ssl/pingrglobe.crt;
    ssl_certificate_key    ssl/pingrglobe.key;
    ssl_protocols          SSLv3 TLSv1;
    ssl_ciphers            ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM;
    root                   /var/www/pingrglobe.com;
    index                  index.php index.html;

    location / {
        location ~ /\. {
            return 403;
        }

        add_header Access-Control-Allow-Origin *;

        rewrite ^/blog/blogpost/(.+)$ /blog/blogpost?post=$1 last;  
        rewrite ^/viewticket/(.+)/(.*)$ /viewticket?tid=$1&$2 last;
        rewrite ^/vemail/(.+)$ /vemail?eid=$1 last;
        rewrite ^/serversettings/(.+)$ /serversettings?srvid=$1 last;
        rewrite ^/notification/(.+)$ /notification?id=$1 last;
        rewrite ^/viewreport/(.+)$ /viewreport?srvid=$1 last;
        rewrite ^/removeserver/(.+)$ /removeserver?srvid=$1 last;
        rewrite ^/staffviewticket/(.+)/(.*)$ /staffviewticket?tid=$1&$2 last;
        rewrite ^/activate/(.*)/(.*)/(.*)$ /activate?user=$1&code=$2&email=$3 last;
        rewrite ^/activate2/(.*)/(.*)/(.*)$ /activate2?user=$1&code=$2&email=$3 last;
        rewrite ^/passwordtoken/(.+)/(.*)/(.*)$ /passwordtoken?user=$1&token=$2&email=$3 last;

        location ~ \.php$ {
            include          fastcgi_params;
            fastcgi_index    index.php;
            fastcgi_param    PATH_INFO          $fastcgi_path_info;
            fastcgi_param    PATH_TRANSLATED    $document_root$fastcgi_path_info;
            fastcgi_param    SCRIPT_FILENAME    $document_root$fastcgi_script_name;
            fastcgi_param    SCRIPT_NAME        $fastcgi_script_name;
            fastcgi_pass     unix:/var/run/php5-fpm.sock;
            try_files        $uri =404;
        }

        try_files $uri $uri/ @extensionless-php;
    }

    # The try_files directive in the php block mitigates security risks.
    location @extensionless-php {
        rewrite ^(.*)$ $1.php last;
    }

}
Related Topic