Nginx Fails to restart after installing SSL with Let's Encrypt

Hi there,

We have installed SSL through the EE Let’s Encrypt with the command ee site update example.com --letsencrypt

We can however not restart Nginx now for the changes to take effect. We are getting the following errors:

Reload : nginx     [Failed]
service nginx reload failed. check issues with `nginx -t` command
franwess@vultr:~$ sudo /etc/init.d/nginx restart
 * Restarting nginx nginx                                                [fail]
franwess@vultr:~$ sudo service nginx restart
 * Restarting nginx nginx                                                [fail]

Could you possibly assist?

Regards Francois Wessels

UPDATE:

We also tried ee stack reload and are getting the follwing:

sudo ee stack reload
[sudo] password for franwess:
Reload : nginx     [Failed]
Reload : php5-fpm  [OK]
Reload : mysql     [OK]
Reload : postfix   [OK]

Unsure what do do next…

Regards Francois Wessels

Here is the output of nginx -t

nginx: [emerg] "limit_req_status" directive is duplicate in /etc/nginx/nginx.conf:111
nginx: configuration file /etc/nginx/nginx.conf test failed

As requested by @harshadyeola

Thank you FW

@francois_wessels

Please check your nginx configuration. you can use this command to check duplicate directive files

grep -Hrn 'limit_req_status' /etc/nginx

@harshadyeola: This is the output of that – would it be possible for you to assist further?

franwess@vultr:~$ sudo grep -Hrn 'limit_req_status' /etc/nginx
/etc/nginx/nginx.conf:28:    limit_req_status 403;

Regards franwess

@harshadyeola: When we ran sudo nginx -t again we got this output:

nginx: [emerg] "limit_req_zone" directive is not allowed here in /etc/nginx/nginx.conf:113

Hope it helps…

Regards franwess

On line 113 we have:

limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;

This was done to implement Fail2Ban – not sure whether it is in the right place though? This was in accordance with your tutorial on implementing fail2ban…

Regards franwess

@francois_wessels

Please remove this for now and check

Ok, I had to remove all the Nginx configs for fail2ban… nginx also restarted as per sudo service nginx restart

Will fail2ban still work as intended without this?

Regards franwess

@harshadyeola: Ok, successfully implemented a second ssl cert. on a second domain on that server. Nginx restart etc. worked perfectly :slight_smile:

Now just worried that Fail2ban will not work as intended – can you make any suggestions here?

Kind regards franwess

@francois_wessels

If you are using EasyEngine you don’t need to add above nginx config.

So your fail2ban config will be working :slight_smile:

Thank you very much, that is good to know :slight_smile: Do I understand it right that you only need to implement the ‘Configuration’ part of this tutorial --> https://easyengine.io/tutorials/nginx/fail2ban/ and not the Nginx part? @harshadyeola

Thanks for your time on this!

franwess

@harshadyeola is the tutorial on Fail2Ban the only requirement for installing Fail2Ban properly with EE? Is there another tutorial that should be followed instead?

I would like to tick this one off so that we now F2B is installed and working properly :slight_smile:

Regards franwess