Strangely seeing nginx welcome page on http with letsencrypt


#1

I’m experiencing a strange issue with my newly installed EasyEngine setup with letsencrypt.

For some reason, when I navigate to the domain name (without http or https) in Chrome, either with or without the www., I get the welcome to nginx page. If I force https, I get my WordPress site.

To make things even stranger, Safari on my Mac and iPhone gets the WordPress site regardless.

Am I doing something wrong here? nginx does seem to be properly configured to force https…


#2

Check if you have a ssl.conf file in /var/www/yourdomain.com/conf/nginx/

   listen 443 ssl http2;
    ssl on;
    ssl_certificate     /etc/letsencrypt/live/yourcert;
    ssl_certificate_key    /etc/letsencrypt/live/yourcert;`

And force ssl with with a file yourdomain-force-ssl.conf in /etc/nginx/conf.d/

	server {
	listen 80;
	server_name yourdomain.com;
	return 301 https://yourdomain.com$request_uri;
}

#3

Thanks for your reply. The two configurations you mentioned are there.

What I find the most strange is that if I enter an incognito window in Chrome (so I’m not dealing with any locally cached pages) and type in “mydomain.com”, I get the nginx welcome page. But if I type in “https://mydomain.com” I get the Wordpress site.


#4

Have your tried service nginx reload ?


#5

Yes. I’m probably going to wipe it and start over… zero clue what’s going on.


#6

Check the /etc/nginx/sites-available/default site, there are maybe an error. Try nginx -t to see if you have an error code


#7

All well with nginx -t… the default config is present under sites-available, with the symlink under sites-enabled (which it should be, correct?). It looks like the stock file to me…

# Default server configuration
#
server {
	listen 80 default_server;
	listen [::]:80 default_server;

	# SSL configuration
	#
	# listen 443 ssl default_server;
	# listen [::]:443 ssl default_server;
	#
	# Self signed certs generated by the ssl-cert package
	# Don't use them in a production server!
	# include snippets/snakeoil.conf;
	#
	# ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE
	# ssl_ciphers HIGH:!aNULL:!MD5;
	# ssl_prefer_server_ciphers on;

	root /var/www/html;

	# Add index.php to the list if you are using PHP
	index index.html index.htm index.nginx-debian.html;

	server_name _;

	location / {
		# First attempt to serve request as file, then
		# as directory, then fall back to displaying a 404.
		try_files $uri $uri/ =404;
	}

	# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
	#
	#location ~ \.php$ {
	#	include snippets/fastcgi-php.conf;
	#
	#	# With php5-cgi alone:
	#	fastcgi_pass 127.0.0.1:9000;
	#	# With php5-fpm:
	#	fastcgi_pass unix:/var/run/php5-fpm.sock;
	#}

	# deny access to .htaccess files, if Apache's document root
	# concurs with nginx's one
	#
	#location ~ /\.ht {
	#	deny all;
	#}
}


# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
#	listen 80;
#	listen [::]:80;
#
#	server_name example.com;
#
#	root /var/www/example.com;
#	index index.html;
#
#	location / {
#		try_files $uri $uri/ =404;
#	}
#}

#8

yes that’s correct. You should try with another browser to see if that’s a simple error, or if it’s your configuration


#9

There’s just no rhyme or reason. On my work computer (Windows 10) Chrome, it is now working consistently. On a virtual machine with Windows 10, it’s coming up with the default nginx page. On my Mac, I’m getting the nginx default page 50% of the time.

I’m at a loss.


#10

In your default config try to comment this line:

listen [::]:80 default_server;

and see if it starts working.

If it does you have problem accessing sites over IPv6 and the above line disables it.

You can read more about it here: Only troubles lately with 16.04 on Linode


#11

Hi tyrro. That absolutely seems to be it. Thanks so much for responding. I added listen [::]:80; to the problem site config after commenting it out under the default config, and now all looks well. Really appreciate it.


#12

Actually, I spoke too soon. Now I get this after I clear my browser cache:

400 Bad Request

The plain HTTP request was sent to HTTPS port

I don’t have much experience with letsencrypt, so I will need to do some more research.


#13