I have an ubuntu server running on linode. and a domain from cloudflare.
I'm running StrapiJs on my Ubuntu server, it's configured and is running on port 8081, then I have nginx on my server to redirect requests from port 80 to 8081.
My domain in cloudflare has A and AAAA which both are pointing to the correct IPs of my linode server.
The only issue is I want to enable Https, so I've tried editing my nginx config along with using certbot, Here's how along with the initial nginx config I used:
initial nginx config /etc/nginx/nginx.conf:
events {
worker_connections 768; # multi_accept on;
}
http {
server {
listen 80;
server_name mydomain;
location / {
proxy_pass http://localhost:8081; # Forward requests to localhost:8081 proxy_set_header Host $host; # Pass the Host header proxy_set_header X-Real-IP $remote_addr; # Pass the client’s real IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # Forward the client's IP
proxy_set_header X-Forwarded-Proto $scheme; # Pass the protocol (HTTP or HTTPS)
}
}
}
So I first install certbot:
sudo apt update
sudo apt upgrade
sudo apt install certbot
and the plugin:
sudo apt install python3-certbot-nginx
then I created the ssl certificate using certbot:
sudo certbot --nginx -d mydomain
After that, it generated the certificates verified them and modified my nginx config automatically:
events {
worker_connections 768; # multi_accept on;
}
http {
server { # Listen on port 443 for HTTPS
server_name mydomain; # Replace with your domain
location / {
proxy_pass http://localhost:8081; # Forward requests to localhost:8081 proxy_set_header Host $host; # Pass the Host header proxy_set_header X-Real-IP $remote_addr; # Pass the client’s real IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # Forward the client's IP
proxy_set_header X-Forwarded-Proto $scheme; # Pass the protocol (HTTP or HTTPS)
}
listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/dash.levelup.configfan/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/dash.levelup.configfan/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = mydomain) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name mydomain;
return 404; # managed by Certbot
}}
Made sure all is good with sudo nginx -t and reloaded it manually using sudo nginx -s reload.
now when I visit the ip address it automatically redirects to https which is good, but it says that the certificate is verified with another domain, hence the browser still shows warning about security. but I still can tap on advanced and proceed, However when I visit my domain I still get redirected to https but it refuses to load anything there's no page loading, and I get something like:
This site can’t provide a secure connection
*** uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
I appreciate any help, I've tried a few more attempts after that, but all my attempts failed, and I'm looking for what to try next.
Note: in this question you will find mydomain showed in the config examples I gave, I've used my actual domain and the example domain here is just for the purpose of posting this question publicly.
I have an ubuntu server running on linode. and a domain from cloudflare.
I'm running StrapiJs on my Ubuntu server, it's configured and is running on port 8081, then I have nginx on my server to redirect requests from port 80 to 8081.
My domain in cloudflare has A and AAAA which both are pointing to the correct IPs of my linode server.
The only issue is I want to enable Https, so I've tried editing my nginx config along with using certbot, Here's how along with the initial nginx config I used:
initial nginx config /etc/nginx/nginx.conf:
events {
worker_connections 768; # multi_accept on;
}
http {
server {
listen 80;
server_name mydomain;
location / {
proxy_pass http://localhost:8081; # Forward requests to localhost:8081 proxy_set_header Host $host; # Pass the Host header proxy_set_header X-Real-IP $remote_addr; # Pass the client’s real IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # Forward the client's IP
proxy_set_header X-Forwarded-Proto $scheme; # Pass the protocol (HTTP or HTTPS)
}
}
}
So I first install certbot:
sudo apt update
sudo apt upgrade
sudo apt install certbot
and the plugin:
sudo apt install python3-certbot-nginx
then I created the ssl certificate using certbot:
sudo certbot --nginx -d mydomain
After that, it generated the certificates verified them and modified my nginx config automatically:
events {
worker_connections 768; # multi_accept on;
}
http {
server { # Listen on port 443 for HTTPS
server_name mydomain; # Replace with your domain
location / {
proxy_pass http://localhost:8081; # Forward requests to localhost:8081 proxy_set_header Host $host; # Pass the Host header proxy_set_header X-Real-IP $remote_addr; # Pass the client’s real IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # Forward the client's IP
proxy_set_header X-Forwarded-Proto $scheme; # Pass the protocol (HTTP or HTTPS)
}
listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/dash.levelup.configfan/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/dash.levelup.configfan/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = mydomain) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name mydomain;
return 404; # managed by Certbot
}}
Made sure all is good with sudo nginx -t and reloaded it manually using sudo nginx -s reload.
now when I visit the ip address it automatically redirects to https which is good, but it says that the certificate is verified with another domain, hence the browser still shows warning about security. but I still can tap on advanced and proceed, However when I visit my domain I still get redirected to https but it refuses to load anything there's no page loading, and I get something like:
This site can’t provide a secure connection
*** uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
I appreciate any help, I've tried a few more attempts after that, but all my attempts failed, and I'm looking for what to try next.
Note: in this question you will find mydomain showed in the config examples I gave, I've used my actual domain and the example domain here is just for the purpose of posting this question publicly.
1 Answer
Reset to default 0I'm going to provide an answer to my own question, certainly found a way to workaround this issue for now, I will however not mark this as the best answer because I know this might not always be the ideal solution. (and because this answer might not include detailed information). However it can be used in this use case.
So the solution now is to go to cloudflare and edit both records and disable the proxy option.
After that visiting my domain loads my website correctly with https without any issues.