Bought a certificate SSl. Installed and configured keys and certificate on the Nginx server.

server { listen 443; ssl on; ssl_certificate /etc/ssl/certs/avtosmoke.crt; ssl_certificate_key /etc/ssl/private/7934558.key; ssl_protocols SSLv3 TLSv1; server_name avtosmoke.ru www.avtosmoke.ru; }

But the site is still not accessible via https .

Through external services I checked - wrote that the site installed the SSl certificate correctly.

Should time pass or https on the site should work right away?

  • one
    should immediately. show config nginx - nörbörnën
  • What means not available? More details, please - andreymal
  • server {listen 443; ssl on; ssl_certificate /etc/ssl/certs/avtosmoke.crt; ssl_certificate_key /etc/ssl/private/7934558.key; ssl_protocols SSLv3 TLSv1; server_name avtosmoke.ru www.avtosmoke.ru; } - Alexey Marchenko
  • 2
    quite a job. only you didn’t tell nginx (using the root directive ) where to look for index.html - aleksandr barakin
  • Website via https is not available - Alexey Marchenko

1 answer 1

Your ssl is set up, here, look:

 $ curl --verbose 'https://www.avtosmoke.ru' * Rebuilt URL to: https://www.avtosmoke.ru/ * Trying 80.87.203.85... * TCP_NODELAY set * Connected to www.avtosmoke.ru (80.87.203.85) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /etc/ssl/cert.pem CApath: none * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Client hello (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS change cipher, Client hello (1): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN, server accepted to use h2 * Server certificate: * subject: OU=Domain Control Validated; OU=PositiveSSL; CN=www.avtosmoke.ru * start date: Oct 31 00:00:00 2018 GMT * expire date: Oct 31 23:59:59 2019 GMT * issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Domain Validation Secure Server CA * SSL certificate verify ok. * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * Using Stream ID: 1 (easy handle 0x7fa637805e00) > GET / HTTP/2 > Host: www.avtosmoke.ru > User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 7_1_2 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D257 Safari/9537.53 > Accept: */* > Accept-Encoding: deflate, gzip > * Connection state changed (MAX_CONCURRENT_STREAMS updated)! < HTTP/2 404 < server: nginx/1.14.0 < date: Wed, 31 Oct 2018 10:42:27 GMT < content-type: text/html < content-encoding: gzip < <html> <head><title>404 Not Found</title></head> <body bgcolor="white"> <center><h1>404 Not Found</h1></center> <hr><center>nginx/1.14.0</center> </body> </html> * Connection #0 to host www.avtosmoke.ru left intact

The only problem is that the settings for content delivery, connection with the backend, etc. are not specified.

For the simplest test, you can add a general location :

 server { server_name avtosmoke.ru www.avtosmoke.ru; listen 443 ssl http2; ssl_certificate /etc/ssl/certs/avtosmoke.crt; ssl_certificate_key /etc/ssl/private/7934558.key; location / { return 200 'Hello dude!'; } }