Troubleshoot Nginx SSL Certificates for Deployment on Ubuntu
Whether you are running an instance of EC2 on AWS, or on a local machine, most likely you are using Ubuntu/Linux. It’s no secret that the robust ecosystem of UNIX virtual machines made by Linus Trovals has taken over the web — Be it servers, website deployments, the list goes on.
To ensure credibility of the communication between each layer of the web service, Secure Sockets Layer (SSL) certificates provide a backbone of web security and a must-have on modern sites and services.
Practically all browsers nowadays ensure that the connection to every website is secured through an HTTPS protocol, checking the validity of the certificate. When visiting a website with an unverifiable, or expired certificate, a warning of “Not Secure” will appear, sometimes blocking the data transmission to protect the user.
Fear not! This guide will walk you through common problems with issuing a valid SSL certificate and how to fix them.
1. Checking the validity of your certificate
Before diving into complex troubleshooting you can check the current state of your SSL certificate by trying to navigate to your domain on a web browser and clicking on the lock icon next to the URL search bar.
Also, tools like SSL Checker can accurately tell if your certificate is valid (or missing).
2. Lists of certificates on your Unix machine
We first want to view all the certificates issued on your machine.
sudo certbot certificates- If no certificates were found, you need to create a new one (Read this article for guidance).
- If a certificate exists, we must ensure the it is chained to Nginx properly. To do so, follow the steps below.
Step one: Navigate to the sites-available directory, which contains all the configuration files for each of your sites.
cd /etc/nginx/sites-available/Step two: Each file in thesites-available directory represents a different website or a different configuration for your Nginx server. Use a text editor to edit the file corresponding to the site you want to change.
sudo nano your-site-config-fileStep three: In your Nginx configuration file, you must reference both the certificate (fullchain.pem) and the private key (privkey.pem).
The following is an example snippet part of a configuration file:
ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;Step four: After making the necessary changes to the configuration file, save and exit the editor.
Hint: In Nano, press CTRL + X, then Y, and Enter to confirm.
Step five: Create a symlink in sites-enabled.
Typically, Nginx automatically creates a symlink in sites-enabled linking to the corresponding configuration file in sites-available. Ensure that your configuration file is linked properly. If not, you can create a symlink by running the following command:
sudo ln -s /etc/nginx/sites-available/your-site-config-file /etc/nginx/sites-enabled/3. Redirect all incoming HTTP to HTTPS
Secure websites should redirect all their traffic to a the secure protocol.
In your configuration file, add the following code block that redirects all incoming HTTP requests:
server {
listen 80;
server_name yourdomain.com www.yourdomain.com;
return 301 https://yourdomain.com$request_uri;
}5. Dealing with Browser Caching Issues
Sometimes, the issue is as simple as a browser caching an old version of your site. Clear your browser’s cache or use a private (incognito) window to see if the issue persists.
6. Reviewing Error Logs for Clues
Check your Nginx error logs (/var/log/nginx/error.log) for SSL-related errors. These logs often provide detailed insights into what might be going wrong.
Validate Configuration
Check Nginx’s status:
sudo systemctl status nginxChecking for syntax error:
Test the Configuration: Before applying the changes, always test your Nginx configuration for syntax errors:
sudo nginx -tReload/Restart Nginx:
If the configuration test is successful, reload Nginx to apply the changes.
sudo systemctl reload nginxsudo systemctl restart nginxConclusion
Proper configuration and maintenance of SSL certificates are crucial for website security. Regular checks, monitoring, and a proactive approach to SSL management will help ensure your website remains secure and trusted by browsers and users alike.
