A few months ago, I was fresh on the beat trying to get a few new projects stood up on Laravel. I was having a few issues with manually setting up the server blocks on Nginx so I decided to go the easy route and pay for a temporary subscription on Laravel Forge, which is a website that makes all the set up like server block settings, SSL, multiple domains per server, etc super easy. I figured that it’d be better to spend my time to do that and focus on building the web-app than muddle in the details of what was going on with my server.
Well, that may have bit me in the butt. So I’m going to share a few steps that you’ll need to take to fix your configuration. Yours may be different, because I am not a sysadmin and I tried to install a bunch of things trying to fix this.
So first things first, I had at some point already followed a tutorial to set up my domain to create SSL certificates on Lets Encrypt. I would follow this tutorial first: https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04
After doing that if you run command: sudo certbot certificates
You should see your certificates show up with current valid dates. If your website no longer gives an error, great! You’re done.
If you are still having problems, like I did, keep going. So now, I was confused, because my certifications were valid, but my server wasn’t using them apparently. That led me to go look at my Nginx block file for my server. I then had to go into my server blocks and edit out a few lines that Laravel Forge had created that pointed the SSL certificates to a different location. I honestly don’t know why he set up his service to point to a different path, which doesn’t update with the normal certbot commands. Honestly he could have easily loaded a cron job to auto-update the certificates, and I’m not sure why he didn’t.
So in the terminal enter: sudo nano /etc/nginx/sites-available/yourdomain.com
You’ll comment out the lines that look like this with #
# ssl_certificate /etc/nginx/ssl/yourdomain.com/123456/server.crt; # ssl_certificate_key /etc/nginx/ssl/yourdomain.com/123456/server.key; #ssl_protocols TLSv1.2; #ssl_ciphers AAAA-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:EC$ #ssl_prefer_server_ciphers on; #ssl_dhparam /etc/nginx/dhparams.pem;
Now add a few lines that look like this but using matching domains that you made in the tutorial above:
ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
Now restart nginx using sudo systemctl restart nginx
If you get an error run sudo nginx -t to see what might be causing the error.
This fixed it for me. Hopefully this helps someone else out there.