Nginx Certbot

Finally, after a week of headbanging, I managed to figure out certbot’s installation process with nginx and how to deploy python apps with uwsgi.

1. Make sure that existing nginx is not listening on port 443

There was a tiny trick with certbot’s nginx plugin - if you have a virtualhost, say, in /etc/nginx/sites-available/test.com, you must not listen on port 443. In other words, make sure that:

1
2
3
4
5
6
7
8

  server {

    # MAKE SURE THESE TWO LINES ARE COMMENTED
    # listen 443 ssl default_server;
    # listen [::]:443 ssl default_server;

    ...
  }

Otherwise, you might get a ‘connection reset by peer’ error. This is because there is already a listen on 443 on the default server block.

2. Make sure that server_name is defined

Nginx needs a virtualhost to be configured, so if you don’t include a configuration file with the server_name directive set, it will not work:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

  server {

    # This does not work -  this is the default configuration
    server_name _;

    # Works
    server_name test.com www.test.com;

    ...

  }