Search code examples
nginxamazon-ec2lets-encryptcertbotnodejs-server

EC2 Nginx lets encrypt setup, https is not working

I have setup nodejs REST api server in EC2 instance. In my goDaddy console, I have mapped ip address of my ec2 instance to my domain. Now it's accessible via http. This the link to my api.

I have configured nginx server and installed certificate for my domain. Here is nginx configuration
server {
        listen 80;
        listen [::]:80;

        server_name api.domain.in;

        location / {
                proxy_pass http://127.0.0.1:3000;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;
        }

        listen [::]:443 ssl ipv6only=on; # managed by Certbot
        listen 443 ssl; # managed by Certbot
        ssl_certificate /etc/letsencrypt/live/api.domain.in/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/api.domain.in/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
Doing a netstat -plnt gives following result
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -
tcp6       0      0 :::3000                 :::*                    LISTEN      126894/node /home/u
tcp6       0      0 :::443                  :::*                    LISTEN      -
tcp6       0      0 :::80                   :::*                    LISTEN      -
tcp6       0      0 :::22                   :::*                    LISTEN      -
Doing a sudo ufw status gives following result
Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere
Nginx Full                 ALLOW       Anywhere
OpenSSH (v6)               ALLOW       Anywhere (v6)
Nginx Full (v6)            ALLOW       Anywhere (v6)
Doing a sudo ufw app list gives following result
Available applications:
  Apache
  Apache Full
  Apache Secure
  Nginx Full
  Nginx HTTP
  Nginx HTTPS
  OpenSSH

Still http://api.domain.in/health works but https://api.domain.in/health doesn't.

Solutions or help with the steps to debug/troubleshoot would be appreciated. What have I configured wrong? It's seems as if https traffics are not reaching to my ec2 instance.

Solution 
  •  port 80, 22, 300 are open for source 0.0.0.0/0. Do I need to open 443 also?

    Based on the question and comments, you may be missing the port 443 in the ec2 security group