This one is a bit of a tricky one to get configured correctly.
So I have an Nginx server acting as a reverse proxy to another server. I’ve managed to run Let’s Encrypt on the ‘other server’ which has successfully generated the certificate. Yet when I enter the hostname in the browser I see the error, “This site can’t provide a secure connection. ERR_SSL_PROTOCOL_ERROR”.
Not sure what I’ve got configured wrong here.
Here is the config for the Nginx Proxy;
server {
# http
listen 80;
# https
listen 443;
server_name other-server.example.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://{Static Internal IP}:$server_port;
}
}
And here is the Nginx config on the ‘other server’;
server {
server_name other-server.example.com;
root /usr/share/nginx/html/;
location ~ /.well-known/acme-challenge {
allow all;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/other-server.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/other-server.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/other-server.example.com/chain.pem; # managed by Certbot
ssl_stapling on; # managed by Certbot
ssl_stapling_verify on; # managed by Certbot
}
server {
if ($host = other-server.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name other-server.example.com;
root /usr/share/nginx/html/;
location ~ /.well-known/acme-challenge {
allow all;
}
}