After deployong a simple django app on aws EC2,I added ssl certficate using python3-certbot-nginx and everything worked fine. Initially I implemented ssl on myapp1.com by running sudo certbot --nginx -d myapp1.com. Later, I ran the command again but replacing myapp1.com with www.myapp1.com. and the process was successful. HTTPS was active when I entered the url on the browser. However, a soon as I restarted nginx all the webpages started displaying 404 Not Found nginx/1.18.0 (Ubuntu) when I assess the webpages using the IP-address, but 502 Bad Gateway nginx/1.18.0 (Ubuntu) when I assess it using the domain name. I have searched through stack overflow for solution but none worked for my case. When I ran the command /var/log/nginx/error.log I grt the folllowing output:
2021/09/19 02:04:30 [notice] 323820#323820: signal process started
2021/09/19 02:08:20 [crit] 323821#323821: *478 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 107.178.231.248, server: 0.0.0.0:443
2021/09/19 02:12:12 [crit] 323821#323821: *498 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 107.178.238.55, server: 0.0.0.0:443
2021/09/19 02:33:40 [notice] 324069#324069: signal process started
2021/09/19 02:35:12 [alert] 324102#324102: *4 open socket #13 left in connection 6
2021/09/19 02:35:12 [alert] 324102#324102: *5 open socket #14 left in connection 7
2021/09/19 02:35:12 [alert] 324102#324102: aborting
2021/09/19 02:35:34 [crit] 324125#324125: *1 connect() to unix:/var/www/html/myapp/app.sock failed (2: No such file or directory) while connecting to upstream, client: 197.211.59.65, server: myapp1.com, request: "GET /admin/home/ HTTP/1.1", upstream: "http://unix:/var/www/html/myapp/app.sock:/admin/home/", host: "myapp1.com", referrer: "https://myapp1.com/admin/"
# Default server configuration
server {
# SSL configuration
#
#listen 443 ssl default_server;
#listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
server_name myapp1.com 18.189.167.3;
location / {
proxy_ssl_server_name on;
include proxy_params;
proxy_pass http://unix:/var/www/html/myapp/app.sock;
#try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
location /static/ {
autoindex on;
alias /var/www/html/myapp/staticfiles/;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
location /phpmyadmin/
{
root /usr/share/;
index index.php;
try_files $uri $uri/ =404;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/myapp1.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/myaoo1.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
How do I fix this issue? There are several conflicting solutions I found on the internet. I'm scared some approaches might cause other issues that might cause me to terminate the instance which will be too costly for me.
