search

lesaff / serverpilot-letsencrypt

(NO LONGER MAINTAINED) | Bash script to generate and install Let's Encrypt certificate for your websites on your ServerPilot account (Free or Paid Plan)
MIT License
346 stars 84 forks source link

Nginx fails to start after installing it #85

Open MediaMaquina opened 4 years ago

MediaMaquina commented 4 years ago

Hello, Nginx can't start after installing it. I have 3 apps each has 1 domain. i inserted the name of the main app and the 3 domains. This is all the info i could gather:

While finishing installation it said:

We're almost done here. Opening HTTPS Port and  Restarting nginx...
Rule added
Rule added (v6)
Job for nginx-sp.service failed because the control process exited with error code. See "systemctl status nginx-sp.service" and "journalctl -xe" for details

systemctl status nginx-sp.service

systemctl status nginx-sp.service
● nginx-sp.service - nginx-sp
   Loaded: loaded (/lib/systemd/system/nginx-sp.service; enabled; vendor preset: enabled)
   Active: failed (Result: start-limit-hit) since Sat 2019-11-16 18:21:26 CET; 1min 11s ago
  Process: 24493 ExecStop=/bin/kill -s QUIT $MAINPID (code=exited, status=0/SUCCESS)
  Process: 24517 ExecStartPre=/opt/sp/nginx/sbin/nginx -t (code=exited, status=1/FAILURE)
 Main PID: 27761 (code=exited, status=0/SUCCESS)

Nov 16 18:21:25 vps404371 systemd[1]: nginx-sp.service: Unit entered failed state.
Nov 16 18:21:25 vps404371 systemd[1]: nginx-sp.service: Failed with result 'exit-code'.
Nov 16 18:21:26 vps404371 systemd[1]: nginx-sp.service: Service hold-off time over, scheduling restart.
Nov 16 18:21:26 vps404371 systemd[1]: Stopped nginx-sp.
Nov 16 18:21:26 vps404371 systemd[1]: nginx-sp.service: Start request repeated too quickly.
Nov 16 18:21:26 vps404371 systemd[1]: Failed to start nginx-sp.
Nov 16 18:21:26 vps404371 systemd[1]: nginx-sp.service: Unit entered failed state.
Nov 16 18:21:26 vps404371 systemd[1]: nginx-sp.service: Failed with result 'start-limit-hit'.

letsencrypt LOG

2019-11-16 18:19:44,191:DEBUG:certbot.main:certbot version: 0.27.0
2019-11-16 18:19:44,192:DEBUG:certbot.main:Arguments: ['--webroot', '-w', '/srv/users/serverpilot/apps/emadion/public$
2019-11-16 18:19:44,192:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoi$
2019-11-16 18:19:44,202:DEBUG:certbot.log:Root logging level set at 20
2019-11-16 18:19:44,202:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2019-11-16 18:19:44,204:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2019-11-16 18:19:44,205:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7fed0dee38d0>
Prep: True
2019-11-16 18:19:44,206:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator$
2019-11-16 18:19:44,206:INFO:certbot.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2019-11-16 18:20:52,842:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2019-11-16 18:20:52,847:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api$
2019-11-16 18:20:53,408:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 658
2019-11-16 18:20:53,410:DEBUG:acme.client:Received response:
HTTP 200
Content-Length: 658
Strict-Transport-Security: max-age=604800
Server: nginx
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Date: Sat, 16 Nov 2019 17:20:53 GMT
X-Frame-Options: DENY
Content-Type: application/json

My emadion.ssl.conf

server {
   listen 443 ssl http2;
   listen [::]:443 ssl http2;
   server_name
emadion.it calzarialati.it testipiu.it ;

   ssl on;

   # letsencrypt certificates
   ssl_certificate      /etc/letsencrypt/live/emadion.it/fullchain.pem;
   ssl_certificate_key  /etc/letsencrypt/live/emadion.it/privkey.pem;

    #SSL Optimization
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:20m;
    ssl_session_tickets off;

    # modern configuration
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AE$

    # OCSP stapling
    ssl_stapling on;
    ssl_stapling_verify on;

    # verify chain of trust of OCSP response

No ideas what's up?