0

Actually my ssl cert is expired and is not updating so for a while I want my website to redirect itself to http instead of https.

Myconfig file:

           server {
        listen 80 ;
        listen [::]:80 default_server;

        # SSL configuration
        #
         listen 443 ssl default_server;
         listen [::]:443 ssl default_server;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
         # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;

        root /var/www/laravel/public;

        # Add index.php to the list if you are using PHP
        index index.php  index.html index.htm index.nginx-debian.html;

        server_name aksout.com ;

        ssl on;
        ssl_certificate /etc/letsencrypt/live/aksout.com/fullchain.pem;
       ssl_certificate_key /etc/letsencrypt/live/aksout.com/privkey.pem;
          location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ /index.php?$query_string;
        }
            location /phpmyadmin {

             alias /var/www/laravel/public/;
              index index.php index.html index.htm;
             }

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
           location ~ \.php$ {
                                    include snippets/fastcgi-php.conf;
              fastcgi_split_path_info ^(.+\.php)(/.+)$;

        #       # With php7.0-cgi alone:
        #       fastcgi_pass 127.0.0.1:9000;
        #       # With php7.0-fpm:
                fastcgi_pass unix:/run/php/php7.0-fpm.sock;



                include fastcgi_params;



                 fastcgi_buffers 8 512k;
        fastcgi_buffer_size 256k;
        fastcgi_send_timeout 5m;
        fastcgi_read_timeout 5m;
            fastcgi_connect_timeout 5m;
        }

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        location ~ /\.ht {
                deny all;
        }
              location ~ /.well-known {

                allow all;}


}


# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.

         server {
       listen 80;
#       listen [::]:80;
#
     server_name aksout.com;
#
#       root /var/www/example.com;
#       index index.html;
#
#       location / {
#               try_files $uri $uri/ =404;
#       }

    return 301 http://aksout.com$request_uri;
}
YaSh Chaudhary
  • 215
  • 2
  • 8

4 Answers4

2

First, without a valid SSL certificate, you can't redirect to HTTP. Users browsers will show an SSL warning, and unless they add an exception they'll never reach your server on HTTPS.

You can however serve people who come in on HTTP.

In the first server block:

  • Comment out the listen 443 lines
  • Comment out the SSL certificate stuff

Then comment out the second server block, the original port 80 one.

Tim
  • 30,383
  • 6
  • 47
  • 77
2

You shouldn't redirect https to http, just because your certificate has expired. You should renew it instead, especially since you already got everything you need for letsencrypt in your config file.

Running the following command should make your https work fine again.

certbot renew

If it shows any errors, please follow this simple guide to (re)install letsencrypt for nginx on debian.

Pang
  • 273
  • 3
  • 8
Anubioz
  • 3,597
  • 17
  • 23
  • already tried .....gives error. see this question: https://serverfault.com/questions/845897/failed-to-connect-to-139-59-18-213-443-for-tls-sni-01-challenge?noredirect=1#comment1084634_845897 – YaSh Chaudhary Apr 22 '17 at 11:31
  • @YaShChaudhary Try running `iptables -F && iptables -X && iptables -P INPUT ACCEPT && iptables -P FORWARD ACCEPT && iptables -P OUTPUT ACCEPT` before attempting to renew. This should help – Anubioz Apr 22 '17 at 16:25
0

I've just removed 443/HTTPS stuff and your other block that redirects traffic to it

server {
        listen 80 ;
        listen [::]:80 default_server;
        server_name aksout.com ;
        root /var/www/laravel/public;

        # Add index.php to the list if you are using PHP
        index index.php  index.html index.htm index.nginx-debian.html;

        location / {
          # First attempt to serve request as file, then
          # as directory, then fall back to displaying a 404.
          try_files $uri $uri/ /index.php?$query_string;
        }
        location /phpmyadmin {
          alias /var/www/laravel/public/;
          index index.php index.html index.htm;
        }

        # pass the PHP scripts to FastCGI server listening on socket
        location ~ \.php$ {
          include snippets/fastcgi-php.conf;
          fastcgi_split_path_info ^(.+\.php)(/.+)$;
          fastcgi_pass unix:/run/php/php7.0-fpm.sock;
          include fastcgi_params;
          fastcgi_buffers 8 512k;
          fastcgi_buffer_size 256k;
          fastcgi_send_timeout 5m;
          fastcgi_read_timeout 5m;
          fastcgi_connect_timeout 5m;
        }

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        location ~ /\.ht {
                deny all;
        }

        location ~ /.well-known {
          allow all;
        }


}
Diego Velez
  • 780
  • 1
  • 6
  • 13
-4

Try an htaccess redirect:

RewriteCond %{SERVER_PORT} 443 RewriteRule ^/?$ http://%{SERVER_NAME}/ [R=301,L]

Matt Morrow
  • 43
  • 6