server { listen 80 http2; listen [::]:80 http2; server_name pfa.exam

1. server {
2. listen 80 http2;
3. listen [::]:80 http2;
4. server_name pfa.example.com;
5. return 301 https://pfa.example.com$request_uri;
6. }
7. server {
8. listen 443 ssl http2;
9. listen [::]:443 ssl http2;
10. server_name pfa.example.com;
11.  
12. ssl on;
13. ssl_certificate /etc/letsencrypt/live/pfa.example.com/fullchain.pem;
14. ssl_certificate_key /etc/letsencrypt/live/pfa.example.com/privkey.pem;
15. ssl_session_timeout 1d;
16. ssl_session_cache shared:SSL:50m;
17. ssl_session_tickets off;
18. ssl_dhparam /etc/letsencrypt/live/pfa.example.com/dh.pem;
19.  
20. ssl_protocols TLSv1.2;
21. ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
22. ssl_prefer_server_ciphers on;
23.  
24. add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
25.  
26. ssl_stapling on;
27. ssl_stapling_verify on;
28. ssl_trusted_certificate /etc/letsencrypt/live/pfa.example.com/chain.pem;
29. resolver 8.8.8.8;
30.  
31. root /var/www/pfa/;
32. index index.php index.html index.htm;
33.  
34. add_header X-Frame-Options "SAMEORIGIN";
35. add_header x-xss-protection "1; mode=block" always;
36. add_header X-Content-Type-Options "nosniff" always;
37. location ~ .php$ {
38. include snippets/fastcgi-php.conf;
39. fastcgi_pass unix:/run/php/php7.2-fpm.sock;
40. }
41. }
42.  
43. server {
44. listen 80;
45. listen [::]:80;
46. server_name rainloop.example.com;
47. root /var/www/rainloop;
48. index index.php index.html index.htm;
49. location / {
50. try_files $uri $uri/ =404;
51. }
52. location ~ .php$ {
53. include snippets/fastcgi-php.conf;
54. fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
55. }
56. }
57.  
58. server {
59. server_name _;
60. listen 80 default_server;
61. root /var/www/html;
62. index index.html index.htm index.nginx-debian.html;
63. location / {
64. try_files $uri $uri/ =404;
65. }
66. location ~ .php$ {
67. include snippets/fastcgi-php.conf;
68. fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
69. }
70. location ~ /.ht {
71. deny all;
72. }
73. }
74.  
75. > certbot --nginx -d rainloop.example.com
76.  
77. Saving debug log to /var/log/letsencrypt/letsencrypt.log
78. Plugins selected: Authenticator nginx, Installer nginx
79. Obtaining a new certificate
80. Performing the following challenges:
81. http-01 challenge for rainloop.example.com
82. Waiting for verification...
83. Cleaning up challenges
84. Failed authorization procedure. rainloop.example.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://rainloop.example.com/.well-known/acme-challenge/9ivMyI4q3M98EDzr6Fco71Ih8_mZl1epApasB6nNa14: Error getting validation data
85.  
86. IMPORTANT NOTES:
87. - The following errors were reported by the server:
88.  
89. Domain: rainloop.example.com
90. Type: connection
91. Detail: Fetching
92. http://rainloop.example.com/.well-known/acme-challenge/9ivMyI4q3M98EDzr6Fco71Ih8_mZl1epApasB6nNa14:
93. Error getting validation data
94.  
95. To fix these errors, please make sure that your domain name was
96. entered correctly and the DNS A/AAAA record(s) for that domain
97. contain(s) the right IP address. Additionally, please check that
98. your computer has a publicly routable IP address and that no
99. firewalls are preventing the server from communicating with the
100. client. If you're using the webroot plugin, you should also verify
101. that you are serving files from the webroot path you provided.
102.  
103. 775 www-data:www-data