Support Online
MirrorLooking Glass
GenixNodeGenixNode
Client Panel
Skip to main content

How to Fix Nginx SSL Certificate and HTTPS Redirect Errors?

What will you learn in this guide?

This guide explains common SSL and redirect errors when migrating to HTTPS on Nginx.
HTTP to HTTPS redirection, firewall problems and certificate errors are solved practically.

1. Check Nginx Error Logs

Most SSL and redirect errors leave clear clues in the logs.

sudo cat /var/log/nginx/error.log
  • This command prints Nginx error logs to the screen.

2. Verify HTTPS Listen Directive

  1. For HTTPS, Nginx needs to listen on port 443.

listen 443 ssl;
listen [::]:443 ssl;
  • These lines enable HTTPS traffic.

Also check SSL file paths:


ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
  • These settings indicate that the certificate uses the correct files.

3. 301 Redirect Structure from HTTP to HTTPS

  1. HTTP traffic should be permanently redirected to HTTPS.

server {
    listen 80;
    server_name example.com www.example.com;
    return 301 https://$host$request_uri;
}
  • This block redirects HTTP requests to the HTTPS address.

4. Check Firewall (UFW) Settings

  1. If HTTPS is not working, port 443 may be closed.

sudo ufw status
  • This command lists open ports.
  1. To add HTTPS permission:

sudo ufw allow 'Nginx HTTPS'
  • This rule opens port 443 to the outside world.
  1. Alternatively you can use single rule:

sudo ufw allow 'Nginx Full'
  • This setting allows both HTTP and HTTPS traffic.

  • Some errors are caused by certificates, not Nginx.

  • If you use a self-signed certificate, the browser gives a warning. This reduces user trust.

The error code for an expired certificate is usually: NET::ERR_CERT_DATE_INVALID

6. Renew Let's Encrypt Certificate

L.

  1. let's Encrypt certificates are valid for 90 days.

  2. Check the renewal service:


sudo systemctl status snap.certbot.renew.service
  1. This service manages automatic renewal.
  1. For manual renewal:

sudo certbot certonly --force-renew -d example.com
  • This command forcibly renews the certificate.

Trial for testing purposes:


sudo certbot renew --dry-run
  • This verifies that the refresh is working smoothly.

7. Test Configuration After Changes

  1. Check the syntax after each change.

sudo nginx -t
  • This command checks for configuration errors.
  1. Then reinstall the service:

sudo systemctl restart nginx
  • This action activates the settings.

Frequently Asked Questions (FAQ)

1. Why is HTTPS redirect not working? Usually port 443 is closed or the listen directive is missing.

2. Why should I use 301 instead of 302? 301 is permanent and carries SEO value to the HTTPS address.

3. What happens if Certbot does not auto-renew? The certificate expires and the browser shows a security error.

4. Can it be done in a single server block? Yes, but separate HTTP and HTTPS blocks are clearer.

Result

HTTPS and SSL errors usually occur due to minor configuration errors. For a correctly configured Nginx infrastructure, you can immediately try your projects on the GenixNode platform.