By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Instance and server shows running but live domain shows "this site can’t be reached"

0
  1. Tried restarting & reinstalling nginx and rebooting instance.
  2. Renewed SSL Certificate, no outstanding bills
  3. DNS points to correct hosted zone nameservers
  4. was working a day ago

When providing a solution, kindly guide me how as I'm a novice with AWS. Thanks so much.

EDIT: Yes sorry domain name is rps.game.

https://www.sslshopper.com/ssl-checker.html#hostname=rps.game displays ssl is not installed even though I get these logs:

ubuntu@ip-172-31-12-157:/$ sudo nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful ubuntu@ip-172-31-12-157:/$ sudo nginx -T nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful

configuration file /etc/nginx/nginx.conf:

user www-data; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf;

configuration file /etc/nginx/conf.d/rps_game*-ssl.conf:

server {

listen 443;

ssl on;

ssl_certificate /etc/nginx/ssl_new/nginx_bundle_2246d829ae8d.crt;

ssl_certificate_key /opt/rpsbet/private.key;

root /opt/rpsbet;

server_name rps.game;

}

server { listen 80; server_name rps.game; return 301 https://$host$request_uri; }

Also the DNS Propagation tool displays as correct DNS! (https://dnschecker.org/#NS/rps.game)

Enter image description here

Here are the error logs too for the tail command:

ubuntu@ip-172-31-12-157:/etc/nginx/ssl_new$ sudo tail -f /var/log/nginx/error.log 2024/04/03 17:18:25 [error] 4997#4997: *31 open() "/opt/rpsbet/favicon.ico" failed (2: No such file or directory), client: 86.138.111.179, server: rps_game, request: "GET /favicon.ico HTTP/1.1", host: "ec2-3-133-160-47.us-east-2.compute.amazonaws.com", referrer: "https://ec2-3-133-160-47.us-east-2.compute.amazonaws.com/" 2024/04/03 17:19:13 [error] 4997#4997: *31 directory index of "/opt/rpsbet/" is forbidden, client: 86.138.111.179, server: rps_game, request: "GET / HTTP/1.1", host: "ec2-3-133-160-47.us-east-2.compute.amazonaws.com" 2024/04/03 17:19:18 [error] 4997#4997: *31 directory index of "/opt/rpsbet/" is forbidden, client: 86.138.111.179, server: rps_game, request: "GET / HTTP/1.1", host: "ec2-3-133-160-47.us-east-2.compute.amazonaws.com" 2024/04/03 17:20:04 [error] 4997#4997: *35 directory index of "/opt/rpsbet/" is forbidden, client: 152.32.170.230, server: rps_game, request: "GET / HTTP/1.1", host: "3.133.160.47" 2024/04/03 17:20:05 [error] 4997#4997: *36 open() "/opt/rpsbet/favicon.ico" failed (2: No such file or directory), client: 152.32.170.230, server: rps_game, request: "GET /favicon.ico HTTP/1.1", host: "3.133.160.47" 2024/04/03 17:20:06 [error] 4997#4997: *37 open() "/opt/rpsbet/robots.txt" failed (2: No such file or directory), client: 152.32.170.230, server: rps_game, request: "GET /robots.txt HTTP/1.1", host: "3.133.160.47" 2024/04/03 17:20:06 [error] 4997#4997: *38 open() "/opt/rpsbet/sitemap.xml" failed (2: No such file or directory), client: 152.32.170.230, server: rps_game, request: "GET /sitemap.xml HTTP/1.1", host: "3.133.160.47" 2024/04/03 17:55:03 [error] 4997#4997: *55 directory index of "/opt/rpsbet/" is forbidden, client: 86.138.111.179, server: rps_game, request: "GET / HTTP/1.1", host: "ec2-3-133-160-47.us-east-2.compute.amazonaws.com" 2024/04/03 18:13:54 [notice] 5215#5215: signal process started

  • Mukul Dharwadkar
    a month ago

    Hi lenny,

    Could you share your domain name?

  • remora
    a month ago

    Start with an online DNS checker to confirm that IP address resulted from DNS resolve is the IP of the instance(s)? Continue with same test (or ping) from your local laptop/network/browser/console/cmd. If yes (IP resulted by pinging your domain is EC2 instance PUBLIC IP address), continue with firewall rules: anyone should be able to access ports 80 and 443 on TCP protocol. If this still not solves your problems.. try AWS console (add a SSH key to your EC2 instance, connect to it and check httpd/apache/nginx service status and logs. systemctl status service_name tail -f /var/log/service_name/*

    • while using tail, try again to access the website
Topics
ComputeNetworking & Content Delivery
Tags
Amazon EC2Amazon Route 53Domain Name System (DNS)
Language
English
lenny
asked a month ago131 views
2 Answers
0
Accepted Answer

Hello Lenny,

I ran some tests on your domain and from there I think there is a mistake in opening up the ports on the security group. I see that you are using the EC2 public IP to host your site and when I try to reach the site, my request is timing out which leads me to believe that there port is not accepting connections from the internet.

curl -v -i https://rps.game
*   Trying 3.137.217.78:443...
* connect to 3.137.217.78 port 443 failed: Connection timed out
* Failed to connect to rps.game port 443 after 134404 ms: Connection timed out
* Closing connection 0
curl: (28) Failed to connect to rps.game port 443 after 134404 ms: Connection timed out

Please review the security groups associated with your instance and try again. I do not think it is an SSL configuration issue at this time. I would have received a different error if that was the case.

I also checked if your port is open or not and discovered that it is closed.

Port 443 closed

profile picture
Mukul Dharwadkar
answered a month ago
profile picture
EXPERT
Giovanni Lauria
reviewed a month ago
  • lenny
    a month ago

    THANK YOU EVERYONE NOT JUST MUKUL FOR GIVING ME YOUR TIME....DEEPLY GRATEFUL.

    PROBLEM: It seems like my website should have been connected here: ec2-3-133-160-47.us-east-2.compute.amazonaws.com However, it was connected here instead: ec2-3-137-217-78.us-east-2.compute.amazonaws.com...(DON'T KNOW HOW THAT HAPPENED BUT IT DID)

    SOLUTION: Grabbed the ipv4 addresses from the instance settings like Mukul suggested and updated the A records. And hey ho, the propagation was instantaneous somehow and we back online baby.

0

I can definitely help you troubleshoot this issue as an AWS Solution Architect. Here are some steps to investigate why your domain shows "This Site Can't Be Reached" even though the instance and server are running:

1. Double-Check DNS Propagation:

You mentioned renewing your DNS, but DNS changes can take up to 24 hours to fully propagate globally. Wait at least 24 hours after making any DNS record updates to see if the issue resolves.

2. Verify Security Group Rules:

Ensure your security group allows inbound traffic on port 80 (HTTP) or 443 (HTTPS) for your website. You can check and modify security groups in the AWS Management Console.

3. Investigate Nginx Logs:

Nginx logs might reveal clues about the issue. You can access logs by connecting to your instance via SSH and looking in the location specified in your Nginx configuration file (usually /var/log/nginx/access.log and /var/log/nginx/error.log). Look for errors related to requests or unexpected behavior.

4. Check Instance Health:

Go to the EC2 service in the AWS Management Console and look at the health status of your instance. Any errors or warnings could indicate a problem.

  • Consider using a tool like dig or nslookup to verify your DNS records are resolving correctly from your location.

  • These are general troubleshooting steps. The specific solution depends on your configuration.

profile picture
Bhagavan Bollina
answered a month ago
profile picture
EXPERT
Giovanni Lauria
reviewed a month ago
  • lenny
    a month ago

    I have updated my question with all the information you requested, still no luck :(

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content