In my opinion the way EasyEngine forces SSL by placing a force-ssl.conf file in /etc/nginx/conf.d is wrong. Everything in /etc/nginx/conf.d is included by default in the main nginx.conf file, thus force-ssl.conf is included even when accessing a non-https site. I believe the force-ssl code should be added to the vhost for each individual site as a separate server block, e.g. here’s one of my vhosts for an SSL-enabled site:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.purbeckpixels.com;
include /var/www/purbeckpixels.com/conf/nginx/*.conf;
return 301 https://purbeckpixels.com$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name purbeckpixels.com;
access_log /var/log/nginx/purbeckpixels.com.access.log rt_cache;
error_log /var/log/nginx/purbeckpixels.com.error.log;
root /var/www/purbeckpixels.com/htdocs;
index index.php index.html index.htm;
include common/wpfc-php7.conf;
include common/wpcommon-php7.conf;
include common/locations-php7.conf;
include /var/www/purbeckpixels.com/conf/nginx/*.conf;
}
server {
listen 80;
listen [::]:80;
server_name www.purbeckpixels.com purbeckpixels.com;
return 301 https://purbeckpixels.com$request_uri;
}
The last server block is what’s usually added as a force-ssl.conf file in /etc/nginx/conf.d.
I’m not sure whether this is the issue hsg944 is having, but it does sound like it’s something to do with the forcing of SSL.
By the way, I don’t use EasyEngine’s built in Let’s Encrypt functionality, I prefer to do it manually.