nginx ssl ERR_CONNECTION_REFUSED

Question

I'm getting an error on the SSL, my site is

https://pontebuso.com/

But it always give me ERR_CONNECTION_REFUSED

sudo netstat -anp |grep :443| grep LISTEN

tcp    0   0 0.0.0.0:443      0.0.0.0:*          LISTEN      1165/nginx 
tcp6   0   0 :::443               :::*           LISTEN      1165/nginx

sudo netstat --numeric -l -p -A ip | grep tcp

tcp        0  0 0.0.0.0:22          0.0.0.0:*     LISTEN      1130/sshd       
tcp        0  0 0.0.0.0:443         0.0.0.0:*     LISTEN      1165/nginx      
tcp        0  0 127.0.0.1:9000      0.0.0.0:*     LISTEN      1241/php-fpm.conf)
tcp        0  0 0.0.0.0:3306        0.0.0.0:*     LISTEN      1214/mysqld     
tcp        0  0 0.0.0.0:80          0.0.0.0:*     LISTEN      1165/nginx 

root@05A:~# sudo ufw status verbose

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From

--                         ------      ----
443/tcp                    ALLOW IN    Anywhere
22/tcp                     ALLOW IN    Anywhere
80                         ALLOW IN    Anywhere
443                        ALLOW IN    Anywhere
80/tcp                     ALLOW IN    Anywhere
23.253.246.119 443/tcp     ALLOW IN    Anywhere
443/tcp (v6)               ALLOW IN    Anywhere (v6)
22/tcp (v6)                ALLOW IN    Anywhere (v6)
80 (v6)                    ALLOW IN    Anywhere (v6)
443 (v6)                   ALLOW IN    Anywhere (v6)
80/tcp (v6)                ALLOW IN    Anywhere (v6)

-------------------nginx.conf---------------------------

user www-data;
worker_processes 4;
pid /run/nginx.pid;

events {
        worker_connections 768;
        # multi_accept on;
}

http {
    sendfile on;
    autoindex off;

    tcp_nopush on;
    tcp_nodelay on;

    types_hash_max_size 2048;

    fastcgi_buffers 8 16k;
    fastcgi_buffer_size 32k;

    #include /etc/nginx/mime.types;
    default_type application/octet-stream;


    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    gzip  on;
    gzip_comp_level 2;
    gzip_proxied any;
    gzip_types      text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;

    include       /etc/nginx/mime.types;
    include       /etc/nginx/conf.d/*.conf;
    include       /etc/nginx/sites-enabled/*;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request "'
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    map $scheme $fastcgi_https { ## Detect when HTTPS is used
        default off;
        https on;
    }

    keepalive_timeout  10;

    # Load config files from the /etc/nginx/conf.d directory
    include /etc/nginx/conf.d/*.conf;
}

-------------------default---------------------------

server {
        listen 80;

        server_name pontebuso.com;
        add_header Access-Control-Allow-Origin sub.pontebuso.com;
        root /home/sites/pontebuso/;

        autoindex off;

        location / {
            index index.php index.html index.htm;
            try_files $uri $uri/ /index.php?$args; 
            access_log off;
            expires max; 
        }

        ## These locations would be hidden by .htaccess normally
        location ^~ /app/                { deny all; }
        location ^~ /includes/           { deny all; }
        location ^~ /lib/                { deny all; }
        location ^~ /media/downloadable/ { deny all; }
        location ^~ /pkginfo/            { deny all; }
        location ^~ /report/config.xml   { deny all; }
        location ^~ /var/                { deny all; }

        access_log /var/log/nginx/nginx.vhost.access.log;
        error_log /var/log/nginx/nginx.vhost.error.log;

        location /var/export/ {
            auth_basic           "Restricted";
            auth_basic_user_file htpasswd;
            autoindex            on;
        }

        location  /. {
            return 404;
        }

        location @handler {
            rewrite / /index.php;
        }

        location ~ .php/ {
            rewrite ^(.*.php)/ $1 last;
        }

        location ~ .php$ {
            if (!-e $request_filename) { rewrite / /index.php last; }
            expires        off;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_pass 127.0.0.1:9000;
            fastcgi_index index.php;
            fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param  HTTPS $fastcgi_https;
            fastcgi_param  MAGE_RUN_CODE default;
            fastcgi_param  MAGE_RUN_TYPE store;
            include        fastcgi_params;
        }

        location ~ .php/ {
            rewrite ^(.*.php)/ $1 last;
         }


         location ~ .php$ { 
            if (!-e $request_filename) { rewrite / /index.php last; }
            expires        off; ## Do not cache dynamic content
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_param  HTTPS $fastcgi_https;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            fastcgi_param  MAGE_RUN_CODE default;
            fastcgi_param  MAGE_RUN_TYPE store;
            include        fastcgi_params; ## See /etc/nginx/fastcgi_params
        }

        location ~ \.css {
            add_header  Content-Type    text/css;
        }

        location ~ \.js {
            add_header  Content-Type    application/x-javascript;
        }


    }

-------------------pontebuso.conf---------------------------

#server {
#    listen 80;
#    server_name localhost;
#    rewrite ^/(.*) https://pontebuso.com/$1 permanent;
#    }

server {
       listen 443 ssl;

        ssl on;
        ssl_certificate /etc/nginx/ssl/pontebuso.com.chained.crt;
        ssl_certificate_key /etc/nginx/ssl/pontebuso.key;   

        server_name pontebuso.com;

        ssl_session_cache  builtin:1000  shared:SSL:10m;
        ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
        ssl_prefer_server_ciphers on;

        fastcgi_param   HTTPS               on;
        fastcgi_param   HTTP_SCHEME         https;

        add_header Access-Control-Allow-Origin sub.pontebuso.com;
        root /home/sites/pontebuso/;

        autoindex off;

        access_log /var/log/nginx/nginx.vhost.access.log;
        error_log /var/log/nginx/nginx.vhost.error.log;

        location / {
            index index.php index.html index.htm;
            try_files $uri $uri/ /index.php?$args; 
            access_log off;
            expires max; 
        }


        ## These locations would be hidden by .htaccess normally
        location ^~ /app/                { deny all; }
        location ^~ /includes/           { deny all; }
        location ^~ /lib/                { deny all; }
        location ^~ /media/downloadable/ { deny all; }
        location ^~ /pkginfo/            { deny all; }
        location ^~ /report/config.xml   { deny all; }
        location ^~ /var/                { deny all; }


        location /var/export/ {
            auth_basic           "Restricted";
            auth_basic_user_file htpasswd;
            autoindex            on;
        }

        location  /. {
            return 404;
        }

        location @handler {
            rewrite / /index.php;
        }

        location ~ .php/ {
            rewrite ^(.*.php)/ $1 last;
        }

        location ~ .php$ {
            if (!-e $request_filename) { rewrite / /index.php last; }
            expires        off;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_pass 127.0.0.1:9000;
            fastcgi_index index.php;
            fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param  HTTPS $fastcgi_https;
            fastcgi_param  MAGE_RUN_CODE default;
            fastcgi_param  MAGE_RUN_TYPE store;
            include        fastcgi_params;
        }

        location ~ .php/ {
            rewrite ^(.*.php)/ $1 last;
         }


         location ~ .php$ { 
            if (!-e $request_filename) { rewrite / /index.php last; }
            expires        off; ## Do not cache dynamic content
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_param  HTTPS $fastcgi_https;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            fastcgi_param  MAGE_RUN_CODE default;
            fastcgi_param  MAGE_RUN_TYPE store;
            include        fastcgi_params; ## See /etc/nginx/fastcgi_params
        }

        location ~ \.css {
            add_header  Content-Type    text/css;
        }

        location ~ \.js {
            add_header  Content-Type    application/x-javascript;
        }


    }

Answer 1

I'm posting this as not the final answer, but a work-in-progress answer. I modified your configuration file pontebuso.conf but it might not yet work. I've commented out some parts of it as I consider them as not necessary for a first working solution. They might be added later on, when the basic configuration works. I assume you are running a wordpress blog? Additionally your configuration shows that nginx is writing error logs to error_log /var/log/nginx/nginx.vhost.error.log;. For additional help the content is really important. If the files are empty then theres possibly another misconfiguration issue.

edit: removed the config part. Didn't know it's supposed to server a magento store. please review https://www.ashsmith.io/2012/12/creating-a-faster-magento-store-part-one-server-setup/ and leave out the varnish part. check your nginx config and compare it with the one the site suggests.