After upgrading our DigitalOcean droplet from Ubuntu 16.04 to 18.04.6 LTS (Bionic Beaver), all https traffic suddenly failed, with a ‘website took too long to respond‘ error.

Background: we had an old WordPress site running Bedrock that was proving impossible to move from its 16.04 server, so we decided to upgrade it-situ instead. On DigitalOcean we took a snapshot, then performed the upgrade via SSH. This is the DigitalOcean guide we followed.

Note, we kept our nginx.conf file during the upgrade as it was quite specifically modified.

After it was all upgraded we switched the DNS to point to the new site (this was a staging site so this was fine to do) and the new site showed the ‘website took too long to respond’ error.

There’s a lot of help for this online! There’s a summary of some of things to check at the end of this article

Solution for us:

After contacting DigitalOcean they said:

I see that HTTP/S ports 80 and 443 are showing as ‘filtered’ when performing a nmap scan on these ports on Droplet {droplet name/IP} as shown below:

~ % nmap -Pn -p 80,443 {ip-address}    
Starting Nmap 7.93 ( ) at 2023-07-04 17:12 IST
Nmap scan report for {ip-address}
Host is up.

80/tcp  filtered http
443/tcp filtered https

Nmap done: 1 IP address (1 host up) scanned in 3.23 seconds

It seems like the firewall is blocking the incoming traffic to your droplet, which is causing the website to be inaccessible and preventing you from logging in via SSH and Droplet Console.

First, I would recommend you to temporarily disable the Cloud firewall applied to your Droplet and check the website functionality. 

Next, log in to the Droplet using SSH and run the below command to check your current firewall setting:

iptables -nvL

To allow all incoming HTTP (port 80) connections run these commands:

sudo iptables -A INPUT -p tcp --dport 80 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -p tcp --sport 80 -m conntrack --ctstate ESTABLISHED -j ACCEPT

To allow all incoming HTTPS (port 443) connections run these commands:

sudo iptables -A INPUT -p tcp --dport 443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -p tcp --sport 443 -m conntrack --ctstate ESTABLISHED -j ACCEPT

Note that I tried this without disabling the DO firewall first and it did not work. However, after we followed the steps exactly as above and in order then it did work. We then re-enabled the DO firewall and all was well.

Here’s a few other ideas to checklist, the idea here is to look up each one, I don’t list the details, but hopefully it’s helpful for ideas. Good luck!

Other ideas to check

Check DNS configuration: Verify that the DNS settings for your domain are correctly configured to point to the IP address of your new droplet

Check firewall settings: Ensure that the firewall on your new droplet allows incoming connections on the necessary ports (e.g., port 80 for HTTP or port 443 for HTTPS) – are you using ufw?

Verify web server configuration: Ensure that Nginx is properly configured to listen on the correct IP address and port.

Check web server status: Verify that your web server is running and there are no errors. sudo systemctl status nginx

Test connectivity locally: Try accessing your website using the droplet’s IP address directly from the droplet itself. curl http://localhost

Check network connectivity: Ensure that your droplet has an active network connection. From the droplet try ping

Check Nginx configuration: Review your Nginx configuration file ( and ensure that it is properly configured.

Check Nginx error logs: Examine the Nginx error logs to see if there are any relevant error messages that could help identify the issue. The error logs are usually located at /var/log/nginx/error.log.

Check DO firewall settings: Ensure that your DigitalOcean droplet’s firewall allows incoming traffic on ports 80 and 443.

Check if Nginx is listening on the correct ports: Confirm that Nginx is listening on the appropriate ports (80 and 443) sudo netstat -tuln | grep LISTEN

Check SSL certificate validity

Restart Nginxsudo systemctl restart nginx

Check the Nginx access logs: Review the Nginx access logs to see if any requests are being logged when you try to access the website. The access logs are typically located at /var/log/nginx/access.log

Check the website’s document root: Ensure that the root directive in your Nginx configuration file ( points to the correct directory where your website files are located.

Check file permissions: Make sure that the files and directories in your website’s document root have the appropriate permissions to be accessed by the Nginx process

Check if Nginx is listening on the correct network interface: Ensure that Nginx is listening on the correct network interface by checking the listen directive in your Nginx configuration file ( It should be set to listen 80; and listen 443 ssl; to listen on all available network interfaces.

Check the droplet’s network configuration: Connect to your DigitalOcean droplet via SSH and retrieve its network configuration – ip addr show – This command will display the network interfaces and their associated IP addresses. Verify that the IP address assigned to your droplet is correct and matches the one you expect.

Verify default gateway: Run the following command to check the default gateway: ip route show default

Last modified: July 4, 2023



Write a Reply or Comment

Your email address will not be published.