Lost access to Luci on nginx after trying to enable letsencrypt

Hi there, I am pretty new to OpenWrt, and I have caused my self a bit of an issue.

I was successfully running Nginx on my device as a load balancing reverse proxy. The service behind my device (gitlab) uses a lets encrypt certificate and the router was simply passing the TLS connection to the service. However I was getting weird session issues, and I put it down to the fact that because the router could not unencrypt the traffic it was using the IP hash method for session management, and so could not tell the difference between a web request and a git push. Which ever I tried first would work.

I decided that a solution might be to install a certificate on the router and then send the traffic back out over TLS allowing the router to inspect the session in more detail.

I already had letsencrypt installed on the router but is was disabled, and the Luci UI was using a self signed certificate which fist appeared some weeks ago when I first installed nginx I believe.

I went to the letsencrypt/acme section of the Luci UI and changed the values on the page. I added 2 domain names, checked enabled at the top, I unchecked use for uhttpd and checked use for nginx. I did not add anything in the DNS API and I did not check to use the staging server. I then clicked save and apply.

I then said that it failed to apply and was rolling back and it hung there. After a refresh I am unable to access the Luci UI. I still have shell access.

Here is my current niginx config:

user  root;
worker_processes  2;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

pid        /var/run/nginx.pid;

events {
    worker_connections  1024;

http {
    server_names_hash_bucket_size  128;
    include       mime.types;
    default_type  application/octet-stream;

    sendfile on;
    keepalive_timeout 0;

    client_body_buffer_size 10K;
    client_header_buffer_size 1k;
    client_max_body_size 1G;
    large_client_header_buffers 2 1k;

    gzip on;
    gzip_http_version 1.1;
    gzip_vary on;
    gzip_comp_level 1;
    gzip_proxied any;
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml;

    root /www;

    upstream cluster {

    server {
        listen default_server;
        server_name _;
        return 301 https://$host$request_uri;

    server {
        listen ssl default_server;
        server_name  localhost;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_session_tickets off;

        ssl_certificate /etc/nginx/nginx.cer;
        ssl_certificate_key /etc/nginx/nginx.key;

        location ~* .(jpg|jpeg|png|gif|ico|css|js)$ {
            expires 365d;
        include luci_uwsgi.conf;

    include /etc/nginx/conf.d/*.conf;


How can I begin to unpick this, perhaps remove the cert for Luci and go back to just port 80 for now?