I switched from letsencrypt to certbot after receiving a fine e-mail that said I had to move away from TLS-SNI-01. Eventhough I don’t have any active domains that use this method - I only had one that is currently running out as apparently I’m too lazy to revoke it, I decided to change nontheless.
Everything went smooth, however, I haven’t removed letsencrypt from my server yet.
I then proceeded to make a new certificate for a new Mastodon instance that I plan to run. The guide mentioned that I could use the nginx-plugin, so I installed that along with certbot.
For my new certificate I then ran this command: $ certbot --nginx certonly --rsa-key-size 4096 -d domain where domain is irellevant in this context. Again, everything went smooth, but I noticed that I was asked if I wanted to redirect http to https. I chose n, as I’m used to handle this in my nginx configs.
After making the new nginx config file, inserting the paths for the new certificate, I then notice something odd that I’ve never seen before when handling nginx configs - unless I broke something myself. I get the error nginx: [warn] conflicting server name "domain" on 0.0.0.0:443, ignored when I run $ nginx -t to check for syntax errors. I’ve quadrouple checked the config and I don’t have server_name more than once in the two server-blocks I have - one for :80 that redirects to :443 as per usual.
I now also notice that no matter that I set the root to in my nginx config for this domain, I get a 404.
So I’m wondering if certbot does something different compared to letsencrypt and places a broken nginx config file somewhere? I can’t see anything included in the default nginx.conf, or any of the other nginx configs I have.
This is really annoying. I hope you guys can help.
Even though I don’t see how my domain name is relevant, it’s mastodon.moso.io.
In the meantime I’ve tried revoking it, but now I can’t restart my nginx server as the certificate is missing, which just confirms tha there’s a bogus config somewhere.
There are no active modules in /etc/nginx/modules-enabled - it’s full of .conf.removed-files.
Inside /etc/nginx/conf.d/ is a default.conf that doesn’t bring any leads as this is basically just an empty config file with some standard settings in it.
And /etc/nginx/sites-enabled is where I symlink my configs from /etc/nginx/sites-available to, and doesn’t contain any non-symlinks (ls -la).