Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:odoocodes.com
I ran this command:
./letsencrypt-auto certonly -a webroot --renew-by-default --config /usr/local/etc/le-renew-webroot.ini
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.odoocodes.com
Using the webroot path /usr/share/nginx/html for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.odoocodes.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.odoocodes.com/.well-known/acme-challenge/yA5-q_RIRXCkEA6UcshDeY94HFFLI9_b-sOpdOCMQOs: Too many redirects
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
My web server is (include version):
nginx version: nginx/1.14.0 (Ubuntu)
The operating system my web server runs on is (include version):
Ubuntu 18.04.2 x64
My hosting provider, if applicable, is:
Digital Ocen
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.23.0
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Cert not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/odoocodes.com.conf)
What would you like to do?
1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/default
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/default
nginx: [warn] conflicting server name "odoocodes.com" on 0.0.0.0:80, ignored
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Traffic on port 80 already redirecting to ssl in /etc/nginx/sites-enabled/default
Traffic on port 80 already redirecting to ssl in /etc/nginx/sites-enabled/default
nginx: [warn] conflicting server name "odoocodes.com" on 0.0.0.0:80, ignored
Your existing certificate has been successfully renewed, and the new certificate
has been installed.
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/odoocodes.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/odoocodes.com/privkey.pem
Your cert will expire on 2019-05-31. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again with the "certonly" option. To non-interactively renew all
of your certificates, run "certbot-auto renew"
If you like Certbot, please consider supporting our work by:
root@odoo-codes:/opt/letsencrypt# ./certbot-auto certonly -a webroot --config /usr/local/etc/le-renew-webroot.ini -d odoocodes.com -d www.odoocodes.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Cert not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isn’t close to expiry.
(ref: /etc/letsencrypt/renewal/odoocodes.com.conf)
What would you like to do?
1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)
Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Renewing an existing certificate
IMPORTANT NOTES:
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/odoocodes.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/odoocodes.com/privkey.pem
Your cert will expire on 2019-05-31. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again. To non-interactively renew all of your certificates, run
“certbot-auto renew”
If you like Certbot, please consider supporting our work by:
I was having two files under /etc/nginx/site-enabled, 1. default and 2 odoocodes
In 1st file there are two server defineation, 1 is handles port 80, and redirects to the site port which is 8076 and another server {} defination which is listen port 443 ssl port.
and 2nd file was port forwarding and was listing to port 80 which I’ve removed. so Now, I’ve one one file which is default.
Here is the detail of defaults file which is under /etc/nginx/site-enabled, let me share here.
server {
if ($host = www.odoocodes.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server { #listen 80 default_server; #listen [::]:80 default_server;
listen 443 ssl;
server_name odoocodes.com www.odoocodes.com;
ssl_certificate /etc/letsencrypt/live/odoocodes.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/odoocodes.com/privkey.pem; # managed by Certbot
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
location ~ /.well-known{
allow all;
}
# pass PHP scripts to FastCGI server
# #location ~ .php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}