ANotWorking Error when obtaining Certificates


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: kleos.ai

I ran this command: certbot-auto --nginx

It produced this output:

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.kleos.ai
http-01 challenge for kleos.ai
nginx: [warn] conflicting server name “www.kleos.ai” on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name “www.kleos.ai” on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name “www.kleos.ai” on [::]:443, ignored
Waiting for verification…
Cleaning up challenges
nginx: [warn] conflicting server name “www.kleos.ai” on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name “www.kleos.ai” on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name “www.kleos.ai” on [::]:443, ignored
Failed authorization procedure. kleos.ai (http-01): urn:ietf:params:acme:error:r

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: kleos.ai
    Type: connection
    Detail: Fetching https://www.kleos.ai/: Connection reset by peer

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

My web server is (include version): nginx version: nginx/1.14.0 (Ubuntu)

The operating system my web server runs on is (include version): Description: Ubuntu 18.04.1 LTS

My hosting provider, if applicable, is: Linode

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


#2

Hi,

Please check your ngijx virtual host configuration. You might defined www.kleos.ai more than once in https virtual hosts.

Thank you


#3

Hi stevenzhu,

thanks for your quick response. If I were to spot wrong line in the configuration file, I would say the line in the server443 section highlighted by >> <<. Do you agree?

My configuration looks like this:

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;

root /var/www/html;

index index.html index.htm index.nginx-debian.html;

>>server_name www.kleos.ai;<<

ssl_session_cache shared:SSL:20m;
ssl_session_timeout 60m;

ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DHE+AES128:!ADH:!AECDH:!MD5;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

add_header Strict-Transport-Security "max-age=31536000" always;

}
server {
listen [::]:80;
listen 80;
server_name www.kleos.ai;
return 301 https://www.kleos.ai$request_uri;
}


#4

Hi,

Yes… (Sorry, i missed this question at first)

Is this the only time www.kleos.ai appear in all nginx https (port 443) virtual hosts?

Thank you


#5

I just run: grep -r --include=‘star.star’ ‘server_name www.kleos.ai’

except plenty of letsencrypt logfiles it appears once more in the *-ssl.conf which sits in the same folde as the *.conf I just provided


#6

Hi,

Okay… Then you’ll need to make a decision: choose one file to keep (which means merge all contents from one file to the other that you wished to keep)

By the way, please try to run nginx -T | grep "server_name www.kleos.ai" to double check…

Thank you


#7

Okay… Then you’ll need to make a decision: choose one file to keep (which means merge all contents from one file to the other that you wished to keep)

Does it effect anything? Can you give an explanation why 2 file are around in the first place?

your grep returns:

nginx: [warn] conflicting server name “www.kleos.ai” on 0.0.0.0:443, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
server_name www.kleos.ai;
server_name www.kleos.ai;
server_name www.kleos.ai;


#8

Hi,

I think certbot (for some reason) created another ssl virtual host for you… and deployed the certificate to that virtual host instead of the one you created…

I’m not sure what would it affect… Besides the warning in Nginx, the connection reset by peers might be caused by this…

Thank you


#9

Hi,

I merged the two conf files. However it doesn’t change anything in the error message. see:

https://letsdebug.net/www.kleos.ai/9487

Thanks