My domain is: www.unxchina.com
I ran this command: certbot --nginx
I manage about 40 subdomains on the same machine. When I tried the certbot --nginx command to try to manage my domain name, the vast majority of websites had no problems. Two of the domain names supported old systems that had to use the http protocol, but this command directly changed my nginx configuration file, which caused a failure in my production environment. How do I manually manage two domain names?
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
This can be an issue. What has changed in your environment?
Give us all the information we need.
Please enter a domain: www.unxchina.com
A records for www.unxchina.com: Domain does not exist
AAAA records for www.unxchina.com: Domain does not exist
So the www subdomain is nonexistant in DNS... fix it.
A records for unxchina.com: ['47.94.81.248']
AAAA records for unxchina.com: No record found
MX records for unxchina.com: ['10 mxbiz2.qq.com.', '5 mxbiz1.qq.com.']
NS records for unxchina.com: ['dns28.hichina.com.', 'dns27.hichina.com.']
Does exist.
I think you need to visit your DNS portal and add the subdomain.
I may be wrong, but I am blind.
More info would help.
@Theodore, by "manually manage", do you mean "not have Certbot modify the nginx configuration for you automatically"?
The certbot certonly command tells Certbot not to attempt to install a new certificate. Some form of
certbot certonly --nginx
certbot certonly --webroot
certbot certonly --manual
might work well for you in this case. (The last option is not great because it can't renew certificates automatically, and would require you to re-run that command regularly in order to renew the certificates!)
Yes, that's exactly what I need!
But I found that snap seems to have set a timer to renew the certificate every three months. How can I find the command to regenerate the certificate and change it to certbot certonly --nginx not certbot --nginx
Thanks for the answer, I checked the DNS and it's working. I guess it's ChineseWall and I can't fix it
If the original command already succeeded, then certbot --nginx isn't going to do very much during later renewals (mostly just reload the nginx process following each renewal). So I'm not sure how necessary it would be to change it after the fact.
But if you want to do that, you can
(1) rerun the command (assuming it's late enough)
or
(2) use certbot reconfigure to change the configuration associated with the existing certificate
or
(3) manually edit the Certbot renewal configuration file (probably something like /etc/letsencrypt/renewal/www.unxchina.com.conf) and delete the line that reads installer = nginx.
In each of these cases, Certbot will no longer attempt to do anything installation-related when it renews that specific certificate in the future.
Thank you very much for your advice, it's very useful. I'll try to observe it for 3 months first to see if it will malfunction next time I renew it.