Cannont renew Let's Encrypt certificate expiring tomorrow on ngnix server running on linux


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: https://ww.massagemeetup.net

I ran this command: sudo certbot renew

It produced this output: Processing /etc/letsencrypt/renewal/massagemeetup.net.conf

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for massagemeetup.net
tls-sni-01 challenge for www.massagemeetup.net
Cleaning up challenges
Attempting to renew cert (massagemeetup.net) from /etc/letsencrypt/renewal/massagemeetup.net.conf produced an unexpected error: Could not automatically find a matching server block. Set the server_name directive to use the Nginx installer… Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/massagemeetup.net/fullchain.pem (failure)


All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/massagemeetup.net/fullchain.pem (failure)

My web server is (include version): ngnix

The operating system my web server runs on is (include version): GNU/Linux 4.4.0-124-generic x86_64

My hosting provider, if applicable, is: Digital Ocean

I can login to a root shell on my machine (yes or no, or I don’t know): I don’t know

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no root login with Ubuntu


#2

Is there a matching server block?

Does “nginx -T” list it?

Has anything changed with the Nginx configuration since the certificate was issued?


#3

Thank you for your reply. I entered your command (apologies, I am a new Linux/nginx user, having used basic control panel before now) and received the following response:

configuration file /etc/nginx/sites-enabled/meetup:

server {
# listen on port 80 (http)
listen 80;
server_name _;
location / {
# redirect any requests to the same URL but on https
return 301 https://$host$request_uri;
}
}
server {
# listen on port 443 (https)
listen 443 ssl;
server_name _;

# location of the self-signed SSL certificate
ssl_certificate /etc/letsencrypt/live/massagemeetup.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/massagemeetup.net/privkey.pem;

# write access and error logs to /var/log
access_log /var/log/meetup_access.log;
error_log /var/log/meetup_error.log;

location / {
    # forward application requests to the gunicorn server
    proxy_pass http://localhost:8000;
    proxy_redirect off;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

location /static {
    # handle static files directly, without forwarding to the application
    alias /home/ikukuvision/meetup/static;
    expires 30d;
}

}


#4

Change that to “server_name massagemeetup.net www.massagemeetup.net;” in both server blocks, unless it will conflict with other ones.


#5

Are there any other sites?
Is there a default site?


#6

Just did this. VERIFIED ANSWER. Thank you kindly for your help


#7

No other sites. Thanks


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.