First: I restarted the machine, but nothing has changed
Second: I have only the default file defined into sites-available
and sites-enabled
How can I add/include this file in nginx -T
?
First: I restarted the machine, but nothing has changed
Second: I have only the default file defined into sites-available
and sites-enabled
How can I add/include this file in nginx -T
?
You already have this line in your nginx config. That should include anything in /sites-enabled/
The nginx -T
shows the current active nginx config. It does not look like your nginx is seeing that server conf file in sites-enabled. If it did it would show in -T and would also show in netstat command as listening on ports 80 and 443.
Please show:
ls -l /etc/nginx/sites-enabled
uh-oh! there is nothing there!
I'll try to ls
and let you know
I think you meant ln
. Example:
sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/
yes!!!
but the testing returns errors
sudo nginx -t
nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/pikeen.it/fullchain.pem": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/letsencrypt/live/pikeen.it/fullchain.pem, r) error:10000080:BIO routines::no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed
Let's check this again
sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: www.pikeen.it
Serial Number: 304d23382e4f96a69a418ff5abc488f31cb
Key Type: RSA
Domains: pikeen.it www.pikeen.it
Expiry Date: 2022-11-03 15:24:40+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/www.pikeen.it/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.pikeen.it/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Ah. nginx is looking for cert named pikeen.it
but your current one is the www name.
Let's look at nginx -T again and make sure we change the right things. Same as before with the backticks.
sudo nginx -T
nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/pikeen.it/fullchain.pem": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/letsencrypt/live/pikeen.it/fullchain.pem, r) error:10000080:BIO routines::no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed
So, I tried to add the missing certificate: worst
sudo certbot --nginx -d pikeen.it
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running nginx -c /etc/nginx/nginx.conf -t.
nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/pikeen.it/fullchain.pem": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/letsencrypt/live/pikeen.it/fullchain.pem, r) error:10000080:BIO routines::no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed
The nginx plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError('Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] cannot load certificate "/etc/letsencrypt/live/pikeen.it/fullchain.pem": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/letsencrypt/live/pikeen.it/fullchain.pem, r) error:10000080:BIO routines::no such file)\nnginx: configuration file /etc/nginx/nginx.conf test failed\n')
Can you show the contents of the file(s) in /sites-enabled/ ? We'll just modify them by hand
# Default server configuration
#
server {
server_name www.pikeen.it pikeen.it; # managed by Certbot
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:3000;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/pikeen.it/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/pikeen.it/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.pikeen.it) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = pikeen.it) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name www.pikeen.it pikeen.it;
return 404; # managed by Certbot
}
Change above two lines to this (just adding www in front of pikeen.it
)
ssl_certificate /etc/letsencrypt/live/www.pikeen.it/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.pikeen.it/privkey.pem; # managed by Certbot
Then, just show result of nginx -t but do not run certbot yet !
here it is:
server {
server_name www.pikeen.it pikeen.it; # managed by Certbot
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:3000;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.pikeen.it/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.pikeen.it/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.pikeen.it) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = pikeen.it) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name www.pikeen.it pikeen.it;
return 404; # managed by Certbot
}
Is nginx -t
successful?
You tried to get a new certificate where instead you need to reconfigure your nginx to use the already existing certificate.
As @MikeMcQ already has instructed you patiently I see
yes, it is.
Good. So, do
sudo systemctl restart nginx
Yes you are right, but I should request a new certificate anYway or not?
And yes, @MikeMcQ is driving me step by step, with infinite patience.