Certbot cant Deploying Certificate

My domain is:
yueole.club

I ran this command:
certbot --nginx

It produced this output:
Deploying Certificate to VirtualHost /etc/nginx/conf.d/yueole.club.conf
nginx: [emerg] host not found in “None” of the “listen” directive in /etc/nginx/conf.d/yueole.club.conf:9
Rolling back to previous server configuration…
nginx restart failed
In letsencrypt.log -
server {
server_name
yueole.club
;
listen 80;
root /var/www/yueole.club;
index index.html;

listen None ssl; # managed by Certbot

My web server is (include version):
nginx/1.14.1
The operating system my web server runs on is (include version):
centos 7
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.39.0

Config file of domain -
server {
server_name
yueole.club
;
listen 80;
root /var/www/yueole.club;
index index.html;
}

Hi @Alexe

checking your domain there are new certificates - https://check-your-website.server-daten.de/?q=yueole.club

Issuer not before not after Domain names LE-Duplicate next LE
Let's Encrypt Authority X3 2019-11-13 2020-02-11 yueole.club - 1 entries duplicate nr. 1
Let's Encrypt Authority X3 2019-11-13 2020-02-11 yuelza.club, yuemne.club, yueole.club, yuetre.club, yueyuezare.club - 5 entries duplicate nr. 1
CloudFlare Inc ECC CA-2 2019-11-08 2020-10-09 *.yueole.club, sni.cloudflaressl.com, yueole.club - 3 entries

And curious redirects:

Domainname Http-Status redirect Sec. G
http://yueole.club/ 142.93.104.175 200 Html is minified: 100,00 % 0.047 H
https://yueole.club/ 142.93.104.175 302 doorkind.club - This website is for sale! - cloud server monitoring Resources and Information. 3.436 N
Certificate error: RemoteCertificateNameMismatch
doorkind.club - This website is for sale! - cloud server monitoring Resources and Information. 302 jojeklapr.pro 3.984 B
jojeklapr.pro GZip used - 6708 / 33292 - 79,85 % Inline-JavaScript (∑/total): 7/5100 Inline-CSS (∑/total): 2/675 200 Html is minified: 174,30 % 5.514 I
http://yueole.club/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 142.93.104.175 GZip used - 131 / 169 - 22,49 % Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0 404 Html is minified: 109,03 % 0.047 A

That

looks wrong, should be one line

server {
listen 80;
server_name yueole.club;

...
}

And Listen None ssl??? Looks completely wrong, remove that line.

Change that, restart nginx, then

nginx -T

Thanks for your reply.
The result of the command is
# configuration file /etc/nginx/conf.d/yueole.club.conf:
server {
listen 80;
server_name yueole.club;
root /var/www/yueole.club;
index index.html;
}

Then im execute certbot --nginx , result -
Keeping the existing certificate
Deploying Certificate to VirtualHost /etc/nginx/conf.d/yueole.club.conf
nginx: [emerg] host not found in “None” of the “listen” directive in /etc/nginx/conf.d/yueole.club.conf:7
Rolling back to previous server configuration…
nginx restart failed:
IMPORTANT NOTES:

    • We were unable to install your certificate, however, we*
  • successfully restored your server to its prior configuration.*

And Listen None ssl ??? Looks completely wrong, remove that line.

this is a record from letsencrypt.log.

The thing is that the Certbot inserts a record into my config file with None instead of 443, and then rolls back the configuration to the original

That's curious.

Same error, if you run

certbot --reinstall -i nginx -d yueole.club

?

Certbot should find the certificate and should try to install it again.

What happens, if you remove the 443 port vHost with that domain name, so Certbot should create a new? (PS: First make a backup of these config files).

certbot --reinstall -i nginx -d yueole.club
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?


1: Nginx Web Server plugin (nginx)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)


Select the appropriate number [1-3] then [enter] (press ‘c’ to cancel): 1
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Cert not yet due for renewal
Keeping the existing certificate
Deploying Certificate to VirtualHost /etc/nginx/conf.d/yueole.club.conf
nginx: [emerg] host not found in “None” of the “listen” directive in /etc/nginx/conf.d/yueole.club.conf:7
Rolling back to previous server configuration…

Unfortunately, the result is the same.

There are no 443 ports in the current configuration file.
If you assemble the config with your hands with a certificate and 443 port, then everything, of course, works, and the nginx -t doesn’t give any errors (although it still doesn’t give any errors)

I think having the name on a separate line may have thrown certbot into confusion, thus creating:

And it was all downhill from there...

Hi, @rg305,
thanks for the answer
But I tried in different variations, both in one line, and with transfer.
The result is always one

OK many things have changed.
What is the current config(s) and current error message(s)?

current config is -
# configuration file /etc/nginx/conf.d/yueole.club.conf:
server {
listen 80;
server_name yueole.club;
root /var/www/yueole.club;
index index.html;
}

Current error message -
Deploying Certificate to VirtualHost /etc/nginx/conf.d/yueole.club.conf
nginx: [emerg] host not found in “None” of the “listen” directive in /etc/nginx/conf.d/yueole.club.conf:7
Rolling back to previous server configuration…
nginx restart failed:

And error in the logfile - /var/log/letsencrypt/letsencrypt.log-

2019-11-13 14:03:09,295:DEBUG:certbot_nginx.parser:Writing nginx conf tree to /etc/nginx/conf.d/yueole.club.conf:
server {
listen 80;
server_name yueole.club;
root /var/www/yueole.club;
index index.html;

  • listen None ssl; # managed by Certbot*
  • ssl_certificate /etc/letsencrypt/live/yueole.club/fullchain.pem; # managed by Certbot*
  • ssl_certificate_key /etc/letsencrypt/live/yueole.club/privkey.pem; # managed by Certbot*
  • include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot*
  • ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot*

}

2019-11-13 14:03:09,439:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):

  • File “/usr/lib/python2.7/site-packages/certbot/client.py”, line 517, in deploy_certificate*
  • self.installer.restart()*
  • File “/usr/lib/python2.7/site-packages/certbot_nginx/configurator.py”, line 859, in restart*
  • nginx_restart(self.conf(‘ctl’), self.nginx_conf)*
  • File “/usr/lib/python2.7/site-packages/certbot_nginx/configurator.py”, line 1119, in nginx_restart*
  • “nginx restart failed:\n%s\n%s” % (out.read(), err.read()))*
    MisconfigurationError: nginx restart failed:

please show:
/etc/nginx/nginx.conf

Yes. If you’re able to provide the nginx configuration necessary to reproduce this problem, we’d love to have it!

Sorry for the long answer

There is a full nginx.conf -

/etc/nginx/nginx.conf

user apache;
worker_processes auto;
worker_rlimit_nofile 65535;

error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;

load_module modules/ngx_http_geoip_module.so;
load_module modules/ngx_stream_geoip_module.so;

events {
worker_connections 16000;
multi_accept on;
use epoll;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

log_format  main  '$remote_addr - $http_cf_connecting_ip - $http_x_forwarded_for - $host - $remote_user [$time_local] "$request" '
                  '$status $request_time $body_bytes_sent "$http_referer" '
                  '"$http_user_agent"';
                  
log_format  elk   '$http_cf_connecting_ip $host [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent"';

access_log  /var/log/nginx/access.log  elk;

sendfile    on;
tcp_nopush  on;
tcp_nodelay on;

client_body_buffer_size 10K;
client_header_buffer_size 1k;
client_max_body_size 8m;
large_client_header_buffers 2 24k;
client_body_timeout 10;
client_header_timeout 10;
reset_timedout_connection on;
keepalive_timeout  65;
keepalive_requests 500;
send_timeout 5;
open_file_cache max=10000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;


gzip  on;
gzip_comp_level 5;
gzip_disable "msie6";
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript;

limit_req_zone $binary_remote_addr zone=one:50m rate=600r/m;

expires map

map $sent_http_content_type $expires {
default off;
text/html epoch;
text/css max;
application/javascript max;
~image/ max;
}

geoip_country /etc/nginx/geoip/GeoIP.dat;
geoip_city /etc/nginx/geoip/GeoLiteCity.dat;

set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2c0f:f248::/32;
set_real_ip_from 2a06:98c0::/29;
real_ip_header CF-Connecting-IP;

include /etc/nginx/conf.d/*.conf;

}

I don’t anything wrong there…
Please show:
ls -l /etc/nginx/conf.d/

I have there 32 file configs of the same type.

For example:

4 -rw-r–r-- 1 root root 2082 Nov 13 09:41 yuelza.club.conf
4 -rw-r–r-- 1 root root 2082 Nov 13 09:30 yuemne.club.conf
4 -rw-r–r-- 1 root root 92 Nov 13 12:04 yueole.club.conf
4 -rw-r–r-- 1 root root 1980 Nov 13 11:17 yueole.club.conf_orig

Unfortunately, I have to collect it with my hands, because no time left to tackle the issue. If you can solve the issue, unsubscribe here.
Thank you very much for your help.

If you could post the entire config somewhere would be great
nginx -T

Otherwise please show:

grep -Ei 'virtual|servername|listen|ssl_cert|default|80|443|return|rewri|location|acme' /etc/nginx/conf.d/*.conf

There is my result nginx -T -

@Alexe, thanks, but unfortunately that file is no longer available.

@Alexe, do you have a cli.ini or other Certbot configuration file?

Hello, link is avalible now - https://yadi.sk/d/yz0nDH0Lz1xtjg

No, not a single ini file inside /etc/letsencrypt/ folder

You have many multiple line server_name definitions:
I would change them all to either
one single line:
server_name name1 name2 name3 name4;
multiple lines:
server_name name1;
server_name name2;
server_name name3;
server_name name4;

# configuration file /etc/nginx/conf.d/act-kind.xyz.conf:
server_name
act-kind.xyz;
server_name
act-kind.xyz
;

# configuration file /etc/letsencrypt/options-ssl-nginx.conf:
server_name
admin.daymy.pro
;
server_name
admin.daymy.pro
;

# configuration file /etc/nginx/conf.d/admin.weekpaper.club.conf:
server_name
admin.weekpaper.club
;
server_name
admin.weekpaper.club
;

# configuration file /etc/nginx/conf.d/daymy.pro.conf:
server_name
daymy.pro
;

# configuration file /etc/nginx/conf.d/default.conf:
server_name
127.0.0.1
localhost
142.93.104.175
;

# configuration file /etc/nginx/conf.d/genius68.ru.conf:
server_name
genius68.ru
;

# configuration file /etc/nginx/conf.d/hehrtamz.pro.conf:
server_name
hehrtamz.pro
;
server_name
hehrtamz.pro
;

# configuration file /etc/nginx/conf.d/hot-new24.live.conf:
server_name
hot-news24.live
;

# configuration file /etc/nginx/conf.d/image1.wertalks.pro.conf:
server_name
image1.wertalks.pro
;
server_name
image1.wertalks.pro
;

# configuration file /etc/nginx/conf.d/image2.wertalks.pro.conf:
server_name
image2.wertalks.pro
;
server_name
image2.wertalks.pro
;

# configuration file /etc/nginx/conf.d/meonenews.club.conf:
server_name
meonenews.club
;

# configuration file /etc/nginx/conf.d/news.week-news.club.conf:
server_name
news.week-news.club
;

# configuration file /etc/nginx/conf.d/newsmeone.club.conf:
server_name
newsmeone.club
;

# configuration file /etc/nginx/conf.d/newsweek.club.conf:
server_name
newsweek.club
;

# configuration file /etc/nginx/conf.d/ninretopl.pro.conf:
server {
server_name
ninretopl.pro
;
server_name
ninretopl.pro
;

# configuration file /etc/nginx/conf.d/prokls.conf:
server_name
24-news.pro
24-today.ru
today-24.online
;

# configuration file /etc/nginx/conf.d/styles.wertalks.pro.conf:
server_name
styles.wertalks.pro
;
server_name
styles.wertalks.pro
;

# configuration file /etc/nginx/conf.d/trezkla.pro.conf:
server_name
trezkla.pro
;
server_name
trezkla.pro
;

# configuration file /etc/nginx/conf.d/uloulo.club.conf:
server_name
uloulo.club
;

# configuration file /etc/nginx/conf.d/v2vitrina.conf:
server_name
weekpaper.club
break-news24.world
hot-news24.club
break-news24.club
kakerlp.pro
nanertamzo.pro
treplokz.pro
hehamazne.pro
jojeklapr.pro
wertalks.pro
troplamna.pro
24-live.online
week-24.ru
24-week.online
24-week.ru
24today.online
24week.online
break24.ru
live-24.online
24break.ru
news-24.online
24-live.ru
week7.pro
day24.pro
week24.pro
myweek.pro
newsmy.pro
myday.pro
daynews.pro
day-my.pro
daysun.pro
parking.weekpaper.club
week-break.club
today-week.club
news-today.club
break-news.club
break-week.club
news-break.pro
break-today.club
today-break.club
break-today.pro
today-break.pro
trenhz.club
nmkle.club
plalza.club
mneole.club
nhzmne.club
plaulo.club
yuetre.club
olemne.club
treulo.club
;

# configuration file /etc/nginx/conf.d/week-news24.conf:
server_name
news24forme.ru
week-news24.ru
deedwork.xyz
act-play.xyz
deedmove.xyz
onlydeed.xyz
kind-act.xyz
test.new24you.info
week-news.club
week-news.live
1q0.ru
88008.ru
week24.ru
today-24.ru
today24.online
break-24.ru
;

# configuration file /etc/nginx/conf.d/yuelza.club.conf:
server_name
yuelza.club
;

# configuration file /etc/nginx/conf.d/yuemne.club.conf:
server_name
yuemne.club
;