Hi,
I have just set up certbot on by server, however i could not get the auto config --nginx to set up virtual host. The spec are as follow:
Ubuntu 16.04 LTS
Webserver: nginx/1.10.0
I have make sure that i symlink virtualhost config files from sites-available to sites-enabled
*Note: the I have configured port forwarding rule to forward connections from inbound 443 to localhost 4433.
The command that I ran is:
certbot --nginx --rsa-key-size 4096 -d example.com -d www.example.com -d drone.example.com
Here is the log
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Cert not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/example.com.conf)
What would you like to do?
-------------------------------------------------------------------------------
1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Keeping the existing certificate
Cannot find a cert or key directive in /etc/nginx/sites-enabled/example.com for set(['example.com', 'www.example.com']). VirtualHost was not modified.
IMPORTANT NOTES:
- Unable to install the certificate
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/example.com/fullchain.pem. Your cert will
expire on 2017-08-29. To obtain a new or tweaked version of this
certificate in the future, simply run certbot again with the
"certonly" option. To non-interactively renew *all* of your
certificates, run "certbot renew"
Virtual Host
example.com www.example.com
server {
listen 80;
server_name example.com www.example.com;
return 301 https://$host$request_uri;
}
server {
listen 127.0.0.1:4433 ssl http2;
server_name example.com www.example.com;
root /var/site/example.com;
include ssl-conf/example.com;
include ssl-conf/ssl-params;
}
Virtual Host
drone.example.com
server {
listen 80;
server_name drone.example.me;
return 301 https://$host$request_uri;
}
server {
listen 127.0.0.1:4433 ssl http2;
server_name drone.example.com;
root /var/site/drone.example.com;
include ssl-conf/example.com;
include ssl-conf/ssl-params;
}
ssl-conf/example.com
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl-conf/params
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
ssl_dhparam /etc/ssl/certs/dhparam.pem;