Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command:
certbot
It produced this output:
What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Keeping the existing certificate
Deploying Certificate to VirtualHost /etc/nginx/conf.d/wordpress_https.conf
nginx: [warn] conflicting server name "ottawakaraoke.com" on 0.0.0.0:443, ignored
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
No matching insecure server blocks listening on port 80 found.
nginx: [warn] conflicting server name "ottawakaraoke.com" on 0.0.0.0:443, ignored
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://ottawakaraoke.com
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=ottawakaraoke.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
My web server is (include version):
ubuntu 16
The operating system my web server runs on is (include version):
nginx
My hosting provider, if applicable, is:
secret company
I can login to a root shell on my machine (yes or no, or I don't know):
putty.exe
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
putty.exe
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Seems there is a bit mess on your nginx conf, your domain ottawakaraoke.com is using the cert issued to athena.ottawakaraoke.com and athena.ottawakaraoke.com is using the cert issued to ottawakaraoke.com
Could you please show us the output of these commands?
Attempting to parse the version 1.9.0 renewal configuration file found at /etc/letsencrypt/renewal/athena.ottawakaraoke.com.conf with version 0.31.0 of Certbot. This might not work.
Renewal configuration file /etc/letsencrypt/renewal/athena.ottawakaraoke.com.conf produced an unexpected error: expected /etc/letsencrypt/live/athena.ottawakaraoke.com/cert.pem to be a symlink. Skipping.
Renewal configuration file /etc/letsencrypt/renewal/athena1.ottawakaraoke.com.conf produced an unexpected error: expected /etc/letsencrypt/live/athena1.ottawakaraoke.com/cert.pem to be a symlink. Skipping.
Attempting to parse the version 1.9.0 renewal configuration file found at /etc/letsencrypt/renewal/help.ottawakaraoke.com.conf with version 0.31.0 of Certbot. This might not work.
Renewal configuration file /etc/letsencrypt/renewal/help.ottawakaraoke.com.conf produced an unexpected error: expected /etc/letsencrypt/live/help.ottawakaraoke.com/cert.pem to be a symlink. Skipping.
Attempting to parse the version 1.9.0 renewal configuration file found at /etc/letsencrypt/renewal/ottawakaraoke.com.conf with version 0.31.0 of Certbot. This might not work.
Renewal configuration file /etc/letsencrypt/renewal/ottawakaraoke.com.conf produced an unexpected error: expected /etc/letsencrypt/live/ottawakaraoke.com/cert.pem to be a symlink. Skipping.
Renewal configuration file /etc/letsencrypt/renewal/pallas.ottawakaraoke.com.conf produced an unexpected error: expected /etc/letsencrypt/live/pallas.ottawakaraoke.com/cert.pem to be a symlink. Skipping.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: ottawakaraoke.com-0001
Domains: ottawakaraoke.com athena.ottawakaraoke.com
Expiry Date: 2021-03-23 09:58:09+00:00 (VALID: 87 days)
Certificate Path: /etc/letsencrypt/live/ottawakaraoke.com-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/ottawakaraoke.com-0001/privkey.pem
Certificate Name: ottawakaraoke.com-0002
Domains: ottawakaraoke.com
Expiry Date: 2021-03-26 07:15:42+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/ottawakaraoke.com-0002/fullchain.pem
Private Key Path: /etc/letsencrypt/live/ottawakaraoke.com-0002/privkey.pem
The following renewal configurations were invalid:
/etc/letsencrypt/renewal/athena.ottawakaraoke.com.conf
/etc/letsencrypt/renewal/athena1.ottawakaraoke.com.conf
/etc/letsencrypt/renewal/help.ottawakaraoke.com.conf
/etc/letsencrypt/renewal/ottawakaraoke.com.conf
/etc/letsencrypt/renewal/pallas.ottawakaraoke.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
nginx: [warn] conflicting server name "ottawakaraoke.com" on 0.0.0.0:443, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
```````````````````
here is my conf file
upstream php-handler-https {
server 127.0.0.1:9000;
}
server {
listen 443 ssl default_server;
server_name ottawakaraoke.com;
#server_name wordpress.example.com;
ssl_certificate /etc/letsencrypt/live/ottawakaraoke.com-0002/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ottawakaraoke.com-0002/privkey.pem; # managed by Certbot
#Security Policy
add_header Content-Security-Policy "default-src 'none';
script-src 'self' 'unsafe-inline' 'unsafe-eval'
https://apis.google.com
www.google-analytics.com
*.googlesyndication.com
*.doubleclick.net
*.cloudflare.com
*.bootstrapcdn.com;
style-src 'self' 'unsafe-inline'
https://fonts.googleapis.com
*.bootstrapcdn.com;
img-src 'self' data:
www.google.com
www.google.fr
www.google-analytics.com
*.cloudflare.com
*.doubleclick.net;
font-src 'self'
https://fonts.googleapis.com
https://fonts.gstatic.com
*.bootstrapcdn.com;
connect-src 'self';
frame-src 'self' 'unsafe-inline'
*.doubleclick.net;
frame-ancestors 'none';
form-action 'none';
upgrade-insecure-requests;
block-all-mixed-content;
reflected-xss block;
base-uri 123run.com www.123run.com;
referrer no-referrer-when-downgrade";
# root /var/www/html/;
root /var/www/html/songportal.dev.ottawakaraoke.com/html/;
index index.html;
# set max upload size
client_max_body_size 2G;
fastcgi_buffers 64 4K;
access_log /var/log/nginx/wordpress_https_access.log combined;
error_log /var/log/nginx/wordpress_https_error.log;
I suppose that is part of the problem.
Again, certbot can't fix your nginx configuration.
You need to review your nginx configuration and get it working as you would like it to be.
Then you can run certbot.
[which should just work - but may still show problems related to those "missing" files.]
There are some obviously troubling things with this output:
both certs have one (overlapping) name.
both certs end with -000# (which means they were conflicting with yet another presumed now deleted cert.)
The entire config was requested:
Only a small part was shown.
If you can't show the entire config (as requested), maybe you can show this output: nginx -T | grep -Ei 'listen|root|server_name|cert|encrypt|virt|config|location'
Otherwise it will be quite difficult for anyone here to help you.
Judging by the file names, the first should only be listening to HTTP (port 80), but it is listening to 80 and 443.
Each [IP:PORT:FQDN] combination must be unique.
