I’m using Certbot v0.21.1 (also tried latest certbot-auto, same issue). Trying to renew certificates for my domains I get an error message: “Could not automatically find a matching server block. Set the server_name directive to use the Nginx installer.” I have server_name defined and pointing to my domains in all of my server blocks in nginx config files.
Running nging -t command produces:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/basebit.studio.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for basebit.studio
tls-sni-01 challenge for waterlines.net
tls-sni-01 challenge for www.basebit.studio
tls-sni-01 challenge for www.waterlines.net
Cleaning up challenges
Attempting to renew cert (basebit.studio) from /etc/letsencrypt/renewal/basebit.studio.conf produced an unexpected error: Could not automatically find a matching server block. Set the `server_name` directive to use the Nginx installer.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/basebit.studio/fullchain.pem (failure)
-------------------------------------------------------------------------------
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/basebit.studio/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
-------------------------------------------------------------------------------
1 renew failure(s), 0 parse failure(s)
My web server is (include version):
Nginx v1.13.9
The operating system my web server runs on is (include version):
Debian v9.4
My hosting provider, if applicable, is:
Vultr
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No
How do you mean lookup my server name? (Any specific command I should run?)
Here is the excerpt from configs that defines server_name for basebit.studio:
server {
listen 80;
listen 443 ssl;
server_name www.basebit.studio;
ssl_certificate /etc/letsencrypt/live/basebit.studio/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/basebit.studio/privkey.pem;
# $scheme will get the http protocol
# and 301 is best practice for tablet, phone, desktop and seo
return 301 $scheme://basebit.studio$request_uri;
}
server {
listen 80;
server_name basebit.studio cdn.basebit.studio;
...
...
I guess certbot is confused by the fact that you have HTTP and HTTPS in one virtual host. The certbot autoinstaller probably isn’t going to work in this configuration. You may need to reissue your certificate with certbot certonly -a nginx if you want to keep this configuration.
@Patches Tried that command and it didn't work. I also tried splitting HTTP & HTTPS and it didn't work either.
Checking letsencrypt.log I've saw this line inside :
Could not parse file: /etc/nginx/nginx.conf due to Expected stringEnd (at char 154), (line:14, col:1)
It didn't make any sense to me as that line is just
http {
Then I started removing different parts of the http block and found out where certbot parser choked.
A commented out line inside one of a log_format definitions was causing problems. After removing that line certbot started working.
The problematic line: #'user_agent="$http_user_agent" '