Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command:
root@email:/etc/nginx# certbot certonly --webroot -w /var/www/email.powersend.net/html -d email.powersend.net
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for email.powersend.net
Using the webroot path /var/www/email.powersend.net/html for all unmatched domains.
Waiting for verification…
Cleaning up challenges
IMPORTANT NOTES:
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/email.powersend.net/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/email.powersend.net/privkey.pem
Your cert will expire on 2018-09-10. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew all of your certificates, run
“certbot renew”
If you like Certbot, please consider supporting our work by:
The operating system my web server runs on is (include version):
ubuntu 16.04
My hosting provider, if applicable, is:
AWS EC2 virtual server
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
I have Webmin BUT I used command shell to install the certificates.
It looks like everything succeeded. But all my browsers say that the Certificate is invalid. What did I do wrong?
My domain is email.powersend.net. I wrote email.powersend.org by mistake in the question. BUT…I own both domains and both are having the same problem.
Thanks Steve. I ran the command certbot --nginx -d powersend.org -d www.powersend.org. It smartly recognized that I already had certs and asked if I wanted to Install or Renew. I selected Install. I then did the same thing for powersend.net and it worked fine. The browsers like the certificates.
BUT I also have 2 other different domains and websites for email.powersend.net and email.powersend.org. Those domains will also be used for Email Sending domains…so its important for them to be SSL.
So I ran certbot --nginx -d email.powersend.org and certbot --nginx -d email.powersend.org to accomplish that. Both ran successfully…but they are being rejected by the browsers.
Thanks JuergenAuer,
I cleaned up the host definitions of any extraneous lines and then ran the Certbot commands with --nginx and elected to replace the existing certs. This time I did NOT select to redirect from http to https. Now the Browsers are happy and the site navigation works fine.