Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
retex.global
I ran this command:
sudo certbot certonly --manual --csr request_retex_global_prod_letsencrypt.csr --preferred-challenges http
It produced this output:
[ec2-user@dev ~]$ sudo certbot certonly --manual --csr request_retex_global_prod_letsencrypt.csr --preferred-challenges http
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Performing the following challenges:
http-01 challenge for retex.global
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.
Are you OK with your IP being logged?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Create a file containing just this data:
DyCDtEkeHUMQug4ShdpOsXGcXTfkHc6acLyItTupcyw.XCKy5btj1SgR87YkVlBbFDfPcpcIjdWGGZL3Ds7MuEY
And make it available on your web server at this URL:
http://retex.global/.well-known/acme-challenge/DyCDtEkeHUMQug4ShdpOsXGcXTfkHc6acLyItTupcyw
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
Waiting for verification...
Cleaning up challenges
Server issued certificate; certificate written to /home/ec2-user/0002_cert.pem
Cert chain written to <fdopen>
Cert chain written to <fdopen>
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/home/ec2-user/0005_chain.pem
Your cert will expire on 2019-06-01. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
My web server is (include version):
nginx version: nginx/1.12.1
The operating system my web server runs on is (include version):
NAME=“Amazon Linux AMI”
VERSION=“2017.09”
ID=“amzn”
ID_LIKE=“rhel fedora”
VERSION_ID=“2017.09”
PRETTY_NAME=“Amazon Linux AMI 2017.09”
ANSI_COLOR=“0;33”
CPE_NAME=“cpe:/o:amazon:linux:2017.09:ga”
HOME_URL=“http://aws.amazon.com/amazon-linux-ami/”
Amazon Linux AMI release 2017.09
My hosting provider, if applicable, is:
N/A
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.27.1
This is how I assign certificates to nginx
ssl_certificate /home/ec2-user/0005_chain.pem;
ssl_certificate_key /home/ec2-user/0002_cert.pem;
but I am getting the error message below
[ec2-user@mail ~]$ sudo nginx -t &&
sudo nginx -s reload
nginx: [emerg] SSL_CTX_use_PrivateKey_file("/home/ec2-user/0002_cert.pem") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: ANY PRIVATE KEY error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib)
nginx: configuration file /etc/nginx/nginx.conf test failed
Please advise