I have tried many different alternatives to get the certificate updated. I have gone to manual to try and identify the issue. It seems like LetsEncrypt is not able to read the file because my server is forcing things to https but I can't figure out how.
I have tried a couple different domains on the same server and they all have the same problem.
The certificates were updating automatically but that stopped.
I ran this command:
certbot certonly -a manual -d externs.com
It produced this output:
I have tried many different alternatives. I have gone to manual to try and identify the issue. It seems like LetsEncrypt is not able to read the file because the server is forcing things to https but I can't figure out how. The file works fine
FYI, I just completed the process of renewing a certificate for another domain on the server that had a current good certificate (the issue from my original comment is for a domain where the certificate expired). That processed worked (when I did it manually, like I did for the example above).
I have been working on this for several hours and have a couple domains that are failing (that each have the cert expired). That one I just tried that didn't have an expired cert worked. I am trying another one with an active cert to see what happens.
Thanks I don't use IPv6 at all (as far as I know). There are AAAA records for it on the domain record. It doesn't appear to be totally straight forward how to "turn off" IPv6 for the domain? So it may take me some time to figure out how to do that.
That is what I was going to try but the host says that isn't possible? So trying to figure out what that means... Maybe they automatically recreate it if you remove it... I know I never added any IPv6 stuff; they just did it themselves.
Yes, so I deleted the AAAA IPv6 records.
It did let me manually update the cert.
I guess I need to restart the webserver for the updated certs to show up. I am a bit worried as there are things I don't understand. Such as unfindable sites-available/sites-enabled. And sudo nginx -T >config.txt failing
nginx: [emerg] open() "/etc/nginx/nginx.conf" failed (2: No such file or directory)
nginx: configuration file /etc/nginx/nginx.conf test failed
(but right now the webserver is actually serving pages...). I am a bit worried a restart will fail... and then I am in worse shape
Yes, you need to at least reload nginx to pickup new cert. And, I see your new cert in the public logs but it only has the root name. In the past your cert had the root and the www subdomain so you probably should get a fresh one with both names.
service nginx reload and alternative wording options fail. It is saying nginx "nginx.service is not active, cannot reload."
But the websites are being served (and I can see nginx in top) so it must be active. I don't have the mental energy to keep up with this today. I will try again tomorrow. If anyone has suggestions please let me know. I want to avoid breaking all the sites in case somehow nginx is working now but will fail on restart (nginx -T also fails "[emerg] open() "/etc/nginx/nginx.conf" failed (2: No such file or directory)" - which doesn't make much sense as it is running now...
I found my sites-available/sites-enabled files. They are in the /opt/nginx/conf folder. I don't understand why the server is working fine now (indicating that things are running fine and setup properly). But then when I try nginx -T it fails as noted above.
I have tried reload and it fails.
"nginx.service is not active, cannot reload."
I guess it is in some kind of "loaded" status but is messed up somehow. Because the websites are all being servered (so ngnix has to be running).
> sudo systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code)
I am a bit paranoid about trying to stop and restart because the "test" is indicating it will fail. Any suggestions would be greatly appreciated.
I will probably try now copying the file to /etc/nginx/nginx.conf
But that seems odd as it has been at this location /opt/nginx/conf/nginx.conf and things have been working fine so I am a bit worried things will somehow get gummed up. But at least if I can get nginx -T to succeed I will be less worried about restarting.