Certs and chain saved, but installation not completed - server_name

digeratus · October 12, 2018, 3:53pm

Ubuntu 16.04
Nginx

I followed the instructions here for the interactve install:

sudo certbot --nginx

I gave my email, etc and at the end I received a Congratulations prompt but with the error that the installation was not completed. The error was related to server_name missing from Nginx configuration. I have now fixed that and nginx -t passes.

My issue now is that I have the .pem files and everything else I need for the installation to finish. What’s not clear from the certbot documentation is what command to run to finalize the install after such an error. I’m afraid that if I run sudo certbot – nginx again, it will barf since I already have certs saved and chain.

Would it be safe to run certbot --nginx again or should it be some variation of it? If so, what?

Thanks in advance.

JuergenAuer · October 12, 2018, 4:12pm

Hi @digeratus

then change your config file:

http://nginx.org/en/docs/http/configuring_https_servers.html

server {
    listen              443 ssl;
    server_name         www.example.com;
    ssl_certificate     www.example.com.crt;
    ssl_certificate_key www.example.com.key;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;
    ...
}

But if you have only created one certificate (not 4 or 5), then you can run certbot --nginx again.

There is a rate limit, you can only create 5 certificates with the same domain name set in one week. But one or two certificates are ok.

Perhaps share your domain name or check it via

https://transparencyreport.google.com/https/certificates

PS: Moved to "Help"

digeratus · October 12, 2018, 4:26pm

Makes sense. Thanks. I try to change the nginx conf file first and if that doesn’t work then I’ll rerun the command. Thank you.

Osiris · October 12, 2018, 6:31pm

When you run certbot again with a valid certificate issued earlier, it will ask you if you just want to (re)install the cert or actually re-issue.

At least, the apache plugin works as such.

@digeratus just run the command again. Let certbot generate a SSL vhost. Don't fiddle with it yourself unless you have to.

digeratus · October 12, 2018, 6:32pm

Making the change to the nginx.conf file as suggested worked. Here’s an example that matches a little more closely what would be necessary to get this to work:

server {
    listen 443 ssl;
    server_name yourdomain.here www.yourdomain.here;
    root /var/www/demo;
    ssl_certificate /etc/letsencrypt/live/yourdomain.here/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/yourdomain.here/privkey.pem;
}

system · November 11, 2018, 6:32pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.