.conf Files and Nginx along with Certbot

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: lafayette-parish.com

I ran this command: sudo certbot --nginx

It produced this output: nginx restart failed: 2026/05/12 19:02:07 [emerg] 2407#2407: a duplicate listen 0.0.0.0:443 in /etc/nginx/conf.d/lafayette-parish.com.conf

My web server is (include version): linode? and/or nginx --version: 1.26.3

The operating system my web server runs on is (include version): Debian GNU/Linux Trixie

My hosting provider, if applicable, is: Linode and/or Akamai

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): sometimes/WSL2 Debian Trixie

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 5.6.0

Okay...

So, I write my nginx file in /etc/nginx/conf.d/ and then apply nginx -t and then the command nginx -s reload. Everything seems okay and then when applying the command sudo certbot --nginx, I receive this error mostly:

nginx restart failed:
2026/05/12 19:02:07 [emerg] 2407#2407: 
a duplicate listen 0.0.0.0:443 in /etc/nginx/conf.d/lafayette-parish.com.conf:12

Do I know how to fix it? No...

I have been working on this error for about a week and have new details on this webserver.

The one thing I changed is from Ubuntu to Debian and used some other firewall outside of ufw.

Please send guidance.

2

That is an unusual format for the listen.

Would you show output of this command? We can see all the places you have it

grep -R listen /etc/nginx
3 
/etc/nginx/conf.d/lafayette-parish.com.conf:    listen 443 default_server;
/etc/nginx/nginx.conf:#         listen     localhost:110;
/etc/nginx/nginx.conf:#         listen     localhost:143;
4

That listen statement is missing the ssl option.

Please show the contents of that conf file and we can verify what you are trying to do

5 
server {
        server_name lafayette-parish.com www.lafayette-parish.com;
        root    /var/www/lafayette-parish.com;
        index   home.html blogstar.html info.html ideas.html contact.html;

        gzip    on;
        gzip_comp_level    3;
        gzip_types    text/plain text/css application/javascript image/*;
        listen 443 default_server;
        http2 on;
}
6

Shouldn't that be listen 80 default_server; instead? That server block looks like a regular HTTP server block. And, HTTP standard port is 80.

After running certbot --nginx it will use a port 80 server block to make a server block for port 443 (with ssl) and the other lines needed for the cert and ssl options.

You get the duplicate listen error because you have one listen 443; for HTTP and Certbot adds one for ssl like listen 443 ssl;

7

Gotcha...and a-okay. Let me go and test.

8

@MikeMcQ ,

Okay. That worked. Beforehand, before the server change, this is what I did:

server {
    server_name lafayette-parish.com www.lafayette-parish.com;
    root    /var/www/lafayette-parish.com;
    index   home.html blogstar.html info.html ideas.html contact.html;

    gzip    on;
    gzip_comp_level    3;
    gzip_types    text/plain text/css application/javascript image/*;

    listen [::]:443 ssl http2 ipv6only=on; # managed by Certbot
    listen 443 ssl http2; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/lafayette-parish.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/lafayette-parish.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = www.lafayette-parish.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = lafayette-parish.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen    80 default_server;
    listen    [::]:80 default_server;
    server_name    lafayette-parish.com www.lafayette-parish.com;
    return 404; # managed by Certbot
}
9

@MikeMcQ ,

I must have had some poor notes on the subject. I took the current config and thought I could just add it back without certbot doing its thing and it would work.

I was wrong and my notes were incorrect. Thank you.