Conflicting Server Name

cldhn · September 21, 2021, 10:41am

My domain is: matrixtesting.ml

Following this tutorial: Running your own secure communication service with Matrix and Jitsi | Matrix.org

I ran this command: certbot --nginx -d matrixtesting.ml -d matrix.matrixtesting.ml -d element.matrixtesting.ml

Got no errors, seemed to work fine, but expected when I went to matrix.matrixtesting.ml to get a note saying synapse was running. Went back into /etc/nginx/sites-enabled/matrix.matrixtesting.ml and realised that the line server_name matrix.matrixtesting.ml had a typo (rookie mistake I know)

Tried rerunning the command after fixing the typo and get
nginx: [warn] conflicting server name "matrix.matrixtesting.ml" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "matrix.matrixtesting.ml" on [::]:80, ignored

So how do I, what delete and redo the certificate? replace a line somewhere? idk

My web server is (include version): nginx 1.18.0

The operating system my web server runs on is (include version): ubuntu 20.04

My hosting provider, if applicable, is: aws

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.40.0

Osiris · September 21, 2021, 10:50am

Please show the entire output of the certbot command. The two lines you're showing now are warnings and may or may not be of influence. However, we can't know that as we don't have the rest of the output.

Further more, it seems you've successfully issued three certificates already, of which two are practically duplicates of each other: crt.sh | matrixtesting.ml Please don't issue duplicate certificates unnecessarily as it only increases load on the Let's Encrypt infrastructure and can lead to hitting rate limits.

Also, it seems https://matrix.matrixtesting.ml/ currently has the most recent certificate enabled and is secure. So not really sure what the issue is here to be honest.

cldhn · September 21, 2021, 11:11am

First time running command, no error, looks fine like I said

root@matrix:/etc/nginx/sites-enabled# certbot --nginx -d matrixtesting.ml -d matrix.matrixtesting.ml -d element.matrixtesting.ml
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: a

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: n
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for element.matrixtesting.ml
http-01 challenge for matrix.matrixtesting.ml
http-01 challenge for matrixtesting.ml
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/matrixtesting.ml
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/default
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/element.matrixtesting.ml

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/matrixtesting.ml
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/default
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/element.matrixtesting.ml

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://matrixtesting.ml,
https://matrix.matrixtesting.ml, and https://element.matrixtesting.ml

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=matrixtesting.ml
https://www.ssllabs.com/ssltest/analyze.html?d=matrix.matrixtesting.ml
https://www.ssllabs.com/ssltest/analyze.html?d=element.matrixtesting.ml
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/matrixtesting.ml/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/matrixtesting.ml/privkey.pem
   Your cert will expire on 2021-12-20. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Installed synapse after and expected it to be running on matrix.matrixtesting.ml (this is my matrix.matrixtesting.ml file in /etc/nginx/sites-enabled after typo is fixed where synapse should be listening on localhost:8008)

root@matrix:/etc/nginx/sites-enabled# cat matrix.matrixtesting.ml 
server {
	listen 80;
	listen [::]:80;

	server_name matrix.matrixtesting.ml;    \\ this line did have a typo in matrix.matrixtesting.ml when command run first time

	root /var/www/matrixtesting.ml;
        index index.html;

	location / {
		proxy_pass http://localhost:8008;
	}
}

However, because of the typo I'm assuming, I was still getting the Welcome to nginx page and not the synapse is running page.

Fixed the typo, tried to rerun the command and got the following, with certbot obviously complaining that there's existing certificates

root@matrix:/etc/nginx/sites-enabled# certbot --nginx -d matrixtesting.ml -d matrix.matrixtesting.ml -d element.matrixtesting.ml
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/matrixtesting.ml.conf)

What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Keeping the existing certificate
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/matrixtesting.ml
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/default
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/element.matrixtesting.ml
nginx: [warn] conflicting server name "matrix.matrixtesting.ml" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "matrix.matrixtesting.ml" on [::]:80, ignored

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Traffic on port 80 already redirecting to ssl in /etc/nginx/sites-enabled/matrixtesting.ml
Traffic on port 80 already redirecting to ssl in /etc/nginx/sites-enabled/default
Traffic on port 80 already redirecting to ssl in /etc/nginx/sites-enabled/element.matrixtesting.ml
nginx: [warn] conflicting server name "matrix.matrixtesting.ml" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "matrix.matrixtesting.ml" on [::]:80, ignored

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://matrixtesting.ml,
https://matrix.matrixtesting.ml, and https://element.matrixtesting.ml

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=matrixtesting.ml
https://www.ssllabs.com/ssltest/analyze.html?d=matrix.matrixtesting.ml
https://www.ssllabs.com/ssltest/analyze.html?d=element.matrixtesting.ml
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/matrixtesting.ml/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/matrixtesting.ml/privkey.pem
   Your cert will expire on 2021-12-20. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

So I'm getting a conflicting server name error, presumably because the server name was mistyped the first time

Apologies about the duplicates, I was just following the tutorial so not really sure how it works
Thanks for your time and help

cldhn · September 21, 2021, 1:04pm

So I guess my question is, how do I fix this to get rid of the warning and so the correct server name is used

rg305 · September 21, 2021, 4:32pm

Well that is an nginx configuration issue.
I'd start with the complete nginx configuration output.
[look for all occurrences of server_name]
Try:
sudo nginx -T

system · October 21, 2021, 4:32pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Failed authorization procedure Certbot with Nginx on Digital Ocean Dropplet Help	7	638	April 21, 2020
Nginx issue with Ubuntu Jitsi chat server Help	30	5485	March 19, 2022
Ports open but not seen by certbot Help	78	1666	May 26, 2022
Certbot Nginx fail reload Help	5	1106	September 14, 2020
Renewal problems - lots of confusion Help	4	477	September 22, 2020

Conflicting Server Name

Related topics