Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: codamarieart.com and www.codamarieart.com

I ran this command: sudo certbot --nginx -d codamarieart.com -d www.codamarieart.com

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for codamarieart.com and www.codamarieart.com

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/codamarieart.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/codamarieart.com/privkey.pem
This certificate expires on 2024-06-30.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Could not install certificate

NEXT STEPS:
- The certificate was saved, but could not be installed (installer: nginx). After fixing the error shown below, try installing it again by running:
  certbot install --cert-name codamarieart.com

Could not automatically find a matching server block for codamarieart.com. Set the `server_name` directive to use the Nginx installer.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): nginx version: nginx/1.24.0

The operating system my web server runs on is (include version):

[ec2-user@ip-172-31-9-184 sites-enabled]$ cat /etc/os-release 
NAME="Amazon Linux"
VERSION="2023"
ID="amzn"
ID_LIKE="fedora"
VERSION_ID="2023"
PLATFORM_ID="platform:al2023"
PRETTY_NAME="Amazon Linux 2023.4.20240319"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2023"
HOME_URL="https://aws.amazon.com/linux/amazon-linux-2023/"
DOCUMENTATION_URL="https://docs.aws.amazon.com/linux/"
SUPPORT_URL="https://aws.amazon.com/premiumsupport/"
BUG_REPORT_URL="https://github.com/amazonlinux/amazon-linux-2023"
VENDOR_NAME="AWS"
VENDOR_URL="https://aws.amazon.com/"
SUPPORT_END="2028-03-15"

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.6.0

I have created a server block portfolio-v2 at /etc/nginx/available-sites/portfolio-v2 and also created a sym link at /etc/nginx/available-enabled

The contents of the server block in /etc/nginx/available-sites/portfolio-v2 are:

server {
    listen 80;
    listen [::]:80;
    server_name codamarieart.com www.codamarieart.com;

    # Your existing location and proxy settings
    location / {
        proxy_pass http://localhost:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    location ^~ /.well-known/acme-challenge/ {
        root /var/www/html;
        default_type "text/plain";
    }

    # SSL configuration
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/codamarieart.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/codamarieart.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

That file contains three listen statements:

That is problematic.

Ok thanks.

I now only have the one listen statement listen 80;

I saved the server config file, reloaded nginx and ran sudo certbot --nginx -d codamarieart.com -d www.codamarieart.com but im still getting the same error:

Could not automatically find a matching server block for codamarieart.com. Set the `server_name` directive to use the Nginx installer.

That file uses:

Those are used for TLS/SSL.
That file should NOT be using 80, it should only be using 443.

Supplemental information, presently I see Port 80 open and Port 443 closed.

$ nmap -Pn -p80,443 codamarieart.com
Starting Nmap 7.80 ( https://nmap.org ) at 2024-04-02 01:21 UTC
Nmap scan report for codamarieart.com (18.189.185.230)
Host is up (0.081s latency).
rDNS record for 18.189.185.230: ec2-18-189-185-230.us-east-2.compute.amazonaws.com

PORT    STATE  SERVICE
80/tcp  open   http
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 0.32 seconds

What shows?:

nginx -T

Thanks for this.
I didnt know about nmap so have installed it and using it now.

I am checking the Security Group associated with this EC2 instance to make sure it allows inbound traffic on port 443. Im not exactly sure how to open the 443 port, this is all I can see

Screenshot at Apr 02 12-37-391590×232 22.3 KB

That looks normal for port 80 and 443.

Unstated [but implied]: That doesn't look normal for port 22.

This is my updated server config

server {
    listen 443;
    server_name codamarieart.com www.codamarieart.com;

    # Your existing location and proxy settings
    location / {
        proxy_pass http://localhost:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    location ^~ /.well-known/acme-challenge/ {
        root /var/www/html;
        default_type "text/plain";
    }

    # SSL configuration
    ssl_certificate /etc/letsencrypt/live/codamarieart.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/codamarieart.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

This is the output of nginx -T

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    keepalive_timeout   65;
    types_hash_max_size 4096;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
        listen       80;
        listen       [::]:80;
        server_name  _;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        error_page 404 /404.html;
        location = /404.html {
        }

        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        }
    }

# Settings for a TLS enabled server.
#
#    server {
#        listen       443 ssl http2;
#        listen       [::]:443 ssl http2;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        ssl_certificate "/etc/pki/nginx/server.crt";
#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
#        ssl_session_cache shared:SSL:1m;
#        ssl_session_timeout  10m;
#        ssl_ciphers PROFILE=SYSTEM;
#        ssl_prefer_server_ciphers on;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        error_page 404 /404.html;
#        location = /404.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#        location = /50x.html {
#        }
#    }

}

I personally don't allow everyone to get through port 22 but it is not technically wrong. And, it isn't related to Let's Encrypt so didn't want to go there

The complete nginx configuration [nginx -T] knows nothing about the file:

You have not included your available-enabled folder config files so nginx does not know about your port 443 server block which is there.

Also, it would be better to make a dedicated server block for port 80 and those domain name. Keep your existing one with server_name _; as the default

But add another one with these domain names

Two issues:

• the included files all end with .conf
• the included folder is /conf.d/ [not /available-sites/ | /available-enabled/]
  [which appears to be a spin-off of /sites-available/ - used mainly by Apache]

Also, this is entered within a server block:

Given: There don't seem to be any files located there - but nonetheless it is terribly bad form.

Ok, thanks.

This is my first time trying to do this. So have been following a few tutorials on how to do it and all gave those directories to create the server config in /sites-available/ then symlink it to /sites-enabled/

Ill change the directories.

Do you have any links with the proper information that will guide me through this?

The directory names are of no real consequence.
You must:

• include the directory you make
• name the files [sym-links] according to the include statement used

ok thanks for that. Iv added the correct symlink to the include statement

server {
	listen       80;
        listen       [::]:80;
        server_name  _;
        root         /usr/share/nginx/html;

       	# Load configuration files for the default server block.
       	include /etc/nginx/sites-enabled/portfolio-v2.conf;

        error_page 404 /404.html;
        location = /404.html {
        }

	error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        }
    }

When i try to reload nginx i get errors:

Apr 02 02:11:19 ip-172-31-9-184.us-east-2.compute.internal systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
Apr 02 02:11:19 ip-172-31-9-184.us-east-2.compute.internal systemd[1]: Reload failed for nginx.service - The nginx HTTP and reverse proxy server.
Apr 02 02:11:32 ip-172-31-9-184.us-east-2.compute.internal systemd[1]: Reloading nginx.service - The nginx HTTP and reverse proxy server...
Apr 02 02:11:32 ip-172-31-9-184.us-east-2.compute.internal nginx[39896]: nginx: [emerg] invalid number of arguments in "include" directive in /etc/nginx/nginx.conf:46
Apr 02 02:11:32 ip-172-31-9-184.us-east-2.compute.internal systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
Apr 02 02:11:32 ip-172-31-9-184.us-east-2.compute.internal systemd[1]: Reload failed for nginx.service - The nginx HTTP and reverse proxy server.
Apr 02 02:17:03 ip-172-31-9-184.us-east-2.compute.internal systemd[1]: Reloading nginx.service - The nginx HTTP and reverse proxy server...
Apr 02 02:17:03 ip-172-31-9-184.us-east-2.compute.internal nginx[40102]: nginx: [emerg] "server" directive is not allowed here in /etc/nginx/sites-enabled/portfolio-v2.conf:1
Apr 02 02:17:03 ip-172-31-9-184.us-east-2.compute.internal systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
Apr 02 02:17:03 ip-172-31-9-184.us-east-2.compute.internal systemd[1]: Reload failed for nginx.service - The nginx HTTP and reverse proxy server.

You can't include a file with a server block within a server block:

As previously mentioned:

What does line 46 in your nginx.conf look like?