Could not automatically find a matching server block

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: staging.obakr.com (currently in order to access it http://staging.obakr.com:3000/)

I ran this command: sudo certbot --nginx -d staging.obakr.com

It produced this output:

What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Attempt to reinstall this existing certificate
2: Renew & replace the certificate (may be subject to CA rate limits)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Deploying certificate
Could not install certificate

NEXT STEPS:
- The certificate was saved, but could not be installed (installer: nginx). After fixing the error shown below, try installing it again by running:
  certbot install --cert-name staging.obakr.com

Could not automatically find a matching server block for staging.obakr.com. Set the `server_name` directive to use the Nginx installer.

My web server is (include version): nginx/1.24.0

The operating system my web server runs on is (include version): Amazon Linux 2023.4.20240611 (AWS EC2 instance)

My hosting provider, if applicable, is: AWS Route 53

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.6.0

this is my nginx configuration files in sites available

/etc/nginx/sites-available/staging.obakr.com

server {
    listen 80;
    listen [::]:80;
    server_name staging.obakr.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name staging.obakr.com;

    ssl_certificate /etc/letsencrypt/live/staging.obakr.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/staging.obakr.com/privkey.pem;

    location / {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

I've already created a symlink in sites-enabled. and ran command sudo ngnix -t

and I got these results

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

and reloaded the nginx server, but still got the same error. I don't know what to do, Can you help me, please?

I'm hosting my domain on AWS Route 53 (The main domain I purchased is obakr.com, and I'm using AWS EC2 to host my web app (Nextjs)

Welcome to the community @omarbakr2020

Please check the entire output of: sudo nginx -T
With an uppercase T. It will show the entire active nginx config

Your sites-available file looks good. And if it was properly getting picked up from sites-enabled it should have worked. I suspect something not quite right with the name of the symlink and/or the include statement in the main nginx config. Perhaps the include is only for .conf files but your file does not have a .conf extension maybe.

If you can't see what is causing this problem, please show the entire nginx -T output. Thanks

3 Likes

Thanks for the help @MikeMcQ

Here's the output for nginx -T completely

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    keepalive_timeout   65;
    types_hash_max_size 4096;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
        listen       80;
        listen       [::]:80;
        server_name  _;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        error_page 404 /404.html;
        location = /404.html {
        }

        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        }
    }

# Settings for a TLS enabled server.
#
#    server {
#        listen       443 ssl http2;
#        listen       [::]:443 ssl http2;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        ssl_certificate "/etc/pki/nginx/server.crt";
#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
#        ssl_session_cache shared:SSL:1m;
#        ssl_session_timeout  10m;
#        ssl_ciphers PROFILE=SYSTEM;
#        ssl_prefer_server_ciphers on;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        error_page 404 /404.html;
#        location = /404.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#        location = /50x.html {
#        }
#    }

}


# configuration file /etc/nginx/mime.types:
types {
application/A2L					a2l;
application/AML					aml;
application/andrew-inset			ez;
application/ATF					atf;
application/ATFX				atfx;
application/ATXML				atxml;
application/atom+xml				atom;
application/atomcat+xml				atomcat;
application/atomdeleted+xml			atomdeleted;
application/atomsvc+xml				atomsvc;
application/atsc-dwd+xml			dwd;
application/atsc-held+xml			held;
application/atsc-rsat+xml			rsat;
application/auth-policy+xml			apxml;
application/bacnet-xdd+zip			xdd;
application/calendar+xml			xcs;
application/cbor				cbor;
application/cccex				c3ex;
application/ccmp+xml				ccmp;
application/ccxml+xml				ccxml;
application/CDFX+XML				cdfx;
application/cdmi-capability			cdmia;
application/cdmi-container			cdmic;
application/cdmi-domain				cdmid;
application/cdmi-object				cdmio;
application/cdmi-queue				cdmiq;
application/CEA					cea;
application/cellml+xml				cellml cml;
application/clue_info+xml			clue;
application/cms					cmsc;
application/cpl+xml				cpl;
application/csrattrs				csrattrs;
application/dash+xml				mpd;
application/dashdelta				mpdd;
application/davmount+xml			davmount;
application/DCD					dcd;
application/dicom				dcm;
application/DII					dii;
application/DIT					dit;
application/dskpp+xml				xmls;
application/dssc+der				dssc;
application/dssc+xml				xdssc;
application/dvcs				dvc;
application/ecmascript				es;
application/efi					efi;
application/emma+xml				emma;
application/emotionml+xml			emotionml;
application/epub+zip				epub;
application/exi					exi;
application/fastinfoset				finf;
application/fdt+xml				fdt;
application/font-tdpfr				pfr;
application/geo+json				geojson;
application/geopackage+sqlite3			gpkg;
etc........

You don't have an include statement for the sites-enabled folder. That is why you don't see the server block in your first post in the full active nginx config from the -T command.

So, right after the above add something like:

include /etc/nginx/sites-enabled/*.conf;

Then, change the name of your file in sites-available to have a .conf extension. And, remake the symlink in sites-enabled so it also has the .conf extension

The .conf file extension is not required but very common. And, helps avoid errors if stray files end up in the sites-enabled folder (like .bak, .txt or similar files).

3 Likes

@MikeMcQ I did all of that, but nginx test has failed.

[ec2-user@ip-172-31-12-188 ~]$ mv /etc/nginx/sites-available/staging.obakr.com /etc/nginx/sites-available/staging.obakr.com.conf
mv: cannot move '/etc/nginx/sites-available/staging.obakr.com' to '/etc/nginx/sites-available/staging.obakr.com.conf': Permission denied
[ec2-user@ip-172-31-12-188 ~]$ sudo mv /etc/nginx/sites-available/staging.obakr.com /etc/nginx/sites-available/staging.obakr.com.conf
[ec2-user@ip-172-31-12-188 ~]$ sudo rm /etc/nginx/sites-enabled/staging.obakr.com 
[ec2-user@ip-172-31-12-188 ~]$ sudo ln -s /etc/nginx/sites-available/staging.obakr.com.conf /etc/nginx/sites-enabled/staging.obakr.com.conf
[ec2-user@ip-172-31-12-188 ~]$ sudo nginx -t
nginx: [emerg] "server" directive is not allowed here in /etc/nginx/sites-enabled/staging.obakr.com.conf:1
nginx: configuration file /etc/nginx/nginx.conf test failed
[ec2-user@ip-172-31-12-188 ~]$

this is /etc/nginx/nginx.conf after editing

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
include /etc/nginx/sites-enabled/*.conf;

events {
    worker_connections 1024;
}

http {
etc....
1 Like

this is staging.obakr.com.conf in sites-enabled

[ec2-user@ip-172-31-12-188 sites-enabled]$ cat staging.obakr.com.conf 
server {
    listen 80;
    listen [::]:80;
    server_name staging.obakr.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name staging.obakr.com;

    ssl_certificate /etc/letsencrypt/live/staging.obakr.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/staging.obakr.com/privkey.pem;

    location / {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}
1 Like

Oh, sorry, the include for sites-enabled must be in the http grouping.

So, move it to just below this line instead.

4 Likes

It worked! Thank you @MikeMcQ I appreciate your help a lot

2 Likes