Could not find block to include challenges

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: nevarezfarmlabor.com

I ran this command: certbot --nginx -d nevarezfarmlabor.com -d www.nevarezfarmlabor.com

It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.nevarezfarmlabor.com
http-01 challenge for nevarezfarmlabor.com
Cleaning up challenges
Certbot could not find a block to include challenges in /etc/nginx/nginx.conf.

My web server is (include version): nginx/1.14.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 18.04.4 LTS

My hosting provider, if applicable, is: digitalocean.com

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

What’s the output of nginx -T?

Here is the output.

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Nothing more? Did you use the capital T? Because capital T should output all the parsed configuration files.

Apologies I used a lowercase t.
Here is the output.

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

configuration file /etc/nginx/nginx.conf:

include sites-enabled/*;

configuration file /etc/nginx/sites-enabled/nevarezfarmlabor.com:

events {
}

http {

    server {
            listen 80;
            server_name nevarezfarmlabor.com www.nevarezfarmlabor.com;
            access_log /home/NevarezFarmLabor/logs/nginx/access.log;
            root /home/NevarezFarmLabor/static;
            location = / {
              try_files $uri $uri/home.html;
            }
    }

}

Hm, strange. The certbot code to try and find the http block is rather simple. Perhaps certbot needs to have the http part in nginx.conf and you could move the include sites-enabled/*; statement inside that http block?

2 Likes

Are you sure this is all there is?

Your configuration is very unusual.

You should have a nginx.conf like this:

http {
  # more stuff that should be deleted

  include sites-enabled/*;
}

and then a sites-enabled/nevarezfarmlabor.com like this:

server {
  listen 80;
  server_name nevarezfarmlabor.com www.nevarezfarmlabor.com;
  root /home/NevarezFarmLabor/static;
  location = / {
    try_files $uri $uri/home.html;
  }

  # more stuff at will
}
1 Like

@Osiris that indeed was the issue. Using both your explanation and @9peppe example I relocated the http portion into nginx.conf and included sites-enabled. The certs were then issued successfully. I must have modified the nginx.conf file when initially tinkering with config. Thanks for your help with this @Osiris and @9peppe.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.