Could not install certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: saturn.tyrc.edu.tw

I ran this command: sudo certbot --nginx

It produced this output: Could not automatically find a matching server block for saturn.tyrc.edu.tw. Set the server_name directive to use the Nginx installer.

My web server is (include version): nginx/1.21.3

The operating system my web server runs on is (include version): Ubuntu 20.04.3 LTS

My hosting provider, if applicable, is: I don't know

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.20.0

I have checked my config file in /etc/nginx/sites-available and created link to /etc/nginx/sites-enabled, then restart nginx. But I still got this error.

Is there any problem in my config file? or something wrong?

server {
  listen 80;
  listen [::]:80;

  root /var/www/109work/public;

  server_name saturn.tyrc.edu.tw;

  index index.php;

  location / {
    try_files $uri /index.php?$query_string;
  }

  location ~ .php$ {
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/run/php/php7.4-fpm.sock;
    fastcgi_read_timeout 600;
    fastcgi_send_timeout 600;
    fastcgi_connect_timeout 600;
  }
}

server {
  listen 80;
  listen [::]:80;
  server_name saturn.tyrc.edu.tw;
  return 301 https://saturn.tyrc.edu.tw$request_uri;
}

It's very surprising that you'd get that error.

To be completely certain that the config file is being included in your nginx configuration, does it show up when you run the following?

sudo nginx -T

I'm not sure what you mean.
But I got this after sudo nginx -T

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:

user  www-data;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/sites-enabled/*.conf;
}

...

What is meant is:
You show two vhost config - both with the exact same name and port.
nginx should NOT allow that in the config.

Then you clip off the part that would include those vhost configs:

Somewhere in those three dots ("...") is the answer we all seek.

What do you mean. Where do you find two vhost config in my code?

here is the complete code after typing sudo nginx -T

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:

user  www-data;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/sites-enabled/*.conf;
}

# configuration file /etc/nginx/mime.types:

types {
    text/html                                        html htm shtml;
    text/css                                         css;
    text/xml                                         xml;
    image/gif                                        gif;
    image/jpeg                                       jpeg jpg;
    application/javascript                           js;
    application/atom+xml                             atom;
    application/rss+xml                              rss;

    text/mathml                                      mml;
    text/plain                                       txt;
    text/vnd.sun.j2me.app-descriptor                 jad;
    text/vnd.wap.wml                                 wml;
    text/x-component                                 htc;

    image/png                                        png;
    image/svg+xml                                    svg svgz;
    image/tiff                                       tif tiff;
    image/vnd.wap.wbmp                               wbmp;
    image/webp                                       webp;
    image/x-icon                                     ico;
    image/x-jng                                      jng;
    image/x-ms-bmp                                   bmp;

    font/woff                                        woff;
    font/woff2                                       woff2;

    application/java-archive                         jar war ear;
    application/json                                 json;
    application/mac-binhex40                         hqx;
    application/msword                               doc;
    application/pdf                                  pdf;
    application/postscript                           ps eps ai;
    application/rtf                                  rtf;
    application/vnd.apple.mpegurl                    m3u8;
    application/vnd.google-earth.kml+xml             kml;
    application/vnd.google-earth.kmz                 kmz;
    application/vnd.ms-excel                         xls;
    application/vnd.ms-fontobject                    eot;
    application/vnd.ms-powerpoint                    ppt;
    application/vnd.oasis.opendocument.graphics      odg;
    application/vnd.oasis.opendocument.presentation  odp;
    application/vnd.oasis.opendocument.spreadsheet   ods;
    application/vnd.oasis.opendocument.text          odt;
    application/vnd.openxmlformats-officedocument.presentationml.presentation
                                                     pptx;
    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
                                                     xlsx;
    application/vnd.openxmlformats-officedocument.wordprocessingml.document
                                                     docx;
    application/vnd.wap.wmlc                         wmlc;
    application/wasm                                 wasm;
    application/x-7z-compressed                      7z;
    application/x-cocoa                              cco;
    application/x-java-archive-diff                  jardiff;
    application/x-java-jnlp-file                     jnlp;
    application/x-makeself                           run;
    application/x-perl                               pl pm;
    application/x-pilot                              prc pdb;
    application/x-rar-compressed                     rar;
    application/x-redhat-package-manager             rpm;
    application/x-sea                                sea;
    application/x-shockwave-flash                    swf;
    application/x-stuffit                            sit;
    application/x-tcl                                tcl tk;
    application/x-x509-ca-cert                       der pem crt;
    application/x-xpinstall                          xpi;
    application/xhtml+xml                            xhtml;
    application/xspf+xml                             xspf;
    application/zip                                  zip;

    application/octet-stream                         bin exe dll;
    application/octet-stream                         deb;
    application/octet-stream                         dmg;
    application/octet-stream                         iso img;
    application/octet-stream                         msi msp msm;

    audio/midi                                       mid midi kar;
    audio/mpeg                                       mp3;
    audio/ogg                                        ogg;
    audio/x-m4a                                      m4a;
    audio/x-realaudio                                ra;

    video/3gpp                                       3gpp 3gp;
    video/mp2t                                       ts;
    video/mp4                                        mp4;
    video/mpeg                                       mpeg mpg;
    video/quicktime                                  mov;
    video/webm                                       webm;
    video/x-flv                                      flv;
    video/x-m4v                                      m4v;
    video/x-mng                                      mng;
    video/x-ms-asf                                   asx asf;
    video/x-ms-wmv                                   wmv;
    video/x-msvideo                                  avi;
}

ONE:

TWO:

That doesn't include any of the vhost configs you previously showed.

Please show the output of:
ls -l /etc/nginx/sites-enabled/*.conf

Thanks, I try to modify my vhost configs name and here's my output now

lrwxrwxrwx 1 root root 36  十  12 21:25 /etc/nginx/sites-enabled/tyrc.conf -> /etc/nginx/sites-available/tyrc.conf

and then I try to modified my config content that I was suggested

server {

  root /var/www/109work/public;

  server_name saturn.tyrc.edu.tw;

  index index.php;

  location / {
#    try_files $uri $uri/ /index.php?$query_string;
    try_files $uri /index.php?$query_string;
  }

  location ~ .php$ {
    include snippets/fastcgi-php.conf;
    # PHP-FPM 的連接方式
    fastcgi_pass unix:/run/php/php7.4-fpm.sock;
    fastcgi_read_timeout 600;
    fastcgi_send_timeout 600;
    fastcgi_connect_timeout 600;
  }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/saturn.tyrc.edu.tw/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/saturn.tyrc.edu.tw/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = saturn.tyrc.edu.tw) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


  listen 80;
  listen [::]:80;
  server_name saturn.tyrc.edu.tw;
    return 404; # managed by Certbot


}


and new error occur after typing restart nginx

$ sudo systemctl restart nginx
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xe" for details.

the error detail shows

$ journalctl -xe
Hint: You are currently not seeing messages from other users and the system.
      Users in groups 'adm', 'systemd-journal' can see all messages.
      Pass -q to turn off this notice.
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
-- 
-- The unit UNIT has successfully entered the 'dead' state.
 十  12 17:50:44 saturn tracker-store[274852]: OK
 十  12 17:50:44 saturn systemd[274697]: tracker-store.service: Succeeded.
-- Subject: Unit succeeded
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
-- 
-- The unit UNIT has successfully entered the 'dead' state.
 十  12 20:53:02 saturn sudo[276354]: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory
 十  12 20:53:05 saturn sudo[276354]: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory

Can I make sure the config file include vhost config now? Is there any problem in my config file?

Thanks for everyone. I solved my problem.
I summarize my problem in here.
First, my nginx config file didn't include my vhost config file.
I change my vhost config filename than encounter another error when restart nginx.

The unit UNIT has successfully entered the 'dead' state.
 十  12 20:53:02 saturn sudo[276354]: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory

My /etc/securetty was missing. So I copied it by

sudo cp /usr/share/doc/util-linux/examples/securetty /etc/securetty

and then reboot the server. Finally solved it!

1 Like