Creating a certificate fails with duplicate relation-error - NGINX

My domain is: uptime.rejsemus.dk

I ran this command: requested a new certificate through NGINX GUI

It produced this output: Duplicate relation "access_list" in a relation expression. You should use "a.[b, c]" instead of "[a.b, a.c]". This will cause an error in objection 2.0

My web server is (include version): ehhh....no idea. Where do I find that?

The operating system my web server runs on is (include version): unRAID / Uptime Kuma.

My hosting provider, if applicable, is: Myself. unRAID

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Yes, unRAID and NGINX.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Certbot 1.27.0

I'm newbie in this. So please tell me what info you need. It has been hosted in a hostingcenter before, and they created a lot of certificates. I don't know if they conflicts with this try?

Hello @JGNi, welcome to the Let's Encrypt community. :slightly_smiling_face:

Using Let's Debug with the HTTP-01 Challenge and the given domain name the results https://letsdebug.net/uptime.rejsemus.dk/1331181 show 3 WARNINGS
Please check the results for suggestions and hints.

1 Like

I've activated Full (strict)
So now it says Encrypts end-to-end, but requires a trusted CA or Cloudflare Origin CA certificate on the server

But maybe this is the forward to get rid of that error?

Kindly wait for more knowledgeable Let's Encrypt community volunteers to assist.
I do not know Cloudflare, but others like do.

3 Likes

You won't be able to enable Full(Strict) until your Origin Server has a valid cert. The Let's Debug report is not the best for your situation.

There are several good ways to configure a server to work with Cloudflare.

Maybe the easiest is to use the Cloudflare Origin CA Cert on your Origin Server. Once that is installed in nginx you can use Cloudflare Full-Strict. In this case you don't use Certbot at all and Cloudflare will manage the cert between a browser and its CDN Edge for you.

Right now you are getting a 526 error from Cloudflare. The below topic describes correcting this and has a link for setting up the Origin Cert.
https://community.cloudflare.com/t/community-tip-fixing-error-526-invalid-ssl-certificates/44273

I do not know about this error:

"Duplicate relation "access_list" in a relation expression. You should use "a.[b, c]" instead of "[a.b, a.c]". This will cause an error in objection 2.0

You may need to ask about that on an unRaid forum. It isn't related to Let's Encrypt or Cloudflare for that matter.

Another good resource is the Cloudflare Community (link here)

5 Likes

I'll take a look at your link, and maybe return with more questions.

Thanks!

2 Likes