I had the exact same setup and it all worked but after a long time of inactivity, returning to programming, I now can't get rid of ERR_CERT_AUTHORITY_INVALID. How can I debug this?
It produced this output:
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/emdeevy.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/emdeevy.com/privkey.pem
This certificate expires on 2023-03-20.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
Deploying certificate
Successfully deployed certificate for emdeevy.com to /etc/nginx/sites-enabled/emdeevy.com
Successfully deployed certificate for www.emdeevy.com to /etc/nginx/sites-enabled/emdeevy.com
Congratulations! You have successfully enabled HTTPS on https://emdeevy.com and https://www.emdeevy.com
My web server is (include version): nginx/1.18.0 (Ubuntu)
The operating system my web server runs on is (include version):Ubuntu 22.04.1 LTS
I can login to a root shell on my machine (yes or no, or I don't know): yes
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.32.2
I don't think cache has anything to do with it, I also tried on my phone, and since it's not chrome I'm only getting 'the connection is not private', signaling that the cert is not valid somehow.
I have also tried removing the redirect from port 80, and when accessing http://emdeevy.com I would get the 404 as expected. Respectively I removed the first 7 lines from this:
if ($host = www.emdeevy.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = emdeevy.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name emdeevy.com www.emdeevy.com;
return 404; # managed by Certbot
leaving only the last 3 lines and it correctly gave me the 404 as expected, so I doubt it is an nginx issue either.