Error when renewing certificate Nginx

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: marlinmechanical.com

I ran this command: certbot renew --dry-run

It produced this output:


My web server is (include version): nginx/1.19.6

The operating system my web server runs on is (include version): Debian 9

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.28.0

2 Likes

What's the output of:

grep authenticator /etc/letsencrypt/renewal/*.conf
sudo nginx -t
2 Likes

Screen Shot 2021-03-18 at 17.20.51 !

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

2 Likes

Welcome to the Let's Encrypt Community, Karina :slightly_smiling_face:

Please try the following and let us know the results:

sudo certbot certonly --nginx -d "marlinmechanical.com,www.marlinmechanical.com" --dry-run

1 Like

Thank you for the reply!
Here's the output:
Screen Shot 2021-03-19 at 08.47.30

2 Likes

Beautiful! :partying_face:

Please try this then:

sudo certbot certonly --nginx -d "marlinmechanical.com,www.marlinmechanical.com" --deploy-hook "nginx -s reload"

1 Like

As for marlinservices.com, since you're using Cloudflare I recommend that consider using a Cloudflare Origin CA certificate rather than a Let's Encrypt certificate. They last much longer and are much easier to acquire and configure when using Cloudflare.

2 Likes

Yaaay! :tada:
It worked! Thank you so much! Could you please explain what the problem was? I'm not super savvy with certificates lol

Thank you for your help! :heart:

2 Likes

For marlinmechanical.com...

Either:

  • You had the wrong webroot folder specified in certbot's renewal configuration file. (possible)

OR

  • Your nginx configuration wasn't allowing the http-01 challenge files created by certbot to be accessed by the Let's Encrypt server. (likely)

For marlinservices.com...

Standard certbot authentication methods usually don't get along with Cloudflare right out of the box.

2 Likes

ooh ok thank you again for your help! :heart:

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.