Error while trying to renew certificate - directive is duplicate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
sudo certbot renew -v --renew-hook 'service nginx reload'

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/

Certificate not yet due for renewal

Processing /etc/letsencrypt/renewal/

Certificate is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate for
Performing the following challenges:
http-01 challenge for
Cleaning up challenges
Failed to renew certificate with error: nginx restart failed:
nginx: [emerg] "server_names_hash_bucket_size" directive is duplicate in /etc/nginx/conf-enabled/server_names_hash_bucket.conf:1

The following certificates are not due for renewal yet:
/etc/letsencrypt/live/ expires on 2023-07-30 (skipped)
All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/ (failure)

1 renew failure(s), 0 parse failure(s)

My web server is (include version):
nginx/1.18.0 (Ubuntu)
The operating system my web server runs on is (include version):
Ubuntu 22.04.2

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.21.0

Further steps, I have run $ grep -lir "server_names_hash" * in my /etc/nginx directory and only found one instance of it that hasn't been commented out which is in the file conf-available/server_names_hash_bucket_size.conf. There were a couple of other instances of it but they were commented out, but i went ahead and removed them anyway.

I have also run $ sudo nginx -t and got:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Running 'service nginx reload' works without any issues. So I am not sure why its failing only when its run via the certbot renew command.

Any help or pointers would be much appreciated.


Hi @arunk and Welcome to the forum...
I am certainly not an expert with nginx, but take a look at this thread as it might be helpful in your situation:

Also, you might consider upgrading your certbot to the latest version...


Hi @Rip thanks. I followed the link and made the changes to my nginx setup as mentioned in the issue that you linked. But now I'm getting another issue. I get the following when trying to run renew:

Certificate is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate for
Failed to renew certificate with error: <Response [503]>

Is this a temporary issue because of loads on the lets encrypt servers or is there an issue with my configuration?



Hi @Rip I tried it a couple of times and it failed with the 503 error, but when I tried it again just now it succeeded. Thanks for your help.


Can you post the output containing the error? Might shed some light on the issue.
Congrads! I see your new cert! Good going.