Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: test.robertwgehl.org
I ran this command:
certbot --nginx -d test.robertwgehl.org
It produced this output: Successful certificates in /etc/letsencrypt/live/test.robertwgehl.org/*
CONTENTS OF /etc/letsencrypt/renewal/test.robertwgehl.org.conf
# renew_before_expiry = 30 days
version = 1.27.0
archive_dir = /etc/letsencrypt/archive/test.robertwgehl.org
cert = /etc/letsencrypt/live/test.robertwgehl.org/cert.pem
privkey = /etc/letsencrypt/live/test.robertwgehl.org/privkey.pem
chain = /etc/letsencrypt/live/test.robertwgehl.org/chain.pem
fullchain = /etc/letsencrypt/live/test.robertwgehl.org/fullchain.pem
# Options used in the renewal process
[renewalparams]
account = eb08609b996eea16cf85bccb400e6440
authenticator = webroot
server = https://acme-v02.api.letsencrypt.org/directory
key_type = rsa
[[webroot_map]]
test.robertwgehl.org = /home/mastodon/live/public
My web server is (include version): nginx version: nginx/1.18.0 (Ubuntu)
The operating system my web server runs on is (include version): Ubuntu 20.04
My hosting provider, if applicable, is: Digital Ocean
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.27.0
My issue is that the site (a Mastodon installation) works just fine in the Tor Browser, but is not working correctly in Chrome or Firefox.
Firefox complains that the cert is for www.test.robertwgehl.org. I don't know why; the config file for nginx includes (this isn't the whole thing, but it includes the relevant parts):
GNU nano 4.8 /etc/nginx/sites-available/mastodon
server {
if ($host = test.robertwgehl.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name test.robertwgehl.org;
root /home/mastodon/live/public;
location /.well-known/acme-challenge/ { allow all; }
location / { return 301 https://$host$request_uri; }
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name test.robertwgehl.org;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
# Uncomment these lines once you acquire a certificate:
ssl_certificate /etc/letsencrypt/live/test.robertwgehl.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/test.robertwgehl.org/privkey.pem; # managed by Certbot
keepalive_timeout 70;
sendfile on;
client_max_body_size 80m;
root /home/mastodon/live/public;
I don't see any "www" anywhere, and my original command did not involve www.test.robertwgehl.org.
Any ideas what's going on?