Generating a cert on Debian 10 Linode server for nginx, error when running sudo certbot certonly --nginx

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
?? see edit at bottom

I ran this command:
sudo certbot certonly --nginx

It produced this output:
Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] no "ssl_certificate" is defined for the "listen ... ssl" directive in /etc/nginx/nginx.conf:24
nginx: configuration file /etc/nginx/nginx.conf test failed

The nginx plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError('Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] no "ssl_certificate" is defined for the "listen ... ssl" directive in /etc/nginx/nginx.conf:24\nnginx: configuration file /etc/nginx/nginx.conf test failed\n')

My web server is (include version):
nginx/1.18.0

The operating system my web server runs on is (include version):
Debian 10

My hosting provider, if applicable, is:
Linode

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.22.0

Hi all, im following the instructions at An ASP.NET Core on Linux Tutorial | Linode to set up nginx server on Debian, I get the error above when running sudo certbot certonly --nginx.

After googling it seems error is that the config doesnt contain the location of the cert files (i thought this command should be creating the cert files), so i tried adding the location they should be added to and re ran but same error.

I then saw instructions on Certbot Instructions | Certbot gives option to use this command:

sudo certbot --nginx

but when the path is in nginx.conf i get this error:
Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/example.com/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/example.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

When its not there i get this error:
Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] no "ssl_certificate" is defined for the "listen ... ssl" directive in /etc/nginx/nginx.conf:24
nginx: configuration file /etc/nginx/nginx.conf test failed

Any help much appreciated

EDIT: I didnt add my domain name as im not sure what it should be, should it be what is in the nginx.conf? I just have example.com there atm , im not too savy on this kind of thing and not sure what to put there as i dont have a domain yet, is this just a domain local to the server so can be what it wants? I dont have a public domain name yet.

You can't get a cert if you don't control a domain.

Your current problem is that nginx refuses to start because it doesn't have some ssl certificates (that it had before. Did you move your config over from another server?)

The easy solution is to enable the snakeoil certificates (include snippets/snakeoil.conf;), remove/comment out references to missing certificates, and let nginx start.

Then you can get a recognized cert.

Well, any hostname would suffice, e.g. a subdomain under your control of a domain you don't control.

There are plenty of services out there offering free (sub)domains.

Domain means domain, any level domain is a domain.

Thanks! So looks like im getting ahead of myself. No im not moving config over i think that error is just because i added these paths from the guide i was following to the nginx.conf when troubleshooting:
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

I just started following the guide on linode to set up an asp core website so was just following the steps and the guide didnt mention needing a domain beforehand. Sounds a bit silly now you say it of course id need a domain to generate a cert for it. So I will just set this site up with http only for now and read up more on certs before I try again.

Thanks for your help!

You can get free domains (mostly third level, some second) around.

You can also get very cheap 2nd level domains ($1/year)

I preferably use the term hostname. Ultimately the term FQDN is best I guess, which incorporates "domain name" I'm afraid

Which can be confusing I think, as "domain name" often refers to the "registered domain name" e.g. example.com or example.co.uk.

Are there any major downsides to these e.g. security or anything?
Im looking at www.freenom.com and can get a .tk domain for free

Yes, and those are not even same level domains. Some time ago it made news when a website was hosted on a tld.

It's fine as long as you don't care if they take it back without notice. (and their dns are sloooow)

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.