Invalid certificate after installing certbot

Hi, I just installed certbot to secure my domain. My domain gabray.fr returns a server error, this is normal for now, there is nothing on it yet. However I want to secure the connection to my sub domain uprising.gabray.fr. After getting and installing my certificate, I get several errors while restarting nginx, like nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use).
I managed to get through this and get nginx running. But when I access my website, my certificate is invalid.
Here’s my current config file:

upstream uprising {
server gabray.fr:8080;
}
upstream torrent {
server gabray.fr:8000;
}

server {

    server_name gabray.fr www.gabray.fr;

    location / {
            proxy_pass http://torrent/;
    }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    # listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/gabray.fr/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/gabray.fr/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    server_name uprising.gabray.fr;

location / {
	proxy_pass http://uprising/;
}

    listen [::]:443 ssl; # managed by Certbot
    # listen 443 ssl; # managed by Certbot
    ssl on;
    ssl_certificate /etc/letsencrypt/live/gabray.fr/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/gabray.fr/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = www.gabray.fr) {
        return 301 https://$host$request_uri;
   } # managed by Certbot


if ($host = gabray.fr) {
    return 301 https://$host$request_uri;
} # managed by Certbot

listen [::]:80;

    server_name gabray.fr www.gabray.fr;
return 404; # managed by Certbot
}

server {
    if ($host = uprising.gabray.fr) {
       return 301 https://$host$request_uri;
    } # managed by Certbot

# listen 80;

server_name uprising.gabray.fr;
    return 404; # managed by Certbot
}

My domain is: uprising.gabray.fr

My web server is (include version): Nginx 1.10.3

The operating system my web server runs on is (include version): Debian 9

My hosting provider, if applicable, is: ovh

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.28.0

1 Like

When I visit https://uprising.gabray.fr/ right now, it’s not running nginx. It’s running OpenVPN-AS:

$ curl -s -X GET -Ik https://uprising.gabray.fr/ | grep -i "server:"
Server: OpenVPN-AS

That also probably explains why you are getting this error:

The address is already in use by OpenVPN.

You need to decide who you want to run on port 443. If it’s nginx, then you need to relocate OpenVPN-AS to another port.

2 Likes

Hi, thank you for your answer. I moved openVPN to another port and, now my certificate is indeed valid. However, it is now OpenVPN that warns me that I have an untrusted certificate. How could I manage to have both certificates recognised ?

1 Like

(if you look around carefully, there should be hooks for certbot or some acme clients that do this. or your can write your own.)

1 Like