Let's Encrypt on Ubuntu 16.04 + Nginx

My domain is:
busplaner.tk
I ran this command:
certbot --nginx
It produced this output:
Could not automatically find a matching server block. Set the server_name directive to use the Nginx installer.
My web server is (include version):
nginx/1.10.3 (Ubuntu)
The operating system my web server runs on is (include version):
Ubuntu 16.04 LTS
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No

root /var/www/html/Busplaner;

    index index.php index.html index.htm;

    server_name www.Busplaner.tk Busplaner.tk;
    }

location ~ .php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}

location ~ /\.ht {
    deny all;
}

I don’t know what’s going wrong. Would you be so kind and help me out? :smile:

Could you show your entire nginx configuration?

nginx -T

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

configuration file /etc/nginx/nginx.conf:

user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
worker_connections 768;
# multi_accept on;
}

http {

    ##                                                                                                    
    # Basic Settings                                                                                      
    ##                                                                                                    
                                                                                                          
    sendfile on;                                                                                          
    tcp_nopush on;                                                                                        
    tcp_nodelay on;                                                                                       
    keepalive_timeout 65;                                                                                 
    types_hash_max_size 2048;                                                                             
    server_tokens off;                                                                                    
                                                                                                          
    # server_names_hash_bucket_size 64;                                                                   
    # server_name_in_redirect off;                                                                        
                                                                                                          
    include /etc/nginx/mime.types;                                                                        
    default_type application/octet-stream;                                                                
                                                                                                          
    ##                                                                                                    
    # SSL Settings                                                                                        
    ##                                                                                                    
                                                                                                          
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE                                    
    ssl_prefer_server_ciphers on;                                                                         
                                                                                                          
    ##                                                                                                    
    # Logging Settings                                                                                    
    ##                                                                                                    
                                                                                                          
    access_log /var/log/nginx/access.log;                                                                 
    error_log /var/log/nginx/error.log;                                                                   
                                                                                                          
    ##                                                                                                    
    # Gzip Settings                                                                                       
    ##                                                                                                    
                                                                                                          
    gzip on;                                                                                              
    gzip_disable "msie6";                                                                                 
                                                                                                          
    # gzip_vary on;                                                                                       
    # gzip_proxied any;                                                                                   
    # gzip_comp_level 6;                                                                                  
    # gzip_buffers 16 8k;                                                                                 
    # gzip_http_version 1.1;                                                                              
    # gzip_types text/plain text/css application/json application/javascript text/xml application/xml appl

ication/xml+rss text/javascript;

    ##                                                                                                    
    # Virtual Host Configs                                                                                
    ##                                                                                                    
                                                                                                          
    include /etc/nginx/conf.d/*.conf;                                                                     
    include /etc/nginx/sites-enabled/*;                                                                   

}

#mail {

# See sample authentication script at:

# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript

# auth_http localhost/auth.php;

# pop3_capabilities “TOP” “USER”;

# imap_capabilities “IMAP4rev1” “UIDPLUS”;

server {

listen localhost:110;

protocol pop3;

proxy on;

}

server {

listen localhost:143;

protocol imap;

proxy on;

}

#}

configuration file /etc/nginx/mime.types:

types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;

text/mathml                           mml;                                                                
text/plain                            txt;                                                                
text/vnd.sun.j2me.app-descriptor      jad;                                                                
text/vnd.wap.wml                      wml;                                                                
text/x-component                      htc;                                                                
                                                                                                          
image/png                             png;                                                                
image/tiff                            tif tiff;                                                           
image/vnd.wap.wbmp                    wbmp;                                                               
image/x-icon                          ico;                                                                
image/x-jng                           jng;                                                                
image/x-ms-bmp                        bmp;                                                                
image/svg+xml                         svg svgz;                                                           
image/webp                            webp;                                                               
                                                                                                          
application/font-woff                 woff;                                                               
application/java-archive              jar war ear;                                                        
application/json                      json;                                                               
application/mac-binhex40              hqx;                                                                
application/msword                    doc;                                                                
application/pdf                       pdf;                                                                
application/postscript                ps eps ai;                                                          
application/rtf                       rtf;                                                                
application/vnd.apple.mpegurl         m3u8;                                                               
application/vnd.ms-excel              xls;                                                                
application/vnd.ms-fontobject         eot;                                                                
application/vnd.ms-powerpoint         ppt;                                                                
application/vnd.wap.wmlc              wmlc;                                                               
application/vnd.google-earth.kml+xml  kml;                                                                
application/vnd.google-earth.kmz      kmz;                                                                
application/x-7z-compressed           7z;                                                                 
application/x-cocoa                   cco;                                                                
application/x-java-archive-diff       jardiff;                                                            
application/x-java-jnlp-file          jnlp;                                                               
application/x-makeself                run;                                                                
application/x-perl                    pl pm;                                                              
application/x-pilot                   prc pdb;                                                            
application/x-rar-compressed          rar;                                                                
application/x-redhat-package-manager  rpm;                                                                
application/x-sea                     sea;                                                                
application/x-shockwave-flash         swf;                                                                
application/x-stuffit                 sit;                                                                
application/x-tcl                     tcl tk;                                                             
application/x-x509-ca-cert            der pem crt;                                                        
application/x-xpinstall               xpi;                                                                
application/xhtml+xml                 xhtml;                                                              
application/xspf+xml                  xspf;                                                               
application/zip                       zip;                                                                
                                                                                                          
application/octet-stream              bin exe dll;                                                        
application/octet-stream              deb;                                                                
application/octet-stream              dmg;                                                                
application/octet-stream              iso img;                                                            
application/octet-stream              msi msp msm;                                                        
                                                                                                          
application/vnd.openxmlformats-officedocument.wordprocessingml.document    docx;                          
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet          xlsx;                          
application/vnd.openxmlformats-officedocument.presentationml.presentation  pptx;                          
                                                                                                          
audio/midi                            mid midi kar;                                                       
audio/mpeg                            mp3;                                                                
audio/ogg                             ogg;                                                                
audio/x-m4a                           m4a;                                                                
audio/x-realaudio                     ra;                                                                 
                                                                                                          
video/3gpp                            3gpp 3gp;                                                           
video/mp2t                            ts;                                                                 
video/mp4                             mp4;                                                                
video/mpeg                            mpeg mpg;                                                           
video/quicktime                       mov;                                                                
video/webm                            webm;                                                               
video/x-flv                           flv;                                                                
video/x-m4v                           m4v;                                                                
video/x-mng                           mng;                                                                
video/x-ms-asf                        asx asf;                                                            
video/x-ms-wmv                        wmv;                                                                
video/x-msvideo                       avi;                                                                

}

configuration file /etc/nginx/sites-enabled/Busplaner:

You should look at the following URL’s in order to grasp a solid understanding

of Nginx configuration files in order to fully unleash the power of Nginx.

http://wiki.nginx.org/Pitfalls

http://wiki.nginx.org/QuickStart

http://wiki.nginx.org/Configuration

Generally, you will want to move this file somewhere, and start with a clean

file but keep this around for reference. Or just disable in sites-enabled.

Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.

Default server configuration

server {
listen 80;
listen [::]:80;
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don’t use them in a production server!
#
# include snippets/snakeoil.conf;

    root /var/www/html/Busplaner;                                                                         
                                                                                                          
    # Add index.php to the list if you are using PHP                                                      
    index index.php index.html index.htm index.nginx-debian.html;                                         
                                                                                                          
    server_name www.Busplaner.tk Busplaner.tk;                                                            

location ~ .php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}

location ~ /\.ht {                                                                                        
    deny all;                                                                                             
}                                                                                                         
    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000                                  
    #                                                                                                     
    #location ~ \.php$ {                                                                                  
    #       include snippets/fastcgi-php.conf;                                                            
    #                                                                                                     
    #       # With php7.0-cgi alone:                                                                      
    #       fastcgi_pass 127.0.0.1:9000;                                                                  
    #       # With php7.0-fpm:                                                                            
    #       fastcgi_pass unix:/run/php/php7.0-fpm.sock;                                                   
    #}                                                                                                    
                                                                                                          
    # deny access to .htaccess files, if Apache's document root                                           
    # concurs with nginx's one                                                                            
    #                                                                                                     
    #location ~ /\.ht {                                                                                   
    #       deny all;                                                                                     
    #}                                                                                                    

}

Virtual Host configuration for example.com

You can move that to a different file under sites-available/ and symlink that

to sites-enabled/ to enable it.

#server {

listen 80;

listen [::]:80;

server_name example.com;

root /var/www/example.com;

index index.html;

location / {

try_files $uri $uri/ =404;

}

#}

configuration file /etc/nginx/snippets/fastcgi-php.conf:

regex to split $uri to $fastcgi_script_name and $fastcgi_path

fastcgi_split_path_info ^(.+.php)(/.+)$;

Check that the PHP script exists before passing it

try_files $fastcgi_script_name =404;

Bypass the fact that try_files resets $fastcgi_path_info

see: http://trac.nginx.org/nginx/ticket/321

set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;

fastcgi_index index.php;
include fastcgi.conf;

configuration file /etc/nginx/fastcgi.conf:

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;

fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;

fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;

fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;

PHP only, required if PHP was built with --enable-force-cgi-redirect

fastcgi_param REDIRECT_STATUS 200;

I am not sure what’s wrong.

it looks like the default Ubuntu nginx setup but with the sites-enabled/default file renamed and slightly altered.

I can’t reproduce the problem:

$ sudo certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx

Which names would you like to activate HTTPS for?
-------------------------------------------------------------------------------
1: busplaner.tk
2: www.busplaner.tk
-------------------------------------------------------------------------------
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):

@schoen Any ideas?

What version of Certbot? Are you willing to try certbot-auto to get a more recent one?

certbot -auto
Saving debug log to /var/log/letsencrypt/letsencrypt.log
The requested uto plugin does not appear to be installed

certbot --nginx -d rtcsl.info -d map.rtcsl.info -d api.rtcsl.info
that command helped me setup my domain and subdomains with SSL in nginx
the system even updated the nginx /sites-available/default file for me.
make sure you got the latest letsencrypt package and all of its dependencies.

certbot-auto refers to a different way of downloading and running Certbot, in a more portable way.

See here: Get Certbot — Certbot 1.21.0 documentation

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.