Migrating from sslforfree

sslforfree gave me ca_bundle.crt certificate.crt private.key for each of my domains Letsencrypt only gives me one txt file What to do?

My domain is: kingbiscuitblues.com

I ran this command:

It produced this output:

My web server is (include version): passenger nginx module

The operating system my web server runs on is (include version): Ubuntu 18.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

it’d be a program that request cert from LE api, what file did you download?

I’m saying I’m confused why did I have 3 files in my certs directory when using sslforfree and letsencrypt only gives me one certificate to download and seemingly I’m supposed to rename

what’s the name of file?

letsencrypt lets me download domain-csr.txt if i just rename it certificate.crt and leave my other two files ca_bundle.crt and private.key in the folder ?

csr is short for certificate signing request.. you don't have cert yet, and where is private key for that?

I’m using passenger nginx module How do I tell certbot the path to nginx? it’s in /opt/nginx/sbin/nginx

Hi @fugee

please check the list of options:


  Nginx Web Server plugin

  --nginx-server-root NGINX_SERVER_ROOT
                        Nginx server root directory. (default: /etc/nginx or
  --nginx-ctl NGINX_CTL
                        Path to the 'nginx' binary, used for 'configtest' and
                        retrieving nginx version number. (default: nginx)

PS: Your configuration may not work. You have redirects http -> https ( https://check-your-website.server-daten.de/?q=kingbiscuitblues.com ):

Domainname Http-Status redirect Sec. G
http://kingbiscuitblues.com/ 301 https://kingbiscuitblues.com/ 0.257 A
http://www.kingbiscuitblues.com/ 301 https://www.kingbiscuitblues.com/ 0.247 A
https://kingbiscuitblues.com/ 200 1.370 N
Certificate error: RemoteCertificateChainErrors
https://www.kingbiscuitblues.com/ 200 1.413 N
Certificate error: RemoteCertificateChainErrors
http://kingbiscuitblues.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 301 https://kingbiscuitblues.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.250 A
Visible Content: 301 Moved Permanently nginx/1.14.0
http://www.kingbiscuitblues.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 301 https://www.kingbiscuitblues.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.244 A
Visible Content: 301 Moved Permanently nginx/1.14.0
https://kingbiscuitblues.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 404 1.130 N
Not Found
Certificate error: RemoteCertificateChainErrors
Visible Content: The page you were looking for doesn't exist. You may have mistyped the address or the page may have moved. If you are the application owner check the logs for more information.
https://www.kingbiscuitblues.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 404 1.067 N
Not Found
Certificate error: RemoteCertificateChainErrors
Visible Content: The page you were looking for doesn't exist. You may have mistyped the address or the page may have moved. If you are the application owner check the logs for more information.

Normally, this isn't a problem.

But http uses

Server: nginx/1.14.0

https sends

Server: nginx/1.14.0 + Phusion Passenger 5.3.4

Perhaps create an exception, so /.well-known/acme-challenge isn't redirected to https.

It may work, but it's possible that this "Phusion Passenger 5.3.4" ignores the validation file.

Redirects are how you setup a site for ssl in nginx

When they say nginx webserver plugin what exactly do they mean? The expected paths shown don’t match my setup I have nginx installed under /opt

That's the reason you should use the --nginx-server-root option, so the Certbot nginx plugin can find your nginx installation.

Sorry, use it where? I was trying to install software-properties-common So far I’m stuck there and sudo apt-get install software-properties-common --nginx-server-root=/opt/nginx/sbin returns the error E: Command line option --nginx-server-root=/opt/nginx/sbin is not understood in combination with the other options

That's a Certbot-option

User-Guide Certbot


not an apt-get - option.

sounds like you have already installed Certbot.

What makes you say it sounds like I already have it installed?

Pass it as an option to certbot ?

$ sudo certbot --nginx --nginx-server-root=/opt/nginx/sbin

nginx: [emerg] unknown directive “passenger_root” in /opt/nginx/conf/nginx.conf:20
nginx: configuration file /opt/nginx/conf/nginx.conf test failed

The nginx plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError(‘Error while running nginx -c /opt/nginx/conf/nginx.conf -t.\n\nnginx: [emerg] unknown directive “passenger_root” in /opt/nginx/conf/nginx.conf:20\nnginx: configuration file /opt/nginx/conf/nginx.conf test failed\n’,)

If I run certbot --nginx without any options it says “No names were found in your configuration files. Please enter in your domain …” That’s no good I’d rather have it always pick them up from my nginx.conf file

Looks like the nginx plugin doesn't understand that directive. May be a general problem so you can't use it.

Sounds like an aftereffect of the first.

Perhaps switch to webroot and use certonly, so the nginx plugin is not required / used.

Thanks I gave it a list of websites, it’s been running for an hour though When will it finish? =D

What does that mean? What is running?

I ran this command in terminal and it’s still running for 1 1/2 hours sudo certbot certonly --webroot -w /home/fugee/websites/kingbiscuitblues/public -d *.kingbiscuitblues.com -d kingbiscuitblues.com … (more sites here)

1 Like