Migrating from sslforfree

When they say nginx webserver plugin what exactly do they mean? The expected paths shown don’t match my setup I have nginx installed under /opt

That's the reason you should use the --nginx-server-root option, so the Certbot nginx plugin can find your nginx installation.

Sorry, use it where? I was trying to install software-properties-common So far I’m stuck there and sudo apt-get install software-properties-common --nginx-server-root=/opt/nginx/sbin returns the error E: Command line option --nginx-server-root=/opt/nginx/sbin is not understood in combination with the other options

That's a Certbot-option

User-Guide Certbot

https://certbot.eff.org/docs/using.html

not an apt-get - option.

sounds like you have already installed Certbot.

What makes you say it sounds like I already have it installed?

Pass it as an option to certbot ?

$ sudo certbot --nginx --nginx-server-root=/opt/nginx/sbin

nginx: [emerg] unknown directive "passenger_root" in /opt/nginx/conf/nginx.conf:20
nginx: configuration file /opt/nginx/conf/nginx.conf test failed

The nginx plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError('Error while running nginx -c /opt/nginx/conf/nginx.conf -t.\n\nnginx: [emerg] unknown directive "passenger_root" in /opt/nginx/conf/nginx.conf:20\nnginx: configuration file /opt/nginx/conf/nginx.conf test failed\n',)

If I run certbot --nginx without any options it says “No names were found in your configuration files. Please enter in your domain …” That’s no good I’d rather have it always pick them up from my nginx.conf file

Looks like the nginx plugin doesn't understand that directive. May be a general problem so you can't use it.

Sounds like an aftereffect of the first.

Perhaps switch to webroot and use certonly, so the nginx plugin is not required / used.

Thanks I gave it a list of websites, it’s been running for an hour though When will it finish? =D

What does that mean? What is running?

I ran this command in terminal and it’s still running for 1 1/2 hours sudo certbot certonly --webroot -w /home/fugee/websites/kingbiscuitblues/public -d *.kingbiscuitblues.com -d kingbiscuitblues.com … (more sites here)

1 Like

That can't work. Looks like Certbot waits to your input and you don't see it.

If you want to create a wildcard certificate, dns-01 validation is required. So webroot can't work.

How do I fulfill the requirement

Check

Do you really need a wildcard certificate?

You can always use --manual, but you must see the output. Certbot creates a txt entry.

You have to create two DNS TXT entries

_acme-challenge.kingbiscuitblues.com

with two different values. If you have more domain names, one value per domain name.

And normally it’s easier to create one certificate per domain (non-www + www), not one certificate with different main domain names.

sudo certbot certonly --manual --preferred-challenges dns -d *.kingbiscuitblues.com -d kingbiscuitblues.com

certbot: error: unrecognized arguments: certonly --manual

What says

certbot --version

Sorry I solved that last issue before success The --manual option wasn’t an unrecognized argument, it was a subargument to --manual that were wrongly syntaxed --preferred-challenges dns should be --preferred-challenges=dns In conclusion, having certbot installed on my server to help with ssl certificates is a big step up from doing it manually

If you want to create a wildcard certificate, you have to use dns-01 validation.

So the --preferred-challenges isn’t required.

–challenge dns-01 ?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.