I ran this command: certbot install --nginx --cert-name 'cosmoline.cloud' --redirect -n
It produced this output:
`Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator None, Installer nginx
Missing command line flag or config entry for this setting:
Which server blocks would you like to modify?
File: /etc/nginx/nginx.conf
Addresses: 443 ssl
Names: charset, utf-8, *.cosmoline.cloud
HTTPS: Yes
IMPORTANT NOTES:
Unable to install the certificate`
My web server is (include version): nginx-1.17.8
The operating system my web server runs on is (include version): Debian GNU 10 (buster)
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0
I am unable to find information on how to provide a command-line flag to answer Which server blocks would you like to modify? What ways are there to achieve a solution so that I can run the command non-interactively?
Your command string needs some editing and adding to:
“install” is read by certbot as “installer”, and isn’t really needed. --nginx does the trick all by itself.
–cert-name is probably not what you think it is. This flag assigns a housekeeping name for your eventual certificate; if you don’t specify it, certbot generates one based on the domain(s) being covered.
–redirect tries to alter your NGINX server configuration, so that any HTTP: requests are automatically redirected to use HTTPS. You may or may not want this, but I recommend doing this configuration separately. You won’t need to keep doing it every renewal, and configuring this manually is probably both safer and more educational.
-n isn’t a good idea on your initial cerbot attempt. When you get to doing renewals, that will happen automaticallly (I use “certbot renew -q”).
Finally, you must supply certbot with some hostnames that should be covered by this certificate. The -d {hostname} sequence is what you need. I’d recommend both
“-d www.cosmoline.cloud” and “-d cosmoline.cloud”. Depending on what other services you run on this machine, you might want to include other DNS names (like mail.cosmoline.cloud, for example). One certificate can have quite a few names that it covers. Each DNS name needs its own -d spec, though.