Missing Command Line flag for Certbot Install w/ Nginx plugin: "Which server blocks would you like to modify?"

My domain is:
cosmoline.cloud

I ran this command:
certbot install --nginx --cert-name 'cosmoline.cloud' --redirect -n

It produced this output:
`Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator None, Installer nginx
Missing command line flag or config entry for this setting:
Which server blocks would you like to modify?
File: /etc/nginx/nginx.conf
Addresses: 443 ssl
Names: charset, utf-8, *.cosmoline.cloud
HTTPS: Yes

IMPORTANT NOTES:

  • Unable to install the certificate`

My web server is (include version):
nginx-1.17.8

The operating system my web server runs on is (include version):
Debian GNU 10 (buster)

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.31.0

I am unable to find information on how to provide a command-line flag to answer Which server blocks would you like to modify? What ways are there to achieve a solution so that I can run the command non-interactively?

1 Like

Your command string needs some editing and adding to:
“install” is read by certbot as “installer”, and isn’t really needed. --nginx does the trick all by itself.
–cert-name is probably not what you think it is. This flag assigns a housekeeping name for your eventual certificate; if you don’t specify it, certbot generates one based on the domain(s) being covered.
–redirect tries to alter your NGINX server configuration, so that any HTTP: requests are automatically redirected to use HTTPS. You may or may not want this, but I recommend doing this configuration separately. You won’t need to keep doing it every renewal, and configuring this manually is probably both safer and more educational.
-n isn’t a good idea on your initial cerbot attempt. When you get to doing renewals, that will happen automaticallly (I use “certbot renew -q”).
Finally, you must supply certbot with some hostnames that should be covered by this certificate. The -d {hostname} sequence is what you need. I’d recommend both
“-d www.cosmoline.cloud” and “-d cosmoline.cloud”. Depending on what other services you run on this machine, you might want to include other DNS names (like mail.cosmoline.cloud, for example). One certificate can have quite a few names that it covers. Each DNS name needs its own -d spec, though.

4 Likes

Thanks for the quick response. I’ve taken on-board your recommendations and made a few changes which seem to fit the bill for me.

1 Like

By the way, in latest Certbot versions --redirect is enabled by default: https://github.com/certbot/certbot/pull/7595

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.