Nginx: [emerg] "ssl_certificate" directive is duplicate in /etc/nginx/sites-enabled/00-default-ssl.conf

teodor · March 27, 2020, 10:16pm

Hello everyone. First of all I would like to say thank you for everything that you guys are doing. I found a similar topic like mine but it didn't work for me so here we are.

I'm running Debian 9.0 x64 with nginx.

While I'm trying to use certbot --nginx, I'm getting the following output:

Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Keeping the existing certificate
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/00-default-ssl.conf
nginx: [emerg] "ssl_certificate" directive is duplicate in /etc/nginx/sites-enabled/00-default-ssl.conf:25
Rolling back to previous server configuration...
nginx restart failed:

My /etc/nginx/sites-enabled/00-default-ssl.conf:

server {
listen 443 ssl;
listen [::]:443 ssl ipv6only=on;

server_name www.houseofgamers.club;

root /var/www/hog;
index index.php index.html;

include /etc/nginx/templates/misc.tmpl;
include /etc/nginx/templates/ssl.tmpl;
include /etc/nginx/templates/iredadmin.tmpl;
include /etc/nginx/templates/roundcube.tmpl;
include /etc/nginx/templates/sogo.tmpl;
include /etc/nginx/templates/netdata.tmpl;
include /etc/nginx/templates/php-catchall.tmpl;
include /etc/nginx/templates/stub_status.tmpl;

}
server {
listen 80;
listen [::]:80;
server_name www.houseofgamers.club;
return 301 https://www.houseofgamers.club$request_uri;
}

Running nginx -t:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

certbot --version -  certbot 0.28.0

To be honest I don't want to reinstall everything to get this problem fixed. Is there any solution to get this fixed?

Thanks in advance!!!

rg305 · March 28, 2020, 1:25am

Please show this file:

teodor · March 28, 2020, 10:25am

Here’s the /etc/nginx/templates/ssl.tmpl

ssl_protocols TLSv1.2;

# Fix 'The Logjam Attack'.
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/dh2048_param.pem;

# To use your own ssl cert (e.g. "Let's Encrypt"), please create symbol link to
# ssl cert/key used below, so that we can manage this config file with Ansible.
#
# For example:
#
# rm -f /etc/ssl/private/iRedMail.key
# rm -f /etc/ssl/certs/iRedMail.crt
# ln -s /etc/letsencrypt/live/<domain>/privkey.pem /etc/ssl/private/iRedMail.key
# ln -s /etc/letsencrypt/live/<domain>/fullchain.pem /etc/ssl/certs/iRedMail.crt
#
# To request free "Let's Encrypt" cert, please check our tutorial:
# https://docs.iredmail.org/letsencrypt.html
ssl_certificate /etc/ssl/certs/iRedMail.crt;
ssl_certificate_key /etc/ssl/private/iRedMail.key;

9peppe · March 28, 2020, 10:29am

I think you can comment out this entire line.

There is something really strange going on, nginx should not complain about a duplicate ssl_certificate directive, what nginx version are you running?

also, check if there's another one somewhere: grep -r ssl_certificate /etc/nginx

system · April 27, 2020, 10:29am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.