Nginx (https) virtual host not recognized after running certbot

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain

I ran this command:certbot --nginx --cert-name map -d

It produced this output:installed successfully

My web server is (include version):nginx/1.14.2

The operating system my web server runs on is (include version):Debian/buster

My hosting provider, if applicable, is:our own

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):1.18.0

I have 4 sites running on the same production server, all SSL'd by certbot, and have been for over a year. I went to add the map. subdomain the usual way, but after the cert was successfully installed, nginx now re-directs the 443 to the default site rather than the new map. site. I've been trying everything over the last couple days with no luck. It appears that the 443 server block in my nginx conf for the map. site is being ignored by nginx. With no errors or debugging options, I don't know what to try next.

Hi @evanb,

For this problem, I think it would be helpful to post your nginx configuration:

sudo nginx -T

Here ya go, thanks!

nginx.conf.txt (21.9 KB)


I think what it might be is that you have a mixture of listen bind addresses and modes:

listen ssl http2;
listen 443 ssl;

nginx can do some funny things sometimes if you mix protocols on a single port.

What I would suggest is making things the same across each of your virtual hosts.

You'll notice that the map one is the odd one out, which makes me suspect this as the cause.


I put a lot of trust in the conf that certbot was creating so didn't suspect that. However, I just now changed the map. block to the following:

listen ssl ipv6only=on;


Thank you so much! ...and for such a quick reply.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.