Nginx installer MisconfigurationError: Cannot find a VirtualHost matching domain

Ubuntu 16.04.3 LTS, nginx/1.12.2, certbot 0.19.0

certbox nginx installer is unable to install certificate for one virtualhost. webroot authentication worked, but it complains can’t find server_name. Other virtualhosts with similar config works fine.

certbot

$ sudo certbot -a webroot -i nginx -d test.example.com -w /var/www/test.example.com/
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer nginx
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn’t close to expiry.
(ref: /etc/letsencrypt/renewal/test.example.com.conf)

What would you like to do?

1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)

Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 1
Keeping the existing certificate
Cannot find a VirtualHost matching domain test.example.com. In order for Certbot to correctly perform the challenge please add a corresponding server_name directive to your nginx configuration: https://nginx.org/en/docs/http/server_names.html

IMPORTANT NOTES:

  • Unable to install the certificate
  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/test.example.com/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/test.example.com/privkey.pem
    Your cert will expire on 2018-05-05. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot again
    with the “certonly” option. To non-interactively renew all of
    your certificates, run “certbot renew”

LE log

2018-02-04 01:37:20,798:INFO:certbot.renewal:Cert not yet due for renewal
2018-02-04 01:37:25,075:INFO:certbot.main:Keeping the existing certificate
2018-02-04 01:37:25,077:DEBUG:certbot.reporter:Reporting to user: Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/test.example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/test.example.com/privkey.pem
Your cert will expire on 2018-05-05. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the “certonly” option. To non-interactively renew all of your certificates, run “certbot renew"
2018-02-04 01:37:25,092:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File “/usr/lib/python2.7/dist-packages/certbot/client.py”, line 452, in deploy_certificate
fullchain_path=fullchain_path)
File “/usr/lib/python2.7/dist-packages/certbot_nginx/configurator.py”, line 194, in deploy_cert
vhost = self.choose_vhost(domain)
File “/usr/lib/python2.7/dist-packages/certbot_nginx/configurator.py”, line 242, in choose_vhost
"https://nginx.org/en/docs/http/server_names.html”) % (target_name))
MisconfigurationError: Cannot find a VirtualHost matching domain test.example.com. In order for Certbot to correctly perform the challenge please add a corresponding server_name directive to your nginx configuration: https://nginx.org/en/docs/http/server_names.html

nginx config
even after adding ssl config manually, certbot still can’t find server_name

$ sudo grep test.example.com /etc/nginx/sites-available/*
/etc/nginx/sites-available/test.example.com: server_name “test.example.com”;
/etc/nginx/sites-available/test.example.com: access_log /var/log/nginx/test.example.com_access.log;
/etc/nginx/sites-available/test.example.com: error_log /var/log/nginx/test.example.com_error.log;
/etc/nginx/sites-available/test.example.com: root /var/www/test.example.com;
/etc/nginx/sites-available/test.example.com:ssl_certificate /etc/letsencrypt/live/test.example.com/fullchain.pem; # managed by Certbot
/etc/nginx/sites-available/test.example.com:ssl_certificate_key /etc/letsencrypt/live/test.example.com/privkey.pem; # managed by Certbot

$ sudo more test.example.com
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name “test.example.com”;
#return 444;
#return 302 https://www.google.com/appsstatus#hl=en&v=status;

    access_log /var/log/nginx/test.example.com_access.log;
    error_log /var/log/nginx/test.example.com_error.log;

    root /var/www/test.example.com;
    index index.html;

    location / {
            try_files $uri $uri/ =404;
    }

listen 443 ssl default_server; # managed by Certbot
listen [::]:443 ssl default_server;

ssl_certificate /etc/letsencrypt/live/test.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/test.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

if ($scheme != "https") {
    return 301 https://$host$request_uri;
} # managed by Certbot

}

Maybe the quotation marks need to be removed?

Nice catch. This should be a bug imo. quotation marks are valid for nginx config

@erica, maybe this should be an update to the nginx grammar?

Thanks for the catch; tracking at https://github.com/certbot/certbot/issues/5543

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.