Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: accessmontana.com (migration)
I ran this command: see below
It produced this output: see below
My web server is (include version): nginx 1.18.0-6.1+deb11u3
The operating system my web server runs on is (include version): Debian 5.10.179-1
My hosting provider, if applicable, is: myself on a Google Cloud VM
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot): certbot 1.12.0
This is a bit of a catch-22. I migrate wordpress sites to my hosting server a lot, and this has been an ongoing issue ever since I switched from Apache to nginx years ago. I have all sites under a single IP addr that points to my Google Cloud VM that runs my webserver.
To migrate a site I:
- Grab the database and files from the wordpress sites and copy them to my server
- Set up my host DNS
- Set up my nginx config files for the site (For config example see here)
- Change my host file on localhost to point at my server for that site
The site on my machine is still set up for https as it was on the original server of course. When I try to access it, my browser throws a warning because it can't find the ssl cert. There isn't one at this point. Instead of bringing up the site anyway so that I can verify that everything is there and working, nginx takes me to the first site alphabetically that has a valid cert. So when I goto example.com, I get a warning, ignore it, and anexample.com shows up instead.
I can't create an ssl certificate with certbot yet, because I'm not the authority until the owner points the site's A record at me.
So, what I do is cross my fingers that everything migrated and I call the client and ask them to change their DNS. I warn them that when they do so, for a moment their URL will bring up the wrong site, so they need to call me the moment they make the change. Then I run "sudo certbot --authenticator webroot --installer nginx --webroot-path /var/www/example.com/", certbot does it's thing and hopefully everything works out. If I miss their call, or I'm not available in that moment it's a disaster.
I haven't read of anyone else going through this stress, so there must be something weird about my setup.
Can someone help me sort this out?
Apologies for the wall of text, but it's better than too little info.