Not able to install certificate

My domain is:
http://fts.pixellicio.us
I ran this command:
sudo certbot --nginx
It produced this output:

root@ftsweb:~# sudo certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] no "ssl_certificate" is defined for the "listen ... ssl" directive in /etc/nginx/sites-enabled/default:21
nginx: configuration file /etc/nginx/nginx.conf test failed

The nginx plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError('Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] no "ssl_certificate" is defined for the "listen ... ssl" directive in /etc/nginx/sites-enabled/default:21\nnginx: configuration file /etc/nginx/nginx.conf test failed\n')
root@ftsweb:~# sudo certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
No simulated renewals were attempted.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
root@ftsweb:~#

My web server is (include version):
Flask 3.0
The operating system my web server runs on is (include version):
Ubuntu 20
My hosting provider, if applicable, is:
RoyaleHosting
I can login to a root shell on my machine (yes or no, or I don't know):
Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No, I am running it on the command line. I am trying to move to nginx to free up the command line when the server is running and add HTTPS support but I keep running into these issues. I am SSH'd into the server.
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
2.7.3

What does this say

sudo nginx -t

(lower case t is fine for now)

Because a working nginx is required before trying to use Certbot with --nginx plugin

4 Likes

I see this:

^Croot@ftsweb:~/fts_web# service nginx start
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xeu nginx.service" for details.
root@ftsweb:~/fts_web# nginx
nginx: [emerg] no "ssl_certificate" is defined for the "listen ... ssl" directive in /etc/nginx/sites-enabled/default:21
root@ftsweb:~/fts_web# nginx -t
nginx: [emerg] no "ssl_certificate" is defined for the "listen ... ssl" directive in /etc/nginx/sites-enabled/default:21
nginx: configuration file /etc/nginx/nginx.conf test failed
root@ftsweb:~/fts_web#

Yeah, your nginx config is broken :frowning:

As described by nginx, your .../sites-enabled/default file has an invalid statement on line 21. My guess is you have a listen 443 ssl; statement in a server block without any ssl certificates defined. You cannot have partly enabled server blocks in nginx. If you don't yet have any certs you should not have an ssl server block defined.

If you post your entire default file someone might be able to help. I was just about to sign off for the nite so probably wont be me.

4 Likes

It's not configured fully yet, I just tried adding ssl:


I am trying to follow this tutorial as this is my first time using nginx + LE and I'm clueless: How to run a Flask App Over HTTPS, using Waitress and NGINX. Updated for 2022. - DEV Community

Well, sorry, but this isn't a general-purpose nginx support site. With a quick glance I don't think you even followed that blog very well. Maybe someone else will chime in but you should at least remove those two listen clauses for port 443 when you don't have any ssl certs defined.

I think you have a lot of learning to do and certs are not your biggest problem.

4 Likes

Didn't say I had fully followed it. I was trying to but got stuck on the certificate not working. Is it worth it to just start over again? I have http working but not https.

you have a broken nginx. First fix it so you can stop and start it successfully. I also just realized you have your domain proxied at Cloudflare so using their CDN. You might want to consider using their origin CA certificate instead. See their docs

4 Likes

Right now, the domain is linked to the backup free server, I had disconnected it from the real one because of this issue.

Earlier today I just used plain Flask and tried setting my SSL to Flexible on Cliudflare's end and got this:

I'll note that I forgot to turn the proxy on. I'll retry this tomorrow if I know it's a possible solution and then the proxy back on

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.