Obtained SSL certificate but didn't save successful

grj0000 · August 2, 2020, 1:46pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
meet.jitsi.guorj.icu
I ran this command:
sudo certbot --nginx -d meet.jitsi.guorj.icu -d www.meet.jitsi.guorj.icu
It produced this output:

My web server is (include version):
ubuntu 16.04
The operating system my web server runs on is (include version):
ubuntu 16.04
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
python-certbot-nginx 0.31.0
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):0.31.0

9peppe · August 2, 2020, 2:15pm

Your account credentials (that aren’t certificates) should be in /etc/letsencrypt/accounts but you usually don’t need to see them.

grj0000 · August 3, 2020, 1:19am

thank you ！ But, I had searched every corner of the catalog “etc/letsencrypt/”, but couldn’t find it. It is most likely that there is a failure in software authentication. When adding this key and certificate to nginx, an error is reported and the following copy to disk operation is not continued.
Can the records previously applied for be deleted so that I can apply again? Now my account information and the information recorded in the application certificate are consistent, and there will be no problem.

grj0000 · August 3, 2020, 1:21am

_az · August 3, 2020, 1:24am

Your certificate and its private key would be stored in /etc/letsencrypt/live.

From your initial screenshot, the certificate issuance did not actually succeed. It failed and no certificate was created.

Your Let’s Encrypt ACME account was created and saved in /etc/letsencrypt/account, but that’s not really relevant and is separate to your certificate.

Now, the error about server_names_hash_bucket_size is a bug in Certbot’s nginx plugin.

The workaround is to change your current nginx configuration’s server_names_hash_bucket_size value to 128, from whatever its value currently is.

grj0000 · August 3, 2020, 1:53am

Thank you for your guidance. How can I continue? After fixing the nginx bug, I tried to re execute this command,
certbot – nginx - d meet.jitsi.guorj .icu -d www.meet.jitsi.guorj.icu 。 But it turns out that the domain name has been associated with a certificate

_az · August 3, 2020, 2:00am

You have two problems.

First is that you haven’t got your ICP license for your domain, so it’s being blocked and Let’s Encrypt can’t complete the validation challenge:

Second problem is that you haven’t created a DNS record for the www subdomain.

grj0000 · August 3, 2020, 2:51am

Thank you. The problem is solved !

system · September 2, 2020, 2:51am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.