Produced an unexpected error: Missing command line flag or config entry for this setting:

Let's do this piecemeal then...

First...

certbot certonly --cert-name sekretyrozwojuosobistego.pl --nginx -d "sekretyrozwojuosobistego.pl,www.sekretyrozwojuosobistego.pl" --deploy-hook "nginx -s reload"

What did it do?

$ sudo certbot certonly --cert-name sekretyrozwojuosobistego.pl --nginx -d "sekretyrozwojuosobistego.pl,www.sekretyrozwojuosobistego.pl" --deploy-hook "nginx -s reload"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Requesting a certificate for sekretyrozwojuosobistego.pl and www.sekretyrozwojuosobistego.pl
Performing the following challenges:
http-01 challenge for sekretyrozwojuosobistego.pl
http-01 challenge for www.sekretyrozwojuosobistego.pl
Waiting for verification...
Cleaning up challenges
Running deploy-hook command: nginx -s reload
Error output from deploy-hook command nginx:
nginx: [warn] conflicting server name "http2" on 0.0.0.0:443, ignored


IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/sekretyrozwojuosobistego.pl/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/sekretyrozwojuosobistego.pl/privkey.pem
   Your certificate will expire on 2021-06-08. To obtain a new or
   tweaked version of this certificate in the future, simply run
   certbot again. To non-interactively renew *all* of your
   certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le
1 Like

It successfully acquired a certificate and put it under Certificate Name of sekretyrozwojuosobistego.pl. It also created a "deployment hook" associated with the certbot renewal configuration for sekretyrozwojuosobistego.pl that gracefully reloads the nginx server when the certificate is successfully acquired (or renewed).

1 Like

Second...

Edit the nginx conf file containing the configuration info you gave me above and remove the -0001 from the ssl_certificate and ssl_certificate_key directives.

When that's done, run:

nginx -s reload

1 Like

wow! it looks like it now works fine. Certbot certifcates sees it updated.
So now it should update automatically regularly?

1 Like

We're not quite done... :grin:

1 Like

great, nginx vhost updated without the strange suffix :))

1 Like

Now...

nginx -T

It will be long. We're looking for errors, like this one:

I can confirm from my end that your new certificate is functioning correctly. We'll try a renewal test in a minute.

1 Like

very long output file, since I have many sites in this server...
Should I have to focus on sth specific?

1 Like

Mainly you want to keep your eyes open for conflicts. Since the one I noted was just a warning, it shouldn't stop nginx from operating correctly.

Let's try this now:

certbot renew --cert-name sekretyrozwojuosobistego.pl --dry-run

1 Like
$ sudo certbot renew --cert-name sekretyrozwojuosobistego.pl --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/sekretyrozwojuosobistego.pl.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator nginx, Installer nginx
Simulating renewal of an existing certificate for sekretyrozwojuosobistego.pl and www.sekretyrozwojuosobistego.pl
Performing the following challenges:
http-01 challenge for sekretyrozwojuosobistego.pl
http-01 challenge for www.sekretyrozwojuosobistego.pl
Waiting for verification...
Cleaning up challenges
Dry run: skipping deploy hook command: nginx -s reload

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of nginx server; fullchain is
/etc/letsencrypt/live/sekretyrozwojuosobistego.pl/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all simulated renewals succeeded:
  /etc/letsencrypt/live/sekretyrozwojuosobistego.pl/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 Like

Awesome! :grinning:

Now...

Try this:

certbot renew --cert-name sekretyrozwojuosobistego.pl --force-renewal

$ sudo certbot renew --cert-name sekretyrozwojuosobistego.pl --force-renewal
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/sekretyrozwojuosobistego.pl.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate for sekretyrozwojuosobistego.pl and www.sekretyrozwojuosobistego.pl
Running deploy-hook command: nginx -s reload
Error output from deploy-hook command nginx:
nginx: [warn] conflicting server name "http2" on 0.0.0.0:443, ignored


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of nginx server; fullchain is
/etc/letsencrypt/live/sekretyrozwojuosobistego.pl/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all renewals succeeded:
  /etc/letsencrypt/live/sekretyrozwojuosobistego.pl/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Likes

As you can see here:

https://crt.sh/?Identity=sekretyrozwojuosobistego.pl&deduplicate=Y

your renewal just worked. :wink:

1 Like

With that, I can assure you that the sekretyrozwojuosobistego.pl certificate will automatically renew correctly, so long as you have an automated task (e.g. cron) running certbot renew. Since certbot is supposed to set this up automatically when it is installed, you should be good to go.

You can delete the wonky certificate now:

certbot delete --cert-name sekretyrozwojuosobistego.pl-0001

1 Like

excellent, thank you for such great and fast help

2 Likes

You are quite welcome! :blush:

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.