Produced an unexpected error: Missing command line flag or config entry for this setting:

griffin · March 10, 2021, 11:04pm

We're not quite done...

seekman · March 10, 2021, 11:05pm

great, nginx vhost updated without the strange suffix :))

griffin · March 10, 2021, 11:06pm

Now...

nginx -T

It will be long. We're looking for errors, like this one:

griffin · March 10, 2021, 11:08pm

I can confirm from my end that your new certificate is functioning correctly. We'll try a renewal test in a minute.

seekman · March 10, 2021, 11:09pm

very long output file, since I have many sites in this server...
Should I have to focus on sth specific?

griffin · March 10, 2021, 11:10pm

Mainly you want to keep your eyes open for conflicts. Since the one I noted was just a warning, it shouldn't stop nginx from operating correctly.

griffin · March 10, 2021, 11:11pm

Let's try this now:

certbot renew --cert-name sekretyrozwojuosobistego.pl --dry-run

seekman · March 10, 2021, 11:14pm

$ sudo certbot renew --cert-name sekretyrozwojuosobistego.pl --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/sekretyrozwojuosobistego.pl.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator nginx, Installer nginx
Simulating renewal of an existing certificate for sekretyrozwojuosobistego.pl and www.sekretyrozwojuosobistego.pl
Performing the following challenges:
http-01 challenge for sekretyrozwojuosobistego.pl
http-01 challenge for www.sekretyrozwojuosobistego.pl
Waiting for verification...
Cleaning up challenges
Dry run: skipping deploy hook command: nginx -s reload

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of nginx server; fullchain is
/etc/letsencrypt/live/sekretyrozwojuosobistego.pl/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all simulated renewals succeeded:
  /etc/letsencrypt/live/sekretyrozwojuosobistego.pl/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

griffin · March 10, 2021, 11:15pm

Awesome!

Now...

Try this:

certbot renew --cert-name sekretyrozwojuosobistego.pl --force-renewal

seekman · March 10, 2021, 11:16pm

$ sudo certbot renew --cert-name sekretyrozwojuosobistego.pl --force-renewal
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/sekretyrozwojuosobistego.pl.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate for sekretyrozwojuosobistego.pl and www.sekretyrozwojuosobistego.pl
Running deploy-hook command: nginx -s reload
Error output from deploy-hook command nginx:
nginx: [warn] conflicting server name "http2" on 0.0.0.0:443, ignored


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of nginx server; fullchain is
/etc/letsencrypt/live/sekretyrozwojuosobistego.pl/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all renewals succeeded:
  /etc/letsencrypt/live/sekretyrozwojuosobistego.pl/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

griffin · March 10, 2021, 11:17pm

As you can see here:

https://crt.sh/?Identity=sekretyrozwojuosobistego.pl&deduplicate=Y

your renewal just worked.

griffin · March 10, 2021, 11:21pm

With that, I can assure you that the sekretyrozwojuosobistego.pl certificate will automatically renew correctly, so long as you have an automated task (e.g. cron) running certbot renew. Since certbot is supposed to set this up automatically when it is installed, you should be good to go.

You can delete the wonky certificate now:

certbot delete --cert-name sekretyrozwojuosobistego.pl-0001

seekman · March 10, 2021, 11:31pm

excellent, thank you for such great and fast help

griffin · March 10, 2021, 11:32pm

You are quite welcome!

system · April 9, 2021, 11:32pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.