Ssl_session_timeout" directive is duplicate (cannot restart nginx)

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: certbot --nginx

It produced this output:

nginx restart failed:

nginx: [emerg] "ssl_session_timeout" directive is duplicate in /etc/letsencrypt/options-ssl-nginx.conf:8

My web server is (include version): Nginx 1.18.0

The operating system my web server runs on is (include version): Ubuntu 20.04

My hosting provider, if applicable, is: Self host (home)

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Webmin (in addion to SSH)

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 2.8.0

I have 7 SSL certs installed with LE. I added a new one today (so now I have 8 :slight_smile: but when LE attempts to restart Nginx I get the error listed above and below:

nginx restart failed:

nginx: [emerg] "ssl_session_timeout" directive is duplicate in /etc/letsencrypt/options-ssl-nginx.conf:8

The thing I'm stuck on is that I cannot find a duplicate ssl_session_timeout setting anywhere in my nginx conf

I'm at a loss. :frowning: Note - all of the other 7 certs I have installed work fine.

Hmm, still confused. I just updated Ubuntu with various periodic updates that I had been putting off. Restarted the server for kernel updates and everything works as before...except I still cannot get the new certificate to install. It is generating the same error:

nginx restart failed:

nginx: [emerg] "ssl_session_timeout" directive is duplicate in /etc/letsencrypt/options-ssl-nginx.conf:8

Ok, knucklehead move on my part. Figured out the issue here.

I had copy/pasted a config from a different Nginx server and neglected to delete all of the Certbot related lines. Apparently certbot was adding those same lines and thus duplicating them in the config. Because it was never actually applied I could not find the duplicate. I removed the lines from the nginx config so certbot could add them and not duplicate and reran everything with success. :slight_smile:

Apologies for the false alarm.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.