"The certificate was saved, but could not installed (installer: nginx)"

Hello, I am now trying to transfer my website from old server to new server. A private company was looking after my website and they got already certificate but now I wento inside there cpanel and pointed my new ip address yesterday and now I am trying to get this certificate. but while I am doing this here, I got the following message; Could not automatically find a matching server block for easygoshuttle.com.au. Set the server_name directive to use the Nginx installer.
My domain is: easygoshuttle.com.au

I ran this command: sudo certbot --nginx

It produced this output: The certificate was saved, but could not be installed (installer: nginx)

My web server is (include version): Cloud compute, nginx, gunicorn

The operating system my web server runs on is (include version): Ubuntu 21.04 x 64

My hosting provider, if applicable, is: vultr.com

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.16.0

Looks like the nginx installer doesn't understand your nginx configuration. Could you paste the output of sudo nginx -T please?

It sounds like your nginx configuration, where you configure the proxy_pass to gunicorn, is missing a server_name.

You should be able to fix this by adding a server_name just after the server block starts:

server {
    server_name easygoshuttle.com.au www.easygoshuttle.com.au;

You'll likely find this file in /etc/nginx/sites-enabled/ or /etc/nginx/conf.d/.

Once you've done that, try the Certbot install command again.

@sung Note that to re-install your previously issued (but not installed) certificate, it isn't necessary to re-issue the certificate from the Let's Encrypt servers. Certbot should ask you if you would like to try to install the existing cert again or issue a new one. You should choose the former and not the latter

Hello, Osiris
Thank you for your help
here are the output I got from 'sudo nginx -T'

# configuration file /etc/nginx/proxy_params:
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

Thanks again

That's right. I did not put server_name on purpose, instead I put only IP address because at that time it was deploying on old server. Let me try to put server name. Thanks a lot

That command should have shown you a whole lot more. It should have listed your entire current nginx configuration. I doubt that's just the directives from proxy_params?

Thank you all. It works.. all good but I test it if it works fine

I got this message (attached the screenshot) and paste below

Your connection is not private
Attackers might be trying to steal your information from www.easygoshuttle.com.au (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID
To get Chrome’s highest level of security, turn on enhanced protection

I searched 'easygoshuttle.com.au' in google and the results came out, I just clicked the one like other client might do the way

more message (after clicking 'advanced')

This server could not prove that it is www.easygoshuttle.com.au; its security certificate is from easygoshuttle.com.au. This may be caused by a misconfiguration or an attacker intercepting your connection.

Proceed to www.easygoshuttle.com.au (unsafe)

Before clicking 'turn on enhanced security', I think I should ask you guys first.

You're gonna want to add the www subdomain to your certificate:

sudo certbot --nginx --cert-name easygoshuttle.com.au \
-d easygoshuttle.com.au -d www.easygoshuttle.com.au

Thanks a lot ! I wish I could help others like you in the future

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.