Tried to insert directive but found conflicting snakeoil

``
kiepownica@kiepownica:~$ sudo certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx

Which names would you like to activate HTTPS for?


1: kiepownica.pl
2: forum.kiepownica.pl
3: www.forum.kiepownica.pl
4: nowa.kiepownica.pl
5: www.nowa.kiepownica.pl
6: sinusbot.kiepownica.pl
7: www.sinusbot.kiepownica.pl
8: spolszczenie.kiepownica.pl
9: www.spolszczenie.kiepownica.pl
10: testowa.kiepownica.pl
11: www.testowa.kiepownica.pl
12: www.kiepownica.pl
13: olokos.pl
14: aneta.olokos.pl
15: www.aneta.olokos.pl
16: files.olokos.pl
17: www.files.olokos.pl
18: www.olokos.pl


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): 14,15
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn’t close to expiry.
(ref: /etc/letsencrypt/renewal/aneta.olokos.pl.conf)

What would you like to do?


1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)


Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 1
Keeping the existing certificate
Problem in /etc/nginx/sites-enabled/aneta.olokos.pl: tried to insert directive “[‘ssl_certificate’, ‘/etc/letsencrypt/live/kiepownica.pl/fullchain.pem’]” but found conflicting “[‘ssl_certificate’, ‘/var/lib/letsencrypt/snakeoil/0009_cert.pem’]”.

IMPORTANT NOTES:

  • Unable to install the certificate
  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/aneta.olokos.pl/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/aneta.olokos.pl/privkey.pem
    Your cert will expire on 2020-07-29. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot again
    with the “certonly” option. To non-interactively renew all of
    your certificates, run “certbot renew”

``
I am running already multiple websites, but I tried to create one for a friend and I cannot get SSL cert :frowning:

1 Like

Hi @olokos

simple solution:

  • Make a backup
  • disable that port 443 vHost
  • run the same command again, Certbot should ask the same and should now be able to create the port 443 vHost
  • may be add some additional definitions you can see in the current config
2 Likes

I have just removed the entire 443 section leaving only

server {
        if ($host = www.aneta.olokos.pl) {
                return 301 https://$host$request_uri;
        }

        if ($host = aneta.olokos.pl) {
                return 301 https://$host$request_uri;
        }

        listen 80;
        listen [::]:80;

        server_name aneta.olokos.pl www.aneta.olokos.pl;
        return 404;
}

But I’m getting this anyway

Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Keeping the existing certificate
Problem in /etc/nginx/sites-enabled/aneta.olokos.pl: tried to insert directive "['ssl_certificate', '/etc/letsencrypt/live/kiepownica.pl/fullchain.pem']" but found conflicting "['ssl_certificate', '/var/lib/letsencrypt/snakeoil/0011_cert.pem']".

Please take note that snakeoil/number is incrementing with each attempt.

Removing both conditional redirects results in the same, just that snakeoil/0012_cert.pm was generated.

1 Like

That

isn’t a disabled vHost. Or you have a configuration with an automated creation.

Or there are additional systems (server management software or something else).

2 Likes

The issue remains the same, I thought the way to go of adding a new SSL website was to create a new sites-enabled entry with everything ready, make a symlink in sites-enabled and then just certbot --nginx and select new websites, that’s what I always did.

I have just removed https blocks from the nginx config files and now I cannot even see the domain in certbot --nginx at all

https://termbin.com/rpfz
Here’s how it looks like currently, modified as per your instructions.
With this config it doesn’t show up in certbot --nginx whatsoever

That’s

the wrong way. As written: Let Certbot create the port 443 vHost.

2 Likes

When I have no other configuration than port 80 vhost then it doesn’t display the website I’m trying to get ssl for at all in the list of domains. (sudo certbot -nginx)

When there is no port 443 specified in vhost then it also does not show up when running
sudo certbot -nginx

If the site is not linked in sites-enabled then the vhost is not visible when trying to invoke sudo certbot --nginx

I am not sure how should I proceed?

I just fixed it

Apparently I had to remove
ssl certificate and ssl_certificate_key from the vhost file and that worked perfectly!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.