Ubuntu 20.10 desktop (through Gnome Boxes - Fedora SB is main pc) + Ubuntu 20.04 LTS focal minimal cloud image + Aws EC2 + ROute 53 + Elastic IP

my domain is brightlander.com - I followed these instructions via a Udemy course I took (I'm new to Linux and what not): GitHub - groovemonkey/hands_on_linux-self_hosted_wordpress_for_linux_beginners: Code and configuration snippets for the course.

Here's the Certbot section that's not advertised directly in the above link (necessarilly): hands_on_linux-self_hosted_wordpress_for_linux_beginners/letsencrypt-certbot.md at master · groovemonkey/hands_on_linux-self_hosted_wordpress_for_linux_beginners · GitHub

I got everything seemingly up and running with my Ubuntu Gnome Boxes VM + the Ubuntu 20.04 minimal focal server on AWS - everything was actually working alright when I realized that I set everything up with my Elastic IP and decided to try and change it to the actual IP (without much due diligence). I basically re-installed certbot WITHOUT 'ceronlly' and then chose a new certificate and it looks like there's a duplicate but i'm not well versed in trouble shooting.

My gut instinct is to delete the second duplicate - but not even sure which one that is b/c they're not numbered and now my site is vulnerable...

My domain is: brightlander.com

I ran this command (this is the second time when I thought I made a mistake and tried to correct it): ```
sudo apt install certbot python3-certbot-nginx

sudo certbot --nginx

sudo certbot renew --dry-run

It produced this output:

sudo certbot --nginx -d brightlander.com -d www.brightlander.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/brightlander.com.conf)

What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)

******* I CHOSE 2******
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Keeping the existing certificate
Deploying Certificate to VirtualHost /etc/nginx/conf.d/brightlander.conf
Deploying Certificate to VirtualHost /etc/nginx/conf.d/brightlander.conf
nginx: [warn] duplicate MIME type "text/html" in /etc/nginx/nginx.conf:34

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.

******* I CHOSE  TO REDIRECT******
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Traffic on port 80 already redirecting to ssl in /etc/nginx/conf.d/brightlander.conf
Traffic on port 80 already redirecting to ssl in /etc/nginx/conf.d/brightlander.conf
nginx: [warn] duplicate MIME type "text/html" in /etc/nginx/nginx.conf:34

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://brightlander.com and

You should test your configuration at:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 - Congratulations! Your certificate and chain have been saved at:
   Your key file has been saved at:
   Your cert will expire on 2021-06-26. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

My web server is (include version): Route 53 host + nginx + ubuntu 20.10 vm + ubuntu 20.04 focal 

The operating system my web server runs on is (include version): My computer is a ThinkPad X1 Gen 8 that has Fedora and gnome boxes - used Gnome boxes for Ubuntu...

My hosting provider, if applicable, is: Route 53 Amazon Web Services

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Not yet.

The version of my client is (e.g. output of `certbot --version` or `certbot-auto --version` if you're using Certbot):IDK

Hi @point14

your domain has a valid certificate, so all is ok.


you have a lot of mixed content, see https://check-your-website.server-daten.de/?q=brightlander.com#html-content

Resources included with ip addresses:

So the certificate is invalid, so the resource is not loaded, so your site looks a little bit broken.

You have to use your domain address as "base address" (something in your WordPress configuration).

Hi Juregen,

I'm kind of lost. I hadn't done a single thing to that site and I'm quite new to the Linux world. The course taught me a lot - but not very much about troubleshooting. Are you sure there's not an issue with there being (seemingly) a duplicate? I created the username and password and that's basically it... my other stie seems to work fine (did it last week): medsupplynetwork.com -> but I dind't "re-install" Certbot on that one...

By the way, thanks for taking a look @JuergenAuer ! When i try to go to: brightlander.com/wp-admin --> it won't let me log in and returns: " Your connection is not private

Attackers might be trying to steal your information from (for example, passwords, messages, or credit cards). Learn more


It looks like a lot of people have viewed this so please answer me this...

If I deleted this virtual machine, deleted my Route 53, deleted my elastic IP and EC2 instance - would this also detach/delete "Let's Encrypt" from my website so I could just start over from scratch? There's absolutely no content/WordPress development etc. that'll be lost if I do this...

I just want this landing page up and running so I can move forward... I'd like to just delete Certbot and Let's Encrypt but it looks like there's a risk of being blocked for 7 days (that's if one installs too many certs - which I've only done 2) - so opposed to waitng for hours or days - I'd rather just restart and do it again in an hour.

PLEASE HELP! And let me know if that's the best way - seemingly just a file needs to be deleted but I don't know how to properly trouble shoot and just want a secure landing page at this point - so might as well just delete it all.


You have a valid certificate, so deleting that certificate is always wrong.

You have to fix your mixed content instead of repeating your errors.

PS: Mixed content errors have nothing to do with certificate creating / installation problems.

Create an exception, that's all.

or simpler: drop LE and purchase real certificate........... no need for exceptions/rules etc, just buy real-SSL and OP will be fine.

That's wrong. The link redirected to the ip address. So a certificate with an ip address as domain name is required. I don't think the TO wants to create a certificate with an ip address he doesn't own / control.

Right, well this seems to be the problem with the programming world. Community driven and "free" and "completeley open, we're community driven and all are welcome" when in actuality the people that create this stuff need money , obviously, and don't have the personality to close sales so this always leads to improper expectations and clearly resentments There needs to be a serious, heavy lifting evaluation standard and redefinition of languages that are based on propositional and/or prepositional logic ONLY and will develop these normative standards for literally EVERY DETAIL In the programming world... This isn't about money - which for the record, isn't actually worth anything other than the intrinsic value that we decide on. You have languages that are named not by function, but because a guy named Ian had a girlfriend named Debian ABSURD AND SELFISH - or - someone else gets a girlfriend named Maria and sprinkle a little encrypted anonymity with a feeling of under appreciation for work and inability to close a sale in the real world and BOOM - terrible clutter of non-sense in the programming world that needs to be completely redone. Linux and Unix are a mess and it's ridiculous that no one is louder about this. These things have only been used by people in homes since (let's say) 1995 and I don't even think the original network officially expanded outside of the US until the late 80s? Time to redo this entire system of programming with declarative, normative standards. I'm glad that I'm finding out about all of this now so I can find a team and propose a new way of defining these processes and languages in line with ISO and people that actually have their eyes open. No wonder our world is in absolute shambles - THE SYSTEMS RUNNING THE PLANET ARE A MESS AND ARE CREATED THEN RUN BY PEOPLE THAT MAKE SUGGESTIONS BASED ON FEELINGS RATHER THAN LOGIC.

The issue here isn't with any certificate what so ever, so your post is, well, a little bit, scrap that, very silly. If the certificate isn't the problem, please tell me how a purchased certificate will fix @point14 s problem?

Is everything alright? It seems you had some spare time on your hand to type a big rant of 318 words.. And I still don't have a clue what you're trying to say. I have a feeling you're frustrated because your site still isn't marked as "secure", even if you have a valid certificate, right?

Funny thing is: at the time of writing, your site and the /wp-admin/ path is marked perfectly as secure here. It seems you've found the issue with your site?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.