Unable to set the staple-ocsp enhancement for mail.example.com

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:grace.koalatyworks.com

I ran this command:sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email wizard@koalatyworks.com -d grace.koalatyworks.com

It produced this output:Unable to set the staple-ocsp enhancement for grace.koalatyworks.com.

My web server is (include version):nginx version 1.18

The operating system my web server runs on is (include version):Ubuntu 22.04

My hosting provider, if applicable, is:N/A

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):1.21.0

We will probably need to see the /var/log/letsencrypt/letsencrypt.log file from when you encountered this error.

1 Like

Here you go:

2022-05-14 04:52:37,209:DEBUG:certbot._internal.display.obj:Notifying user: - The certificate was saved, but could not be installed (installer: nginx). After fixing the error shown below, try installing it again by running:
certbot install --cert-name duplicati.koalatyworks.com
2022-05-14 04:52:37,209:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot_nginx/_internal/parser.py", line 359, in _modify_server_directives
block_func(result)
File "/usr/lib/python3/dist-packages/certbot_nginx/_internal/parser.py", line 570, in _add_directives
_add_directive(block, directive, insert_at_top)
File "/usr/lib/python3/dist-packages/certbot_nginx/_internal/parser.py", line 691, in _add_directive
raise errors.MisconfigurationError(err_fmt.format(directive, block[location]))
certbot.errors.MisconfigurationError: tried to insert directive "['ssl_trusted_certificate', '/etc/letsencrypt/live/duplicati.koalatyworks.com/chain.pem']" but found conflicting "['ssl_trusted_certificate', '/etc/letsencrypt/live/grace.koalatyworks.com/chain.pem']".

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot_nginx/_internal/configurator.py", line 945, in _enable_ocsp_stapling_single
self.parser.add_server_directives(vhost,
File "/usr/lib/python3/dist-packages/certbot_nginx/_internal/parser.py", line 305, in add_server_directives
self._modify_server_directives(vhost,
File "/usr/lib/python3/dist-packages/certbot_nginx/_internal/parser.py", line 363, in _modify_server_directives
raise errors.MisconfigurationError("Problem in %s: %s" % (filename, str(err)))
certbot.errors.MisconfigurationError: Problem in /etc/nginx/sites-enabled/default: tried to insert directive "['ssl_trusted_certificate', '/etc/letsencrypt/live/duplicati.koalatyworks.com/chain.pem']" but found conflicting "['ssl_trusted_certificate', '/etc/letsencrypt/live/grace.koalatyworks.com/chain.pem']".

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/bin/certbot", line 33, in
sys.exit(load_entry_point('certbot==1.21.0', 'console_scripts', 'certbot')())
File "/usr/lib/python3/dist-packages/certbot/main.py", line 15, in main
return internal_main.main(cli_args)
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1574, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1317, in run
raise installer_err
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1301, in run
_install_cert(config, le_client, domains, new_lineage)
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 931, in _install_cert
le_client.enhance_config(domains, path_provider.chain_path)
File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 603, in enhance_config
self.apply_enhancement(domains, enhancement_name, option)
File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 634, in apply_enhancement
self.installer.enhance(dom, enhancement, options)
File "/usr/lib/python3/dist-packages/certbot_nginx/_internal/configurator.py", line 765, in enhance
return self._enhance_func[enhancement](domain, options)
File "/usr/lib/python3/dist-packages/certbot_nginx/_internal/configurator.py", line 919, in _enable_ocsp_stapling
self._enable_ocsp_stapling_single(vhost, chain_path)
File "/usr/lib/python3/dist-packages/certbot_nginx/_internal/configurator.py", line 949, in _enable_ocsp_stapling_single
raise errors.PluginError("An error occurred while enabling OCSP "
certbot.errors.PluginError: An error occurred while enabling OCSP stapling for {'grace.koalatyworks.com'}.
2022-05-14 04:52:37,210:ERROR:certbot._internal.log:An error occurred while enabling OCSP stapling for {'grace.koalatyworks.com'}.