Y’all, it’s been a while since I setup my cert. And, I added a domain a while back but now I’m going bonkers trying to figure out how to do it correctly.
I have two SSLs working great at nerdlouisville.org and pfaff.blog (yes, I’m a nerd). I’m trying to add a new domain and I’m screwing it all up.
For whatever reason, I’m adding the following:
ls /etc/letsencrypt/live nerdlouisville.org nerdlouisville.org-0001 pfaff.blog
Instead of the new domain I’m trying to add (see below).
Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/nerdlouisville.org-0001/fullchain.pem. Your
cert will expire on 2019-03-19. To obtain a new version of the
certificate in the future, simply run Let’s Encrypt again.
If you like Let’s Encrypt, please consider supporting our work by:
you should be able to see what’s going on a little bit more clearly.
You did issue a certificate for your new domain, it’s just that the certificate is identified by a name other than louisvilledungeonmaster.com.
Once you see that you have 3 different certificates that more or less overlap in their coverage, you can then act to consolidate them into a single certificate (or do nothing and use your certificates as-is, it’s up to you )
Weird. You must have a really ancient version of Certbot:
letsencrypt --version
It's because:
When you ran this, it meant, "create a certificate that is valid for these three domains". The certificate took the first domain in the command as its primary name.
You could point your new domain at the /etc/letsencrypt/live/nerdlouisville.org-0001/fullchain.pem certificate and it should be totally valid, without you doing anything further.
So, if I’m understanding this correctly: That final certificate is the only one I really need. And, if I update my server blocks to that path, all of the sites should be good to go?
Looks like all my sites are working great except one. Getting this error:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running nginx -c /etc/nginx/nginx.conf -t.
nginx: [emerg] SSL_CTX_load_verify_locations("/etc/letsencrypt/live/nerdlouisville.org/chain.pem") failed (SSL: error:02001002:system library: fopen:No such file or directory:fopen(’/etc/letsencrypt/live/nerdlouisville.org/chain.pem’,‘r’) error:2006D080:BIO routines:BIO_new_file:no su ch file error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib)
nginx: configuration file /etc/nginx/nginx.conf test failed
The nginx plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError(‘Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] SSL_CTX_load_verify_locations(" /etc/letsencrypt/live/nerdlouisville.org/chain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(’/etc/l etsencrypt/live/nerdlouisville.org/chain.pem’,‘r’) error:2006D080:BIO routines:BIO_new_file:no such file error:0B084002:x509 certificate ro utines:X509_load_cert_crl_file:system lib)\nnginx: configuration file /etc/nginx/nginx.conf test failed\n’,)
root@lemp-1gb-nyc3-01:~# nginx -t
nginx: [emerg] SSL_CTX_load_verify_locations("/etc/letsencrypt/live/nerdlouisville.org/chain.pem") failed (SSL: error:02001002:system library: fopen:No such file or directory:fopen(’/etc/letsencrypt/live/nerdlouisville.org/chain.pem’,‘r’) error:2006D080:BIO routines:BIO_new_file:no su ch file error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib)
nginx: configuration file /etc/nginx/nginx.conf test failed
Not a fatal error or related to your certificates. Just seems like you have two server blocks, bound to the same port & address, with a duplicate server_name.
– Unit nginx.service has begun starting up.
Dec 19 05:59:19 lemp-1gb-nyc3-01 nginx[26262]: nginx: [warn] conflicting server name “nerdlouisville.org” on 0.0.0.0:443, ignored
Dec 19 05:59:19 lemp-1gb-nyc3-01 nginx[26266]: nginx: [warn] conflicting server name “nerdlouisville.org” on 0.0.0.0:443, ignored
Dec 19 05:59:19 lemp-1gb-nyc3-01 nginx[26266]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
Dec 19 05:59:19 lemp-1gb-nyc3-01 nginx[26266]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Dec 19 05:59:19 lemp-1gb-nyc3-01 nginx[26266]: nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
Dec 19 05:59:19 lemp-1gb-nyc3-01 nginx[26266]: nginx: [emerg] bind() to [::]:443 failed (98: Address already in use)
Dec 19 05:59:20 lemp-1gb-nyc3-01 nginx[26266]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
Dec 19 05:59:20 lemp-1gb-nyc3-01 nginx[26266]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Dec 19 05:59:20 lemp-1gb-nyc3-01 nginx[26266]: nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
Dec 19 05:59:20 lemp-1gb-nyc3-01 nginx[26266]: nginx: [emerg] bind() to [::]:443 failed (98: Address already in use)
Dec 19 05:59:20 lemp-1gb-nyc3-01 nginx[26266]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
Dec 19 05:59:20 lemp-1gb-nyc3-01 nginx[26266]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Dec 19 05:59:20 lemp-1gb-nyc3-01 nginx[26266]: nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
Dec 19 05:59:20 lemp-1gb-nyc3-01 nginx[26266]: nginx: [emerg] bind() to [::]:443 failed (98: Address already in use)
Dec 19 05:59:21 lemp-1gb-nyc3-01 nginx[26266]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
Dec 19 05:59:21 lemp-1gb-nyc3-01 nginx[26266]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Dec 19 05:59:21 lemp-1gb-nyc3-01 nginx[26266]: nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
Dec 19 05:59:21 lemp-1gb-nyc3-01 nginx[26266]: nginx: [emerg] bind() to [::]:443 failed (98: Address already in use)
Dec 19 05:59:21 lemp-1gb-nyc3-01 nginx[26266]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
Dec 19 05:59:21 lemp-1gb-nyc3-01 nginx[26266]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Dec 19 05:59:21 lemp-1gb-nyc3-01 nginx[26266]: nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
Dec 19 05:59:21 lemp-1gb-nyc3-01 nginx[26266]: nginx: [emerg] bind() to [::]:443 failed (98: Address already in use)
Dec 19 05:59:22 lemp-1gb-nyc3-01 nginx[26266]: nginx: [emerg] still could not bind()
Dec 19 05:59:22 lemp-1gb-nyc3-01 systemd[1]: nginx.service: Control process exited, code=exited status=1
Dec 19 05:59:22 lemp-1gb-nyc3-01 systemd[1]: Failed to start A high performance web server and a reverse proxy server.
– Subject: Unit nginx.service has failed
– Defined-By: systemd
– Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
– Unit nginx.service has failed.
– The result is failed.
Dec 19 05:59:22 lemp-1gb-nyc3-01 systemd[1]: nginx.service: Unit entered failed state.
Dec 19 05:59:22 lemp-1gb-nyc3-01 systemd[1]: nginx.service: Failed with result ‘exit-code’.
Dec 19 05:59:24 lemp-1gb-nyc3-01 kernel: [UFW BLOCK] IN=eth0 OUT= MAC=ea:a0:d3:08:97:64:84:b5:9c:f9:08:30:08:00 SRC=199.66.90.126 DST=104.131.95.220 LEN=40 TOS=0x00 PR
Dec 19 05:59:29 lemp-1gb-nyc3-01 sshd[26271]: Invalid user libsys from 86.20.97.248
Dec 19 05:59:29 lemp-1gb-nyc3-01 sshd[26271]: input_userauth_request: invalid user libsys [preauth]
Dec 19 05:59:29 lemp-1gb-nyc3-01 sshd[26271]: pam_unix(sshd:auth): check pass; user unknown
Dec 19 05:59:29 lemp-1gb-nyc3-01 sshd[26271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=86.20.97.248
Dec 19 05:59:31 lemp-1gb-nyc3-01 sshd[26271]: Failed password for invalid user libsys from 86.20.97.248 port 35170 ssh2