I generated an SSL certificate on one of my subdomains. I then tried to delete/revoke the certificate using the command certbot delete. A little terminal menu popped up asking me what certificate I would like to delete. I deleted the one I wanted to delete. Now, when running sudo nginx -t I am getting error messages saying:
nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/app.mydomain.nl/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory
I guess the certbot delete command did not fully delete the certificate or something? I am clueless what to do right now...
You probably used the command $ certbot --nginx and your nginx config file was edited to look for the certificate:
server{
server_name [your_domain];
location /static {
...
}
location / {
...
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/[...]; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/[...]; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/[...]; # managed by Certbot
}
server{
if ($host = [your_domain]) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name [your_domain];
listen 80;
return 404; # managed by Certbot
}
The $ certbot delete will not change it back, so you have to delete the part related to the certificated and change the server_name to your ip address, so it will look like:
server{
server_name [your ip];
location /static {
...
}
location / {
...
}
}
Related
I thought this would be simple, but for some reason I can't get my subdomain to serve. I am just trying to get the basic "Welcome to Nginx" page to show at this point.
I have A records in digital ocean:
A api.example.com -> my_ip 3600
A www.api.example.com -> my_ip 3600
A example.com -> my_ip 3600
A www.example.com -> my_ip 3600
This is my config file for api.example.com. It sits in /etc/nginx/sites-available/api.example.com and is linked to /sites-enabled:
server {
root /var/www/api.example.com/html;
index index.html index.htm index.nginx-debian.html;
server_name api.example.com www.api.example.com;
location / {
try_files $uri $uri/ =404;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/api.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/api.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.api.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = api.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name api.example.com www.api.example.com;
return 404; # managed by Certbot
}
I know the DNS record exists using Dig and because certbot ran successfully, but when I navigate to the page it is unable to resolve. Ping and curl also cannot resolve. This is the exact same configuration I have for the main domain (example.com), which does display the Nginx splash page.
What I have tried: I noticed that default has configs for example.com but not for api.example.com (why is that?), so I tried creating them and restarting nginx, but that didn't change anything. Is it necessary to have the configs in default?
I use TrueNas and the Nextcloud plugin.
Inside the nextcloud jail, I installed certbot and generated a cert for myself.
When loading the nextcloud page in browser now I get an error "err_too_many_redirects", it seems to me that this is a configuration error, but I don't know how to fix it. thank.
upstream php-handler {
server unix:/var/run/nextcloud-php-fpm.sock;
}
# Redirect to HTTPS
server {
server_name my_server_domain;
location ^~ /.well-known/acme-challenge {
# Path to the root of your installation
root /usr/local/www/nextcloud/;
try_files $uri $uri/ =404;
}
location / {
return 301 https://$host:443$request_uri;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /usr/local/etc/letsencrypt/live/my_server_domain/fullchain.pem;
ssl_certificate_key /usr/local/etc/letsencrypt/live/my_server_domain/privkey.pe
include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; # managed by Cert
ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; # managed by Certbo
}
server {
listen 443 ssl http2;
server_name my_server_domain;
# HSTS settings
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# in all major browsers and getting removed from this list
# could take several months.
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains;"
include conf.d/nextcloud.inc;
}
server {
if ($host = my_server_domain) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80;
server_name my_server_domain;
return 404; # managed by Certbot
}
I get a 404 Not Found nginx/1.18.0 (Ubuntu) error when I look up my domain without having www in the domain name I searched. It finds nginx so it obviously finds my server but I can't find someone not being able to load gunicorn just without www. My name servers all points to the write ip address the ones with my domain name on the left are where I've either left it blank or put # in the field. I've gone through the guides I've used to make sure I've done every step is there some config I might've messed up?
My error logs in /var/log/nginx don't show anything relevant and neither do my logs at the /var/log/webapp so I can't figure out why gunicorn wouldn't bee loading without www
I found it might have to do with my config file in nginx itself so here is my /etc/nginx/sties-enabled/webapp
server {
server_name www.websitename.com;
location /static {
alias /home/sai/webapp/website/static;
}
location / {
proxy_pass http://localhost:8000;
include /etc/nginx/proxy_params;
proxy_redirect off;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.websitename.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.websitename.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.websitename.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name www.websitename.com;
return 404; # managed by Certbot
}
I've found that my error might be that certbot is only redirecting www.websitename.com to https so I'm gonna try and figure out how to add websitename.com to that because just adding another if under makes my nginx not be able to restart
Make this your conf then run sudo certbot --nginx -d websitename.com -d www.websitename.com and it should create ssl certs for both your domains and work
server {
server_name websitename.com www.websitename.com;
location /static {
alias /home/sai/webapp/website/static;
}
location / {
proxy_pass http://localhost:8000;
include /etc/nginx/proxy_params;
proxy_redirect off;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.websitename.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.websitename.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}```
So if you look here they do everything in seperate server blocks. I'm uncomfortable with the differences between their code and mine and I don't fully understand what the differences mean so any comments or other answers would be helpful, BUT this should fix it for you following the format of your file. Just add it to the bottom
server {
if ($host = websitename.com) {
return 301 https://$host$request_uri;
} #managed by Certbot
listen 80;
server_name websitename.com;
return 404;
}
I have installed NGINX reverse proxy with certbot through Docker but i t is not showing the welcome page for Nginx rather it is taking me to a 404 error. when i did the below command nginx -t
it gave me the following result
> nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
this is what is in my domain config file
server{
server_name domainname.com www.domainname.com;
location / {
proxy_pass http://172.17.0.2:80;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/domainname.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domainname.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server{
if ($host = www.domainname.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = domainname.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name domainname.com www.domainname.com;
return 404; # managed by Certbot
Please any advice in resolving this issue will be appreciated. Thank You
I have a http website (with Flask and nginx) which is up and running. I'm trying to install ssl with certbot and following their steps leads to a successful installation message (congratulations...) but refreshing my webpage leads to 404 Not Found nginx/1.18.0 (Ubuntu).
This is the nginx.conf file after sudo certbot --nginx
server {
server_name www.mydomain.com;
location /static {
alias /home/ubuntu/adviser/flaskblog/static;
}
location / {
proxy_pass http://localhost:8000;
include /etc/nginx/proxy_params;
proxy_redirect off;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.mydomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.mydomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name www.mydomain.com;
return 404; # managed by Certbot
}
any help is really appreciated.
First, just remove this line:
return 404; # managed by Certbot
which causes 404 error to be returned.
If it doesn't help, change whole this block:
server {
if ($host = www.mydomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name www.mydomain.com;
return 404; # managed by Certbot
}
to this:
server {
listen 80;
server_name www.mydomain.com;
return 301 https://$host$request_uri;
}
UPDATE
Also, you can try to change
return 301 https://$host$request_uri;
to
return 301 https://www.yourdomain.com$request_uri;
(I had to replace mydomain with yourdomain due to some strange StackOverflow restrictions.)
I finally figured out what is the problem.
I was creating certificate for www.mydomain.com, but in reality I my domain was set to mydomain.com (no www). I was redirecting to www but either I was doing it wrong or certbot does not like redirects of that nature.
Long story short, I (re)issued certificate for mydomain.com and certificate worked like a charm!