You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Attempting to renew cert from
/etc/letsencrypt/renewal/www.hoffman-andrews.com.conf produced an
unexpected error: Problem in
/etc/nginx/sites-enabled/jacob.hoffman-andrews.com: tried to insert
directive "['ssl_certificate',
'/var/lib/letsencrypt/snakeoil/0011_cert.pem']" but found conflicting
"['ssl_certificate',
'/etc/letsencrypt/live/hoffman-andrews.com/fullchain.pem']".. Skipping.
Attempting to renew cert from
/etc/letsencrypt/renewal/lastbart.at-0001.conf produced an unexpected
error: Account at
/etc/letsencrypt/accounts/acme-staging.api.letsencrypt.org/directory/06c4ea2fe30100e185fea43f26817312
does not exist. Skipping.
Attempting to renew cert from
/etc/letsencrypt/renewal/jacob.hoffman-andrews.com-0002.conf produced an
unexpected error: Problem in
/etc/nginx/sites-enabled/jacob.hoffman-andrews.com: tried to insert
directive "['ssl_certificate',
'/var/lib/letsencrypt/snakeoil/0012_cert.pem']" but found conflicting
"['ssl_certificate',
'/etc/letsencrypt/live/hoffman-andrews.com/fullchain.pem']".. Skipping.
Attempting to renew cert from
/etc/letsencrypt/renewal/jacob.hoffman-andrews.com.conf produced an
unexpected error: Account at
/etc/letsencrypt/accounts/acme-staging.api.letsencrypt.org/directory/06c4ea2fe30100e185fea43f26817312
does not exist. Skipping.
Attempting to renew cert from /etc/letsencrypt/renewal/lastbart.at.conf
produced an unexpected error: Account at
/etc/letsencrypt/accounts/acme-staging.api.letsencrypt.org/directory/06c4ea2fe30100e185fea43f26817312
does not exist. Skipping.
Attempting to renew cert from
/etc/letsencrypt/renewal/jacob.hoffman-andrews.com-0001.conf produced an
unexpected error: Account at
/etc/letsencrypt/accounts/acme-staging.api.letsencrypt.org/directory/06c4ea2fe30100e185fea43f26817312
does not exist. Skipping.
The following certs are not due for renewal yet:
/etc/letsencrypt/live/hoffman-andrews.com/fullchain.pem (skipped)
/etc/letsencrypt/live/redirecthttp.crud.net/fullchain.pem (skipped)
/etc/letsencrypt/live/crud.net/fullchain.pem (skipped)
/etc/letsencrypt/live/lastbart.at-0002/fullchain.pem (skipped)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.hoffman-andrews.com/fullchain.pem (failure)
/etc/letsencrypt/live/lastbart.at-0001/fullchain.pem (failure)
/etc/letsencrypt/live/jacob.hoffman-andrews.com-0002/fullchain.pem
(failure)
/etc/letsencrypt/live/jacob.hoffman-andrews.com/fullchain.pem (failure)
/etc/letsencrypt/live/lastbart.at/fullchain.pem (failure)
/etc/letsencrypt/live/jacob.hoffman-andrews.com-0001/fullchain.pem
(failure)
Ok cool! So what's happening here is that the config file says listen 443 instead of listen 443 ssl. But that's ok, this is totally valid for your nginx setup because there is another server block listening on 443 over ssl, which makes all server blocks listen on that port over ssl. Which is a behavior that we've recently realized exists. The fix for this should be in parsing vhosts, to post-process them to indicate sslishness based on this nginx behavior.
(For some background, the snakeoil inserting thing shouldn't be happening in the first place, because that happens in _make_server_ssl. Again, good that it's erroring out here.)
Also, we should maybe update the error message to be more helpful, like passing it up a few methods until we know which configuration method it came from rather than the low-level parser.
From jsha:
The text was updated successfully, but these errors were encountered: