New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"Could not automatically find a matching server block." on custom nginx configuration #5817
Comments
Hi @FedericoBiccheddu, thanks for posting! This bug often happens when we have trouble parsing something in the Nginx config file. The following information will help me debug your issue. If you don't feel comfortable posting any of publicly, feel free to email it to me at erica@eff.org:
|
If I may chime in, I have just came across the same problem as quoted in the title. I ran DigitalOcean's guide successfully in the beginning of March. When running Step 5 of the guide just now:
My My
Am happy to share the rest of the configs/diagnostics in private if it helps. I would be very grateful for any pointers to resolving this issue. |
Version: Tree:
nginx -t:
I have the same problem trying to expand an existing list of domains.
|
Traceback with the verbose flag:
Server block from nginx config:
|
These issues are due to configurations we have trouble parsing, so seeing the entire relevant configuration files is necessary to debug. Please send relevant files to erica@eff.org mentioning this issue number in the subject line for further assistance. |
One problem here (@aredey's issue) is when there are multiple default server blocks, we aren't sure which to pick, and subsequently fail. I'll fix that up. @FedericoBiccheddu and @illustris, if you send me the contents of all relevant nginx configuration files (including |
certbot --version
tree /etc/nginx
nginx -t
I am able to share logs/configs privately. I dug into this and got it working by modifying configurator.py. I noticed |
@jaszhix Sounds like you might have hit a different bug! Could you please email the contents of all relevant log files to erica@eff.org or post them on something like gist.github.com? This would be |
@ohemorange Sent an email, hope it helps. |
@FedericoBiccheddu and @illustris, I'd like to close this issue -- can you confirm that (a) you don't have a server block with a (properly formatted) |
@ohemorange yes, I confirm. |
This is my entire config:
Out of these, all but d8.example.tech already have certificates generated for them. I downloaded the latest certbot-auto from dl.eff.org, and tried to expand my certs
Contents of error log:
I've sent the complete unedited logs to erica@eff.org |
Adding a default server
fixes the crash. But even without it, my NGINX config is valid. Edit: Found the problem... One of the domains I was renewing did not have a corresponding server block. It would be helpful if certbot could tell you what domain doesn't have a server block. |
Can confirm the conclusion of @illustris #5817 (comment) I created a certificate |
That's a great idea, @illustris, thanks! PR here: #6034. |
Fixed in #6034. |
While this issue is closed, I hit upon this problem just now. I resolved it by replacing commas in between server names within the Note: I was wondering why the auto-renewal had not kicked in... |
Your Nginx is running without errors, but it is not running smoothly. |
I confirm I do not have a default server block. but 'ah, yes...' the application behind is listening to the referrer. Thus, nginx is poitning to one of the domains, routing to the proper application and then the app is serving up the material properly, therefore masking this issue. |
Adding a default_server was what fixed this for me. |
Without the default_server definition, recent versions of certbot do not auto-detect the default server block and fail to renew the cert: certbot/certbot#5817
Hitting the same issue: Unable to renew cert nginx site config:
console says:
and log is:
UPDATE: ADDING more debug output from the parser:
Any help GREATLY appreciated as time is ticking ;) |
For the plagued ones: I have found a workaround that might be helpful for most until the parser has learned to deal with all our customized config files.... BACKUP your site config files
RESTORE your BACKUP files
It makes the SSL sites OFFLINE for max. 1 minute, which is at least for me acceptable every three months ;) now copy back your defaul file |
i just ran into this issue but for me it occurred because I had not symlinked the new site I'm working on from i went too quickly and forgot this step:
[EDIT] - only mentioning this because this is the first hit when googling "Could not automatically find a matching server block for..." just in case this helps anyone new who lands here. ✌🏼 |
Same painful issue.
|
One more case – if you have domain with capital letters (like domAin.com) – certbot will fail with error the error. Doesn't know is it really issue, but maybe it will help someone :-) |
@illustris THANK YOU! |
Another edge case is multiple server blocks with
Certbot doesn't know how to handle this and in this case should "prefer" the one on port 80 to modify to be 80/443. |
@DSpeichert it does
|
ok I don't know if it's relevant to the question asked initially, but i had the same error (see just below). and this github was the only relevant result from google error message: My mistake was that the domain declared in the command were to not exactly equal to server_name in the nginx config. example
command:
TL;DR : This through an error. to fix it, I either had to remove the Hope this helps |
I had the same issue... in my case, the following directive would prevent
After commenting that line, I was able to run the program successfully. |
Using certbot for a custom reverse proxy configuration, I received the following error:
My operating system is (include version):
Debian GNU/Linux 9
I installed Certbot with (certbot-auto, OS package manager, pip, etc):
I ran this command and it produced this output:
certbot-auto run -n --nginx --expand --no-redirect -d sub.private.com -d www.private2.com -d www.private3.com
Certbot's behavior differed from what I expected because:
This is the output:
Here is a Certbot log showing the issue (if available):
Here is the relevant nginx server block or Apache virtualhost for the domain I am configuring:
The text was updated successfully, but these errors were encountered: