-
-
Notifications
You must be signed in to change notification settings - Fork 970
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
certbot instructions fail with ssl_certificate error on clean Ubuntu 20.04 LTS #940
Comments
Thanks for this. Had the same issue and this solved my problem. I appreciate it. |
Many thanks, @brookmiles, this save my day. Your instructions should be on the mastodon instructions as an additional tip. Here https://docs.joinmastodon.org/admin/install/, section, Acquiring a SSL certificate. |
As mentioned by @soletan, using --standalone will set the renewal authenticator to standalone. This will fail every time (runs twice a day by default) as standalone mode requires nginx to not be running. Fix is to edit /etc/letsencrypt/renewal/example.com.conf. Alter:
You can test with: certbot --force-renew renew |
@ brookmiles thank you for your solution, so simple and quick! (for others just a note: remember when you uncomment change the exmaple.com - your domain!) |
Another option is to: |
@Beheadedstraw As mentioned by others above, this will work manually, but will cause certbot to fail when it tries to automatically renew because nginx will be running. |
Nevermind, didn't think about renewals, my bad on that one, one too many beers tonight XD |
@sborrill Thanks! Setting installer and authenticator to nginx in the fix you mentioned worked great for me. |
Fixed by #1036 |
I followed the installation instructions pretty much to the letter, and the only hitch was the step "Acquiring a SSL certificate" which failed with the following error (actual host name was used, not example.com):
[Update Nov. 17 2022]
I was originally able to pass this step by following these instructions:
But there's an even easier way, which also ensures that renewal will work correctly. As has been pointed out, using
--standalone
at the beginning will cause renewal to fail later because nginx will be running.We want nginx to be running, but without the
mastodon
config loaded.The best time to do this is before you copy the nginx configuration template and restart nginx, but if you're reading this, maybe you've already done that. Remove the link
/etc/nginx/sites-enabled/mastodon
to disable the mastodon config, and reload nginx.By running
certbot
incertonly
mode, we can use the nginx mode, renewals will work, and certbot won't mangle your config file.certbot certonly --nginx -d example.com
ssl_certificate
andssl_certificate_key
lines in/etc/nginx/sites-enabled/mastodon
nginx -t
to test the config, andsystemctl reload nginx
to reload itThe text was updated successfully, but these errors were encountered: