Reputation: 7292
NGINX + Let's encrypt: Could not automatically find a matching server block
I'm publishing a website made with Python Pyramid on an Ubuntu 18.04 server. The website is running properly on HTTP and now I'm trying to make it run on HTTPS by following this article but when trying to install I get this message:
IMPORTANT NOTES:
- Unable to install the certificate
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/dev.anything.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/dev.anything.com/privkey.pem
Your cert will expire on 2019-03-17. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
This is my configuration file, which lives on /etc/nginx/sites-available/snow_service.nginx:
server {
listen 80;
listen 443 ssl;
server_name dev.anything.com
server_tokens off;
ssl_certificate /etc/letsencrypt/live/dev.anything.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dev.anything.com/privkey.pem;
charset utf-8;
client_max_body_size 1M;
location /static {
gzip on;
gzip_buffers 8 256k;
uwsgi_buffers 8 256k;
alias /webapps/englobe_snow_pyramid_rest_api/pyramid_rest_api/static;
expires 1d;
}
location / {
gzip on;
gzip_buffers 8 256k;
uwsgi_buffers 8 256k;
try_files $uri @yourapplication;
}
location @yourapplication {
gzip on;
gzip_buffers 8 256k;
uwsgi_buffers 8 256k;
server_tokens off;
include uwsgi_params;
proxy_set_header Host $host;
proxy_set_header real_scheme $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://127.0.0.1:8999;
}
}
I also tried to rename the file with the domain name but it doesn't work as well. The path for the SSL certificates I put manually because I saw it in another answer here at Stack Overflow.
What am I missing?
Upvotes: 19
Views: 35974
Answers (4)
Reputation: 1275
I had the same problem, it occurred because of the Nginx config file name. I set the wrong postfix for my file (.com instead of .conf). After fixing this mistake, it worked like a charm!
Upvotes: 1
Reputation: 387
Certbot: Could not automatically find a matching server block
in my case, he did not detect my /etc/nginx/site-available/my.domain.com
$certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel):
also try this
$ sudo certbot install --cert-name my.domain.com
Could not automatically find a matching server block for my.domain.com. Set the `server_name` directive to use the Nginx installer.
And try to reload and restart the Nginx, and cerbot but still no response !
"Solution" create the new file in site-available/new_my.domain.com and generate the symbolic link again ln -s /etc/nginx/site-available/new_my.domain.com /etc/nginx/site-enabled
then restart the Nginx
Upvotes: 3
Reputation: 161
The files in sites-enabled should just be links to the "real" files in sites-available.
You should only edit the ones in sites-available, and then run
cd /etc/nginx/sites-enabled
ln -s ../sites-available/your-site.conf
to enable that site.
If you want to disable the site, you can just delete the link in sites-enabled.
Upvotes: 15
Reputation: 7292
Here is the solution:
I was changing the file in the sites-available folder and not changing the file at the sites-enabled folder. This is the final file content:
server {
listen 80 default_server;
server_name dev.anything.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name elglobe_snow_service
server_tokens off;
ssl_certificate /etc/letsencrypt/live/dev.anything.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dev.anything.com/privkey.pem;
charset utf-8;
client_max_body_size 1M;
location /static {
gzip on;
gzip_buffers 8 256k;
uwsgi_buffers 8 256k;
alias /webapps/englobe_snow_pyramid_rest_api/pyramid_rest_api/static;
expires 1d;
}
location / {
gzip on;
gzip_buffers 8 256k;
uwsgi_buffers 8 256k;
try_files $uri @yourapplication;
}
location @yourapplication {
gzip on;
gzip_buffers 8 256k;
uwsgi_buffers 8 256k;
server_tokens off;
include uwsgi_params;
proxy_set_header Host $host;
proxy_set_header real_scheme $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://127.0.0.1:8999;
}
}
Upvotes: 12
Related Questions
- Unable to add Let's encrypt ssl certificate to domains using nginx (certbot)
- Using certbot to apply Let's Encrypt Certificate: Failed authorization procedure
- no "ssl_certificate" is defined for the "listen ... ssl" directive
- LetsEncrypt on Nginx NET::ERR_CERT_COMMON_NAME_INVALID
- Certbot (letsencrypt) Could not open file sites-enabled/default
- Nginx doesn't work in https with certbot letsencrypt
- using certbot-auto for nginx
- Trouble w/ Certbot & Let's Encrypt on Nginx/Ubuntu14.04
- Certbot: cannot config nginx to webroot
- How to install a letsencrypt cert with nginx?