I am attempting to generate a wildcard Let's Encrypt SSL certificate using Certbot on my Nginx Ubuntu AWS EC2 instance.
Ubuntu: 16.04.5 LTS
Nginx: v1.10.3
I am unable to generate a wildcard SSL at the moment as I receive the error:
An unexpected error occured:
Error creating new order : : DNS name does not have enough labels
I have looked through common reasons for this error and nothing in my request seems malformed:
cerbot -dry-run --nginx -d *.my-domain.org.uk
(I get the same error when just running the command for my-domain.org.uk and not just *.)
I believe that the error may stem from my Nginx configuration.
In '/etc/nginx/' I have 'sites-available' and 'sites-enabled', each of which have a 'default' file and a 'my-domain.org.uk' file.
In nginx.conf I am including:
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
Therefore, inside 'sites-enabled/default' I have a normal config with a 443 server:
server {
listen 443 ssl; # managed by Certbot
server_name *.my-domain.org.uk;
root /www/html/public;
... etc.
This file also includes references to my now expired SSL:
ssl_certificate /etc/nginx/ssl/sitename/sitename.cer;
ssl_certificate_key /etc/nginx/ssl/sitename/sitename.key;
As well as some Certbot config bits:
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
If I comment out the reference to the expired SSL certs and restart Nginx, the site breaks. I could post more of the config file, but this has always worked as it is in the past (and does work now, just with a broken HTTPS). I'm not sure if
Not sure what I have to do to get past these Certbot errors and generate my wildcard SSL.
--server
option) and also look at its logfile for maybe more information on the error. Also you need DNS validation for wildcard certificates, so Nginx or any other webserver will not be taken into account. See community.letsencrypt.org/t/… – Patrick Mevzekcertbot --version
to know its version. – Patrick Mevzek-dry-run
needing to be--dry-run
. Without the double dashes it was picking it up as-d
and attempting to interpret up a URL after that, resulting in the labels error. – Twentyonehundred