0

I am attempting to generate a wildcard Let's Encrypt SSL certificate using Certbot on my Nginx Ubuntu AWS EC2 instance.

Ubuntu: 16.04.5 LTS

Nginx: v1.10.3

I am unable to generate a wildcard SSL at the moment as I receive the error:

An unexpected error occured:

Error creating new order : : DNS name does not have enough labels

I have looked through common reasons for this error and nothing in my request seems malformed:

cerbot -dry-run --nginx -d *.my-domain.org.uk

(I get the same error when just running the command for my-domain.org.uk and not just *.)

I believe that the error may stem from my Nginx configuration.

In '/etc/nginx/' I have 'sites-available' and 'sites-enabled', each of which have a 'default' file and a 'my-domain.org.uk' file.

In nginx.conf I am including:

access_log /var/log/nginx/access.log;

error_log /var/log/nginx/error.log;

Therefore, inside 'sites-enabled/default' I have a normal config with a 443 server:

server {
     listen 443 ssl; # managed by Certbot
     server_name *.my-domain.org.uk;
     root /www/html/public;
     ... etc.

This file also includes references to my now expired SSL:

ssl_certificate /etc/nginx/ssl/sitename/sitename.cer;

ssl_certificate_key /etc/nginx/ssl/sitename/sitename.key;

As well as some Certbot config bits:

include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

If I comment out the reference to the expired SSL certs and restart Nginx, the site breaks. I could post more of the config file, but this has always worked as it is in the past (and does work now, just with a broken HTTPS). I'm not sure if

Not sure what I have to do to get past these Certbot errors and generate my wildcard SSL.

Improve this question
6
  • "I believe that the error may stem from my Nginx configuration." Unlikely. The error happened when submitting the order to Let's Encrypt, which happens before validation procedure at which step Nginx would step into account. Also this is not very programmign related, so offtopic here. Commented Jul 1, 2019 at 19:51
  • Which version of cerbot is it? Make sure you sure ACMEv2 API, see LetsEncrypt configuration directory (or use --server option) and also look at its logfile for maybe more information on the error. Also you need DNS validation for wildcard certificates, so Nginx or any other webserver will not be taken into account. See community.letsencrypt.org/t/… Commented Jul 1, 2019 at 20:00
  • I'm not actually sure how to check the certbot version, but I ran the installer again to double check. I understand that it is unlikely to be an Nginx configuration issue as the problem is before that; makes sense. But I can't tell at all what the 'DNS name does not have enough labels' error is or what is causing it. Commented Jul 2, 2019 at 7:37
  • certbot --version to know its version. Commented Jul 3, 2019 at 15:19
  • So I didn't spot it but the answer was quite simple. -dry-run needing to be --dry-run. Without the double dashes it was picking it up as -d and attempting to interpret up a URL after that, resulting in the labels error. Commented Jul 4, 2019 at 16:56

1 Answer 1

Reset to default
1

Answer was a simple syntax error in the end.

-dry-run needed to be to be --dry-run. Without the double dashes it was picking the start of -dry.. up as -d and attempting to interpret up a URL after that, resulting in the labels error.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.