Adding another site to my trellis managed host


#1

Hey folks –

I am trying to add in a satis instance on my QA box and I added a virtual host for it … i.e.

satis.me.com’s VH:

 server {
  listen   80;

  root /srv/www/satis/public/web/;
  index index.html index.htm;

  server_name satis.me.com;

  location / {
   default_type "text/html";
   try_files $uri.html $uri $uri/ /index.html;
  }


}

I want to add lets encrypt to that individual domain, so I install letsencrypt and run
sudo certbot --nginx -d satis.me.com

and it returns:

root@staging2018:/etc/nginx/sites-available# sudo certbot --nginx -d satis.me.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for satis.me.com
nginx: [emerg] duplicate listen options for [::]:80 in /etc/nginx/sites-enabled/no-default.conf:20
Cleaning up challenges
nginx restart failed:
b''
b''

odd thing is /etc/nginx/sites-enabled/no-default.conf:20 is only 14 lines line, i.e.

# Ansible managed

# Drop requests for unknown hosts
#
# If no default server is defined, nginx will use the first found server.
# To prevent host header attacks, or other potential problems when an unknown
# servername is used in a request, it's recommended to drop the request
# returning 444 "no response".

server {
  listen [::]:80 default_server deferred;
  listen 80 default_server deferred;
  return 444;
}

any idea what’s going on here?


#2

certbot can’t be used with Trellis’ letsencrypt role on the same server.

If you have a solution, please help me out on https://github.com/roots/trellis/pull/896 as well.


#3

Any way that I can add an arbitrary letsencrypt cert without certbot?