Problem setting up let-encrypt

i did sudo bench setup lets-encrypt foodthink

i got error :

Obtaining a new certificate
An unexpected error occurred:
> The request message was malformed :: Error creating new authz :: DNS name does not have enough labels
> Please see the logfiles in /var/log/letsencrypt for more details.

  • Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.
    INFO:bench.utils:sudo service nginx start
    There was a problem trying to setup SSL for your site

I have a valid domain associated with the site and working…
why isn’t it working


You need to rename your site “foodthink” to as example “” using
mv sites/foothink/ sites/
and set nginx configuration to multitenant mode
sudo bench config dns_multitenant on
sudo bench setup nginx
sudo service nginx restart
and then
sudo bench setup lets-encrypt
bench use

OK , so my sites name is
so i renamed my folder to and put it inside currentsite.text as well .

then did sudo bench setup lets-encrypt
and got the following output

Running this will stop the nginx service temporarily causing your sites to go offline
Do you want to continue? [y/N]: y
INFO:bench.utils:sudo service nginx stop
INFO:bench.utils:/opt/certbot-auto --config /etc/letsencrypt/configs/ certonly
The standalone specific supported challenges flag is deprecated. Please use the --preferred-challenges flag instead.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for
Waiting for verification…
Cleaning up challenges


  • Congratulations! Your certificate and chain have been saved at:
    Your key file has been saved at:
    Your cert will expire on 2018-02-11. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot-auto
    again. To non-interactively renew all of your certificates, run
    “certbot-auto renew”

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt: Donate - Let's Encrypt
    Donating to EFF:

nginx.conf already exists and this will overwrite it. Do you want to continue? [y/N]: y
INFO:bench.utils:sudo service nginx start

it looks like everything was smooth but
when i enter my site name its still unsecure …

and the strangest thing is if i enter as then i get the sorry we will be back soon page

here is what i have in my sites_config file

“ssl_certificate_key”: “/etc/letsencrypt/live/”,
“domains”: [

did i do something wrong.?

can you share your frappe-bench/config/nginx.conf?

Does it have this part?

# http to https redirect
server {
	listen 80;
	return 301 https://$host$request_uri;
1 Like

Heres my nginx.conf from server blocks:

server blocks

server {
listen 80;

    root /home/global/frappe-bench/sites;

    location /assets {
            try_files $uri =404;

    location ~ ^/protected/(.*) {
            try_files /$site_name_unnvoac/$1 =404;

    location / {
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header X-Frappe-Site-Name $site_name_unnvoac;
            proxy_set_header Origin $scheme://$http_host;
            proxy_set_header Host $host;

            proxy_pass http://frappe-bench-socketio-server;

    location / {
            try_files /$site_name_unnvoac/public/$uri @webserver;

    location @webserver {
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                              proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Frappe-Site-Name $site_name_unnvoac;
            proxy_set_header Host $host;
            proxy_set_header X-Use-X-Accel-Redirect True;
            proxy_read_timeout 120;
            proxy_redirect off;

            proxy_pass  http://frappe-bench-frappe;

    # error pages
    error_page 502 /502.html;
    location /502.html {
            root /home/global/.bench/bench/config/templates;

    # optimizations
    sendfile on;
    keepalive_timeout 15;
    client_max_body_size 50m;
    client_body_buffer_size 16K;
    client_header_buffer_size 1k;

    # enable gzip compresion
    # based on
    gzip on;
    gzip_http_version 1.1;
    gzip_comp_level 5;
    gzip_min_length 256;
    gzip_proxied any;
    gzip_vary on;
                                                                                                                          97,1-8        30%
           # text/html is always compressed by HttpGzipModule


server {
listen 443;

    root /home/global/frappe-bench/sites;

    ssl on;
    ssl_certificate      /etc/letsencrypt/live/;
    ssl_certificate_key  /etc/letsencrypt/live/;
    ssl_session_timeout  5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers   on;

and many other things but no return 301

Try if this works,

copy config/nginx.conf (just for backup)
and change server block listening on 80 like following

# http to https redirect
server {
	listen 80;
	return 301 https://$host$request_uri;

or run command bench setup nginx it should do the above automatically.

and reload nginx

sudo service nginx reload
1 Like

Yes that did the trick,
adding return 301 https://$host$request_uri; to the block did it.