My domain is: Many, all of them
I ran this command:
systemctl start snap.certbot.renew
It produced this output:
2024-10-28 10:13:30,791:ERROR:certbot._internal.renewal:Failed to renew certificate anydomain.com with error: The nginx plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('Unable to find Nginx version')
2024-10-28 10:13:30,814:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
File "/var/lib/snapd/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 540, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/var/lib/snapd/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/main.py", line 1547, in renew_cert
installer, auth = plug_sel.choose_configurator_plugins(config, plugins, "certonly")
File "/var/lib/snapd/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/plugins/selection.py", line 256, in choose_configurator_plugins
diagnose_configurator_problem("authenticator", req_auth, plugins)
File "/var/lib/snapd/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/plugins/selection.py", line 374, in diagnose_configurator_problem
raise errors.PluginSelectionError(msg)
certbot.errors.PluginSelectionError: The nginx plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('Unable to find Nginx version')
Running certbot renew manually works perfectly fine. But no servers are able to auto-renew and every single attempt is this same error. SELinux is enforcing but it runs unconfined in the timer and there are no denied audit logs. Can't work out what's happening. It looks like when it tries to run nginx to get the version it receives an empty string from subprocess.
My web server is (include version):
nginx version: nginx/1.26.1
built by gcc 11.3.1 20221121 (Red Hat 11.3.1-4) (GCC)
The operating system my web server runs on is (include version):
AlmaLinux release 9.4 (Seafoam Ocelot)
My hosting provider, if applicable, is:
N/A
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 2.11.0
# snap info certbot
name: certbot
summary: Automatically configure HTTPS using Let's Encrypt
publisher: Certbot Project (certbot-eff✓)
store-url: https://snapcraft.io/certbot
contact: https://github.com/certbot/certbot/issues
license: unset
description: |
The objective of Certbot, Let's Encrypt, and the ACME (Automated
Certificate Management Environment) protocol is to make it possible
to set up an HTTPS server and have it automatically obtain a
browser-trusted certificate, without any human intervention. This is
accomplished by running a certificate management agent on the web
server.
This agent is used to:
- Automatically prove to the Let's Encrypt CA that you control the website
- Obtain a browser-trusted certificate and set it up on your web server
- Keep track of when your certificate is going to expire, and renew it
- Help you revoke the certificate if that ever becomes necessary.
commands:
- certbot
services:
certbot.renew: oneshot, enabled, inactive
snap-id: wy7i66qPx4neXr6m9rTh7Y40h8EhtZFh
tracking: latest/stable
refresh-date: 2024-07-12
channels:
latest/stable: 2.11.0 2024-06-06 (3834) 46MB classic
latest/candidate: ↑
latest/beta: 2.11.0 2024-06-06 (3834) 46MB classic
latest/edge: 2.12.0.dev0 2024-10-28 (4168) 56MB classic
installed: 2.11.0 (3834) 46MB classic