Processing /usr/local/etc/letsencrypt/renewal/paulbeard.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Non-interactive renewal: random delay of 42.27417180936647 seconds
Could not choose appropriate plugin: The nginx plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError("Could not find a usable 'nginx' binary. Ensure nginx exists, the binary is executable, and your PATH is set correctly.")
Attempting to renew cert ([paulbeard.org](http://paulbeard.org/)) from /usr/local/etc/letsencrypt/renewal/paulbeard.org.conf produced an unexpected error: The nginx plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError("Could not find a usable 'nginx' binary. Ensure nginx exists, the binary is executable, and your PATH is set correctly."). Skipping.
Running the same command manually worked.
Processing /usr/local/etc/letsencrypt/renewal/paulbeard.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for paulbeard.org
Waiting for verification...
Cleaning up challenges
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of nginx server; fullchain is
/usr/local/etc/letsencrypt/live/paulbeard.org/fullchain.pem
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: paulbeard.org
I ran this command:
see above
It produced this output:
see above
My web server is (include version):
nginx 1.7
The operating system my web server runs on is (include version):
FreeBSD
My hosting provider, if applicable, is:
None
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
why would it be able to renew two of three certificates if it couldn’t find the nginx binary?
I have edited PATH in /etc/crontab: PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
maybe that will make all three processes work. This has been in place for months and often fails when certbot is updated. Has to be run by hand and then runs fine til the next update.
I find a noticeable difference between the two paths:
Some unique entries: /etc /root/bin
And ordering (sbin then bin): /sbin:/bin /usr/sbin:/usr/bin /usr/local/sbin:/usr/local/bin
vs (bin then sbin) /bin:/sbin /usr/bin:/usr/sbin /usr/local/bin:/usr/local/sbin
Ordering may not be much of a problem, but the uniqueness does seem to point to a potential problem. [not even sure why /etc made (the front of) the list] Can you try making the cron path more similar to the working one?
Hello, you should tell off your script that you want to use permission for executing the renew from the different directory where you put your script for renewing!