Basic questions

I'm trying to set up a certificate to use on my Raspberry Pi running nginx. I have a subdomain issued by

I am using the program as it is simple enough to do what I want. But I was just doing some "testing" using the "staging" server using command: --issue --dns dns_duckdns -d --test

And it went all fine, but it didn't act as if it was a test, despite the instructions specifically saying add "--test" for test runs. It created the certificates and now wants me to "force renew" when I tried to do a real run. I thought "--test" for was testing and didn't create actual certs or anything. Am I wrong?

Also, it seems like I have no choice on whether to run it through LetsEncrypt servers or through "ZeroSSL" servers. When I ran my line without "test", it would sometimes try to do it via ZeroSSL which was throwing an error because it wanted an email address. Is there a way to force to go via LetsEncrypt and not ZeroSSL?

@Played001Eliminated Welcome to this forum.

I think your questions would be better handled at the github for

But, briefly, the --test issues certificates but from a test or staging server of the CA (ZeroSSL, Letsencrypt, ...). You would not want to use these for a production server. Certbot, another client, has a --dry-run option to test without making a cert but does not have this option. Their github has posts requesting this. uses ZeroSSL by default as of Aug1 this year. You can change the default. See this notice:


@Played001Eliminated Also see this post from earlier this morning

It links to a bug report in with --staging must appear after --server otherwise staging is ignored


I know this more has to do with, but I maybe i can get an answer here.

I was able to successfully create a LetsEncrypt certificate but when I run the command to install the certs: --install-cert -d
--cert-file /etc/nginx/
--key-file /etc/nginx/
--fullchain-file /etc/nginx/
--reloadcmd "service nginx force-reload"

I get a "permission denied" error. But when I try to get around it by prefixing it all with "sudo", it tells me "sudo: command not found". So I don't know what to do. It's exactly how all the guides are saying to do it, none of them talking about "permission denied". The folders in the etc/nginx already exist too.

Effectively, you most likely have installed as a non-root user, but you're trying to access stuff only accessible for priviledged users (the /etc directory is usually protected against write-access for non-priviledged users, the service command is also often restricted).

You can either fix the permissions - ensure your current user has write access to /etc/nginx/ and/or try replacing the reloadcmd with sudo service nginx force-reload, though that requires that sudo won't ask for a password to run non-interactively.

A different solution would be to switch to the root account (sudo su) and then re-install as root (note that this will create a new config directory for, so all current certificate configs won't be there). Then you definetly have access to everything, though that also makes mistakes a lot more dangerous and weakens security a bit.


You could resolve this by giving the full path to But again, if you've installed as a non-root user, and you want it to be able to modify system files, you're probably doing it wrong, and would be better off re-installing it as root.

1 Like

you can set default ca to letsencrypt:

Here is how to use with sudo:


If you tried it first with --test, you need to repeat all the steps without --test.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.