Cert renewal for standalone NGINX

#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
tokyo-jp.z-sched.com

I ran this command:
sudo /usr/local/bin/certbot certonly --force-renew --cert-name tokyo-jp.z-sched.com

It produced this output:
How would you like to authenticate with the ACME CA?


1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)

My web server is (include version):
NGINX

The operating system my web server runs on is (include version):
cat /etc/os-release
NAME=“Amazon Linux AMI”
VERSION=“2015.03”
ID=“amzn”
ID_LIKE=“rhel fedora”
VERSION_ID=“2015.03”
PRETTY_NAME=“Amazon Linux AMI 2015.03”
ANSI_COLOR=“0;33”
CPE_NAME=“cpe:/o:amazon:linux:2015.03:ga”
HOME_URL=“http://aws.amazon.com/amazon-linux-ami/

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
sudo /usr/local/bin/certbot --version
certbot 0.32.0

I’m don’t remember how I installed it but I’m simply using NGINX as a load balancer. It does not serve any files that are physically located on the same box. I assume some edits in the /etc/letsencrypt/renewal/tokyo-jp.z-sched.com.conf file will help me get through the renewal? I only care about generating a new certificate since all our NGINX config is manually managed. Any help is appreciated.

#2

How about this:

certbot renew --cert-name tokyo-jp.z-sched.com -a nginx --dry-run

It won’t make any permanent changes to your nginx config … so you can continue to manually manage it.

e: You don’t seem to have port 80 open - you’ll need to allow traffic over port 80, no matter whether you use standalone/webroot/nginx. https://letsencrypt.org/docs/allow-port-80/

2 Likes
#3

Thank you for the reply. If I run that command, I get the error,

Cert is due for renewal, auto-renewing…
Could not choose appropriate plugin: The requested nginx plugin does not appear to be installed

I have port 443 open.

Trying to install the python2-certbot-nginx gives me a bunch of broken dependencies with python-cryptogrpahy and pyOpenSSL.

#4

How did you end up with Certbot installed in /usr/local?

#5

I don’t recall how it ended up there. I might have tried a bunch of things I came across in the forums and else where in desperation. I don’t remember creating the certificate being this frustrating.

closed #6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.