Cert renewal for standalone NGINX


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
sudo /usr/local/bin/certbot certonly --force-renew --cert-name tokyo-jp.z-sched.com

It produced this output:
How would you like to authenticate with the ACME CA?

1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)

My web server is (include version):

The operating system my web server runs on is (include version):
cat /etc/os-release
NAME=“Amazon Linux AMI”
ID_LIKE=“rhel fedora”
PRETTY_NAME=“Amazon Linux AMI 2015.03”

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
sudo /usr/local/bin/certbot --version
certbot 0.32.0

I’m don’t remember how I installed it but I’m simply using NGINX as a load balancer. It does not serve any files that are physically located on the same box. I assume some edits in the /etc/letsencrypt/renewal/tokyo-jp.z-sched.com.conf file will help me get through the renewal? I only care about generating a new certificate since all our NGINX config is manually managed. Any help is appreciated.


How about this:

certbot renew --cert-name tokyo-jp.z-sched.com -a nginx --dry-run

It won’t make any permanent changes to your nginx config … so you can continue to manually manage it.

e: You don’t seem to have port 80 open - you’ll need to allow traffic over port 80, no matter whether you use standalone/webroot/nginx. https://letsencrypt.org/docs/allow-port-80/


Thank you for the reply. If I run that command, I get the error,

Cert is due for renewal, auto-renewing…
Could not choose appropriate plugin: The requested nginx plugin does not appear to be installed

I have port 443 open.

Trying to install the python2-certbot-nginx gives me a bunch of broken dependencies with python-cryptogrpahy and pyOpenSSL.


How did you end up with Certbot installed in /usr/local?


I don’t recall how it ended up there. I might have tried a bunch of things I came across in the forums and else where in desperation. I don’t remember creating the certificate being this frustrating.

closed #6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.