Certbot failed installation

bredpit · March 19, 2018, 8:53am

Hello people, how are you

I am a student, got myself free .tech domain, obtained free 1 year hosting on Google compute, connected my server to ServerPilot free plan, installed WordPress and uploaded some content.
It’s Code Playground, a project started as an open source.
after following instructions after few steps I got an error.
error was: NoInstallationError()
The nginx plugin is not working; there may be problems with your existing configuration.

Could someone please guide me through on how to get valid certificate using Certbot? Thank you

-My domain is: wwcd.tech
-I ran this command: I followed instructions on https://certbot.eff.org/
-It produced this output: Everything went ok untill I tried to install nginx plugin
-My web server is (include version): nginx over apache (serverpilot)
-The operating system my web server runs on is (include version): UBUNTU 16.04 LTS-
-My hosting provider, if applicable, is: Google cloud (compute vps)
-I can login to a root shell on my machine
-I’m using a control panel to manage my site (no, or provide the name and version of the control panel): ServerPIlot

_az · March 19, 2018, 8:59am

Based on some Google searches, ServerPilot may customize the location of nginx.

Perhaps try

--nginx-server-root "/etc/nginx-sp"

and also if necessary

--nginx-ctl "/path/to/sbin/nginx"

I would also seriously consider reading the ServerPilot documentation about their existing Let’s Encrypt integration rather than trying to manually apply Certbot:

https://serverpilot.io/community/articles/how-to-use-autossl.html

bredpit · March 19, 2018, 9:08am

Thank you for so fast reply. I have read the Serverpilot guide, but I would really like to do this myself and learn something.
Their auto ssl is a paid feature, and I need this for educational purposes. If I pay for it I won’t learn a thing.
I found a script which works flawlessly, but still it is a script, which I didn’t wrote.
I would like to do it in official way, using Certbot.
Thank you

schoen · March 19, 2018, 6:31pm

@bredpit, @_az’s first suggestions are Certbot command-line options that you could provide when running Certbot on the command line (in order to deal with the NoInstallationError).

bredpit · March 20, 2018, 3:19am

@schoen I found something interesting and gave it a try:
first I cloned the repo:
git clone https://github.com/certbot/certbot
this extracted stuff in a folder "certbot" so I navigate there with:
cd certbot
then I start with this:
./certbot-auto certonly --webroot --webroot-path /srv/users/serverpilot/apps/wwcd/public --renew-by-default --email ****@yahoo.com --text --agree-tos -d wwcd.tech

everything goes well, I get congrat message how all went well.
But my site goes down. Then I navigate to:
cd /etc/nginx-sp/vhosts.d
I edit my app

sudo nano wwcd.ssl.conf
and I put this into the file and save

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name wwcd.tech;
 
    ssl on;
 
    # letsencrypt certificates
    ssl_certificate      /etc/letsencrypt/live/wwcd/fullchain.pem;
    ssl_certificate_key  /etc/letsencrypt/live/wwcd/privkey.pem;
 
        #SSL Optimization
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:20m;
    ssl_session_tickets off;
 
        # modern configuration
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
 
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK'; 
 
        # OCSP stapling 
        ssl_stapling on; 
        ssl_stapling_verify on; 
 
        # verify chain of trust of OCSP response 
        ssl_trusted_certificate /etc/letsencrypt/live/wwcd/chain.pem;
 
        #root directory and logfiles 
        root /srv/users/serverpilot/apps/wwcd/public; 
 
        #index files
        index index.php index.html index.htm;
 
        access_log /srv/users/serverpilot/log/wwcd/wwcd_nginx.access.log main; 
        error_log /srv/users/serverpilot/log/wwcd/wwcd_nginx.error.log; 
 
        #proxyset 
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-SSL on; 
        proxy_set_header X-Forwarded-Proto $scheme; 
 
        #includes 
        include /etc/nginx-sp/vhosts.d/wwcd.d/*.nonssl_conf; 
        include /etc/nginx-sp/vhosts.d/wwcd.d/*.conf; 
}

and everything goes down, I can't even restart nginx
Probably the paths are wrong, I need to check everything folder by folder file by file.

But the idea is right? Right?

_az · March 20, 2018, 3:21am

For sure these paths are wrong.

Same issue.

Try nginx -t to test the config.

bredpit · March 20, 2018, 3:27am

hey @_az , thanks for confirmation, the problem is I can’t use filezilla to browse these files as it doesn’t allow me to enter these files, says I don’t have permission, which is crazy.
I probably need to tweak sshd_config and allow PermitRootLogin and PasswordAuthentication to be able to check the correct paths. using console is a huge pain

schoen · March 20, 2018, 3:57am

If you have root access on that server, you don't need PermitRootLogin at all, you can just use sudo, e.g. sudo ls /etc/letsencrypt/live.

bredpit · March 20, 2018, 5:52am

@_az @schoen Hey guys, thank you for help.
I managed to do it.
I configured another server and I tried to do the same but this time without “certonly” part.
It went smooth, but at the end it told me that I need to use “certonly” part because I am using --webroot path

Anyway, I went back to the previous server, and I edited sshd_config the way I said, and I added a password for root with:
passwd root
Before I was using serverpilot’s account to login via sftp, but this time I used root and the password I just set.
Browsing through the folders went without any complications.

Then I was able to check all the correct paths, and finally I was able to edit the .conf file with corrected paths.

ssl works :)))

A question: will I be able to renew the certificates every 3 months with this code:
certbot-auto renew
is it futureproof? or do I need to update repository before running the renew script?

Also, how to add a cronjob to run the renew every x months or x days?

system · April 19, 2018, 5:52am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Problem to install certbot auto nginx: nginx plugin is not working Help	6	21140	May 20, 2019
Error when testing my domain on HTTPS Help	12	174	September 6, 2024
Certbot HTTPS Certificate not installing Help	5	685	October 25, 2019
Certbot cron job nginx plugin NoInstallationError() Help	11	6669	August 28, 2018
The nginx plugin is not working Help	16	19540	September 5, 2020

Certbot failed installation

Related topics