running certbot 5.4.0 on ubuntu server 24.04 with an nginx reverse proxy trying to set up a nextcloud instance in another vm. self hosted using proxmox with an openbsd subnet router. default config worked just fine locally both inside and outside subnet once the port forwarding was set (80 + 443) so i don't think connectivity is my issue.
sudo certbot certonly gives error saying cannot load certificate, specifically that /etc/letsencrypt/live/share.tbhlabs.org/fullchain.pem does not exist.
confirmed that the whole /etc/letsencrypt/live directory doesnt exist. do i have to mkdir ~/live/ ? i cant find any certificates anywhere else and ls /etc/letsencrypt gives only "accounts" "renewal" "renewal-hooks".
the other path i see is the standalone or webroot options, which would save certificates to another dir. should i do one of those and then symlink to a manually added ~/live/ dir? wouldnt a standalone http server interfere with nginx?
The current release is 5.something, so you're very badly out of date.
But if /etc/letsencrypt/live is missing (and so is /etc/letsencrypt/archive), that makes it look as though you've never obtained a cert using certbot on this system, or you've been deleting stuff. Which is it?
no backup, new system. restored a backup from before i had nginx or certbot installed and on the fresh install i had the same exact issue so i came here
OK, then the /live directory being empty is expected. What exactly is the command you're running to try to get the cert, and what exactly is the result?
Please, copy/paste text; don't post screenshots. But the problem is that nginx can't start, because its config depends on a cert that isn't present. Did you restore the nginx config from a backup or other source?
Again, normal. It will be created once you're able to obtain a cert.
sorry i don't have ssh working rn and im doing all my admin by hand so its either screenshots or i write it out by hand.
this is my first time setting up certbot and the nginx config i adapted from an example posted in nextclouds AIO github repo here
ok fixed my issue so im gunna write up how what i did. ultimately i think it was a networking configuration error. final piece of the puzzle was that i by habit wrote https in the proxy_pass line for nginx where it needed to be http.
but the issue above was that i needed to comment out all the ssl lines from the example nextcloud nginx configuration - which included the entire listen 443; line!!
once i had a non-encrypted nextcloud config i was able to install certs normally and then used the lines that certbot added automatically to update the config and add back all the ssl fields (dhparams is the only one that was significantly different)
once i got here i struggled with more end of pr errors and discovered my modem level port forward didn't have port 80 open, so fixed that.
then i was getting bad gateway errors, which took my on a few goose chases, only to find the lines for adding a trusted proxy to nextcloud aio and then discovering my typo (https where http was supposed to be) in the proxy_pass line.
now its working! hopefully this helps someone else down the line
