Certbot stuck on nginx after showing Saving debug log line


After running the certbot command, the command hangs and does nothing.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: beta.booksprout.co

I ran this command: sudo certbot --nginx -d beta.booksprout.co

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Log file then shows this:
2023-10-12 08:41:53,721:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2023-10-12 08:41:53,887:DEBUG:certbot._internal.main:certbot version: 2.7.1
2023-10-12 08:41:53,888:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/3390/bin/certbot
2023-10-12 08:41:53,888:DEBUG:certbot._internal.main:Arguments: ['--nginx', '-d', 'beta.booksprout.co', '--preconfigured-renewal']
2023-10-12 08:41:53,888:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2023-10-12 08:41:53,896:DEBUG:certbot._internal.log:Root logging level set at 30
2023-10-12 08:41:53,896:DEBUG:certbot._internal.plugins.selection:Requested authenticator nginx and installer nginx

My web server is (include version): Ubuntu 20.04

The operating system my web server runs on is (include version): Ubuntu 20.04

My hosting provider, if applicable, is: OVH

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 2.7.1

Hi @webnoob, and welcome to the LE community forum :slight_smile:

Is there more to that log file?

What is the web server in use?
[that's just an operating system]
If nginx, please show:
nginx -T


In addition to rg305 info, you use Cloudflare as your DNS and you got a wildcard cert for the booksprout.co today. Why not just use that wildcard cert?

Or, if you need a cert just for beta why not use the Cloudflare DNS method for it the same as your root domain?


Thanks for coming back to me.

No, nothing more in the log file. It just shows that and does nothing else. I left it for around 5 mins..

Apologies for the webserver question, yes, it's nginx.

nginx -T has some potentially sensitive information in. What information specifically is required?

I use the wildcard at the moment but have to do the renwal manually. I obtained this cert after failing to get this other way working.

I was trying to get things automated so auto renewal works so was trying to clear down the existing config and just request new certs for each individual site instead so auto renew could kick in.

Anything that would help find why certbot stalls when using the --nginx plugin.
You could switch to the --webroot plugin.
[although neither of them will work for wildcard certs]

1 Like

Ok, I will isolate this a little more with one of the sites that doesn't matter to production and provide more information on the problem in that case. I was in a little panic this morning as it was a production environment :slight_smile:

I'm not looking for wildcard certs now so that's no problem.

1 Like

You could use the Cloudflare plug-in for Certbot to automate the wildcard and the other names if you want separate certs


Oh! Very good to know. I will have a look. Thank you.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.