Certificates install

Hi I new new here, come from programming background. I want to use certbot certificates. On the home page I saw things I was confused so here they are:
My OS is CentOS 7, running nginx. I ran cmd " yum repolist" I could see …repolist: 21,660 etc. so I assume the EPEL was enabled already.

  1. How do I know if I am using ec2? I am not renting from Amazon. If not ec2, how do I enable EPEL optional channel?
  2. sudo yum install certbot-nginx ----- where is the certbot installed?
  3. sudo certbot --nginx certonly ---- where is the certificates generated/stored? How the domains are specified?
    Thanks

If youʼre not using Amazon then youʼre not using ec2. Since youʼre running CentOS you donʼt need to enable optional, thatʼs a RHEL thing AFAICS.

When installing software from the repos, the executable usually gets placed in /usr/bin. For more information run repoquery -l certbot and repoquery -l python2-certbot-nginx.

From the User Guide:

All generated keys and issued certificates can be found in /etc/letsencrypt/live/$domain

When using plugin, such as --nginx, the domains will be parsed out of your configuration. If this step fails, you will be asked interactively for which domains to issue the certificate.

Thanks for the quick response.
“All generated keys and issued certificates can be found in /etc/letsencrypt/live/$domain”. I need to specify a number of domains(one master & a number of sub domains names), so which one will be used for the location?

“When using plugin, such as --nginx, the domains will be parsed out of your configuration.” How do a specify a config? If not it will go to interaction, right? I will use a number of domain names.

hi @Charlie

Try it. The plugin will parse your config files and then you should be able to specify the domains you want to get certificates for

add --staging as well while you are testing so you are not using the production servers

Andrei

Not sure, I think it is gonna be the first one specified. I.e. if the first domain entered was example.com then the relevant files are going to be in /etc/letsencrypt/live/example.com/.

See also --cert-name argument.

By “will be parsed out of your configuration” I meant the web server (nginx) configuration, in case that wasnʼt clear.

By default the plugin looks at the files in /etc/nginx/. Custom location can be specified by --nginx-server-root /path/to/nginx/config/directory argument.

Also you can specify the domains on the command line using the -d flag. See the output of certbot --help all or User Guide for more info.

Hi Nekit & ahaw021,
Thanks for responses. After lots of effort, I still couldn’t completede, here is what I got even if I manually copied some modules into @INC. Please help.

[root@credit-www modules]# certbot --nginx certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running nginx -c /etc/nginx/nginx.conf -t.

Can’t locate loadable object for module nginx in @INC (@INC contains: /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at -e line 0.
Compilation failed in require.
BEGIN failed–compilation aborted.
nginx: [alert] perl_parse() failed: 255
nginx: configuration file /etc/nginx/nginx.conf test failed

Could not choose appropriate plugin: The nginx plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError(“Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nCan’t locate loadable object for module nginx in @INC (@INC contains: /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at -e line 0.\nCompilation failed in require.\nBEGIN failed–compilation aborted.\nnginx: [alert] perl_parse() failed: 255\nnginx: configuration file /etc/nginx/nginx.conf test failed\n”,)
The nginx plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError(“Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nCan’t locate loadable object for module nginx in @INC (@INC contains: /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at -e line 0.\nCompilation failed in require.\nBEGIN failed–compilation aborted.\nnginx: [alert] perl_parse() failed: 255\nnginx: configuration file /etc/nginx/nginx.conf test failed\n”,)
[root@credit-www modules]#

Can anyone help out? When I follow the procedure on the home page, I got lots of problems. Googled & fixed some, but still ended as above.

The cmd below has got me certificate successfully & working now.

certbot certonly --standalone --email xxx@hotmail.com -d www.xxx.com

“certbot --nginx certonly” what does --nginx mean in the cmd?

Sounds like something is horribly broken. Does your nginx function at all? Try running nginx -c /etc/nginx/nginx.conf -t or maybe just nginx -t by itself.

Using --standalone plugin is pretty suboptimal, as it only works when your web server doesnʼt. With plugins such as --webroot, --nginx or --apache certificate request completes without web server downtime.

It means “use the certbot-nginx plugin”.

Why do I have a feeling that you are not reading the documentation?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.