dorian@carry:~$ sudo certbot --nginx -v
The following error was encountered:
[Errno 21] Is a directory: '/var/log/letsencrypt/.certbot.lock'
Either run as root, or set --config-dir, --work-dir, and --logs-dir to writeable paths.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/tmpf04_h9ch/log or re-run Certbot with -v for more details.
Please Help me
I've tried everything I've seen on the internet, but nothing works.
Hello @Milas, welcome to the Let's Encrypt community. 
Please share the log indicated here:
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Thank you for assisting us in helping YOU!
uring handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/bin/certbot", line 33, in
sys.exit(load_entry_point('certbot==1.21.0', 'console_scripts', 'certbot')())
File "/usr/lib/python3/dist-packages/certbot/main.py", line 15, in main
return internal_main.main(cli_args)
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1558, in main
log.post_arg_parse_setup(config)
File "/usr/lib/python3/dist-packages/certbot/_internal/log.py", line 100, in post_arg_parse_setup
file_handler, file_path = setup_log_file_handler(
File "/usr/lib/python3/dist-packages/certbot/_internal/log.py", line 153, in setup_log_file_handler
util.set_up_core_dir(config.logs_dir, 0o700, config.strict_permissions)
File "/usr/lib/python3/dist-packages/certbot/util.py", line 181, in set_up_core_dir
raise errors.Error(PERM_ERR_FMT.format(error))
certbot.errors.Error: The following error was encountered:
[Errno 21] Is a directory: '/var/log/letsencrypt/.certbot.lock'
Either run as root, or set --config-dir, --work-dir, and --logs-dir to writeable paths.
2023-07-11 17:14:26,973:ERROR:certbot._internal.log:The following error was encountered:
[Errno 21] Is a directory: '/var/log/letsencrypt/.certbot.lock'
Either run as root, or set --config-dir, --work-dir, and --logs-dir to writeable paths.
This is content of sudo cat /tmp/tmpf04_h9ch/log
My certbot version: certbot 1.21.0
I applicate this solution [errno 13] permission denied: ‘/var/log/letsencrypt/.certbot.lock solution – chailmon also but not work.
What shows?:
ps -ef | grep certbot | grep -v grep
Please also show the output of:
sudo ls -l /var/log/letsencrypt/.certbot.lock
dorian@carry:~$ ps -ef | grep certbot | grep -v grep
dorian@carry:~$
No output.
dorian@carry:~$ sudo ls -l /var/log/letsencrypt/.certbot.lock
total 60
drwxrwxr-x 3 root dorian 4096 Jul 11 16:03 accounts
drwxrwxr-x 2 root dorian 4096 Jul 11 16:03 backups
-rwxrwxr-x 1 root dorian 33844 Jul 11 16:03 letsencrypt.log
-rwxrwxr-x 1 root dorian 774 Jul 11 16:03 options-ssl-nginx.conf
drwxrwxr-x 2 root dorian 4096 Jul 11 16:03 renewal
drwxrwxr-x 5 root dorian 4096 Jul 11 16:03 renewal-hooks
-rwxrwxr-x 1 root dorian 424 Jul 11 16:03 ssl-dhparams.pem
dorian@carry:~$
Huh.. That's the contents of /etc/letsencrypt/..
How the (#$( did that end up in /var/log/letsencrypt/.certbot.lock?
Is your /etc/letsencrypt/ still OK?
What shows?:
sudo ls -l /var/log/letsencrypt/
sudo ls -l /etc/letsencrypt/
This content : dorian@carry:/etc/letsencrypt$ ls -l
total 32
drwxrwxr-x 3 root dorian 4096 Jul 11 07:00 accounts
-rwxrwxr-x 1 root dorian 207 Nov 12 2021 cli.ini
drwxrwxr-x 2 root dorian 4096 Jul 11 07:18 csr
drwxrwxr-x 2 root dorian 4096 Jul 11 07:18 keys
-rwxrwxr-x 1 root dorian 774 Jul 11 14:01 options-ssl-nginx.conf
drwxrwxr-x 2 root dorian 4096 Jul 11 07:01 renewal
drwxrwxr-x 5 root dorian 4096 Jul 11 07:00 renewal-hooks
-rwxrwxr-x 1 root dorian 424 Jul 11 07:00 ssl-dhparams.pem
dorian@carry:/etc/letsencrypt$
Sorry try:
sudo ls -la /etc/letsencrypt/
sudo ls -la /var/log/letsencrypt/
Please use sudo.
dorian@carry:/var/log/letsencrypt/.certbot.lock$ ls -l
total 60
drwxrwxr-x 3 root dorian 4096 Jul 11 16:03 accounts
drwxrwxr-x 2 root dorian 4096 Jul 11 16:03 backups
-rwxrwxr-x 1 root dorian 33844 Jul 11 16:03 letsencrypt.log
-rwxrwxr-x 1 root dorian 774 Jul 11 16:03 options-ssl-nginx.conf
drwxrwxr-x 2 root dorian 4096 Jul 11 16:03 renewal
drwxrwxr-x 5 root dorian 4096 Jul 11 16:03 renewal-hooks
-rwxrwxr-x 1 root dorian 424 Jul 11 16:03 ssl-dhparams.pem
dorian@carry:/var/log/letsencrypt/.certbot.lock$
I don't know what you or something did exactly (Certbot shouldn't do this by itself), but looking at the times of those outputs it looks like for some reason /var/log/letsencrypt/.certbot.lock was used as the config directory.. Or did you perhaps specify /var/log/letsencrypt/.certbot.lock as the --config-dir option when trying stuff out?
It should be fine to just remove that directory entirely if your /etc/letsencrypt/ directory is untouched. But you should make a backup to be sure just in case:
sudo cp -a /etc/letsencrypt/ /etc/letsencrypt-backup
sudo rm -r /var/log/letsencrypt/.certbot.lock
And try sudo certbot --nginx -v again.
dorian@carry:~$ sudo ls -la /etc/letsencrypt/
total 48
drwxrwxr-x 7 root dorian 4096 Jul 11 17:08 .
drwxr-xr-x 101 root root 4096 Jul 11 16:56 ..
-rwxrwxr-x 1 root dorian 64 Jul 11 14:01 .updated-options-ssl-nginx-conf-digest.txt
-rwxrwxr-x 1 root dorian 64 Jul 11 07:00 .updated-ssl-dhparams-pem-digest.txt
drwxrwxr-x 3 root dorian 4096 Jul 11 07:00 accounts
-rwxrwxr-x 1 root dorian 207 Nov 12 2021 cli.ini
drwxrwxr-x 2 root dorian 4096 Jul 11 07:18 csr
drwxrwxr-x 2 root dorian 4096 Jul 11 07:18 keys
-rwxrwxr-x 1 root dorian 774 Jul 11 14:01 options-ssl-nginx.conf
drwxrwxr-x 2 root dorian 4096 Jul 11 07:01 renewal
drwxrwxr-x 5 root dorian 4096 Jul 11 07:00 renewal-hooks
-rwxrwxr-x 1 root dorian 424 Jul 11 07:00 ssl-dhparams.pem
dorian@carry:~$
dorian@carry:~$ sudo ls -la /var/log/letsencrypt/
total 172
drwxrwxr-x 3 root dorian 4096 Jul 11 16:03 .
drwxrwxr-x 11 root syslog 4096 Jul 11 07:00 ..
drwxrwxr-x 6 root dorian 4096 Jul 11 16:03 .certbot.lock
-rwxrwxr-x 1 root dorian 159926 Jul 11 14:09 letsencrypt.log
dorian@carry:~$
Something has caused certbot [or most of it] to be copied to the .certbot.lock location [as a folder].
I would remove that entire branch and review the commands you ran.
You can use:
sudo rm -R /var/log/letsencrypt/.certbot.lock
dorian@carry:~$ certbot -v
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running nginx -c /etc/nginx/nginx.conf -t.
nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (13: Permission denied)
2023/07/11 17:58:39 [warn] 1042020#1042020: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:1
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
2023/07/11 17:58:39 [emerg] 1042020#1042020: open() "/run/nginx.pid" failed (13: Permission denied)
nginx: configuration file /etc/nginx/nginx.conf test failed
Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot certonly" to do so. You'll need to manually configure your web server to use the resulting certificate.
dorian@carry:~$
You're missing the sudo part.
leaning up challenges
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
dorian@carry:~$
also failled