Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:ilink.nz

I ran this command: sudo certbot --nginx

It produced this output:2023/08/11 10:30:56.852485 system_key.go:129: cannot determine nfs usage in generateSystemKey:
cannot parse /etc/fstab: cannot parse dump frequency: "_netdev,sec=ntlmssp,multiuser,credentials=/home/ian/.smbcredentials,iocharset=utf8,file_mode=0777,dir_mode=0777"
The following error was encountered:
[Errno 13] Permission denied: '/var/log/letsencrypt/.certbot.lock'
Either run as root, or set --config-dir, --work-dir, and --logs-dir to writeable paths

My web server is (include version):nginx/1.18.0 (Ubuntu)

The operating system my web server runs on is (include version):xubuntu 22.04

My hosting provider, if applicable, is:na

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 2.6.0

You might want to try using "--webroot" instead of "--nginx".

Also, this is concerning:

Thanks for that, I tried --webroot and came up with the same response. I logged on as root and cd to /var/log/letsencrypt/ i dont see a .certbot.lock file
Could you expand as to why this "Permission denied: '/var/log/letsencrypt/.certbot.lock'" is concerning.

Regards Ian

Certbot should be running as root.
If root user doesn't have permission to /var/log/...
That is concerning.

Because Certbot requires to write to that directory, but can't, thus erroring out.

From the Go error earlier (from snap I recon) it looks like you're using mounted shares from a remote server or something? Can you write, as root, to the /var/log/letsencrypt/ directory manually?

Thanks Osiris
I can yes
and the log is functioning
Below is one of the lines in the log from running certbot --nginx just now
"Detail: i deleted ip here: Invalid response from http://ilink.nz/.well-known/acme-challenge/WfVpAd2HL4ZMgJp1Aye42-2BX9nEZq05d6n-hMqHdXk: 404 with today's date and time on the log correct for now

Regarding remote shares I have mounted shares to a remote server running a web page with certbot functioning. I use that share to modify the web-page.
I am creating a development web-page on this machine for a new web-page.
I have installed nginx and have a simple html which when checked locally reports.

Success! The ilink server block is working!

The domain ilink.nz is registered and is running through the same router as the remote server and as the port forwarding is working for the remote server web-page and certbot renews successfully on that server. I assume that it's all in order for this development web page
Thanks for the help

After further investigation I think my problem is that the nginx server on my main server is blocking the communication on port 80 to my second domain. I think i have to re-route to my second domain in the nginx configuration on my main server.

Not sure but will give it a bash

Yup that worked got my certificate
just have to figure out how to use proxy_ssl_certificate
Thanks for the help

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.