Error while I install the certificates: nginx: [emerg] getgrnam("nobody") failed

My domain is: trj.it

I ran this command:
sudo wget https://dl.eff.org/certbot-auto
sudo mv certbot-auto /jet/etc/letsencrypt/certbot-auto
sudo chown root /jet/etc/letsencrypt/certbot-auto
sudo chmod 0755 /jet/etc/letsencrypt/certbot-auto
sudo chmod a+x /jet/etc/letsencrypt/certbot-auto
**sudo /jet/etc/letsencrypt/certbot-auto --nginx --nginx-ctl /jet/bin/nginx --nginx-server-root /jet/etc/nginx --config-dir /jet/etc/letsencrypt **

It produced this output:

nginx: the configuration file /jet/etc/nginx/nginx.conf syntax is ok
nginx: [emerg] getgrnam(“nobody”) failed
nginx: configuration file /jet/etc/nginx/nginx.conf test failed

but if I run:
nginx -t
to see if there are configuration errors in the nginx.conf file,
nginx -t return the output:

nginx: the configuration file /jet/etc/nginx/nginx.conf syntax is ok
nginx: configuration file /jet/etc/nginx/nginx.conf test is successful

every now and then on WordPress I also get the error: internal server 500 error
and I don’t know if this is related to the problem I described above
My web server is (include version):

The operating system my web server runs on is (include version):
Linux lemp7-optimized-g2-1-vm 4.9.0-8-amd64 #1 SMP Debian 4.9.110-3+deb9u4 (2018-08-21) x86_64

My hosting provider, if applicable, is: google cloud compute engine

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no, through ssh.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot-auto

I managed to install the certificates by inserting a line with the “user nobody nogroup;” in the nginx.conf file

After the installation I removed the line with the “user nobody nogroup;” in the nginx.conf file

Please help, thank you

Hi @RickyIta68

you use the group name “nobody” in your config, which isn’t defined.

Check

http://man7.org/linux/man-pages/man3/getgrnam.3.html

Create that group or change the name to an existing group.

Hi Juergen, thank you.
In my system if I run : getent group
I find the group nogroup : nogroup:x:65534:
If I try to add the user: nobody to the group: nogroup
the output is:
nobody already exist.

trying to understand the usefulness of this, I found something here:
https://askubuntu.com/questions/329714/what-is-the-purpose-of-the-nobody-user

https://wiki.ubuntu.com/nobody

I have also tryed to create the group “nobody” but I have the internal server error 500 yet.


I realized that I can no longer upload files to WordPress on the admin side.
How can I use the control panel again?
When I installed the certificates there were two possible options and I chose the one with always rediretc, did I get it wrong?


I realized that I can no longer upload files to WordPress on the admin side.
How can I use the control panel again?

When I installed the certificates there were two possible options and I chose the one with always rediretc, did I get it wrong?

I think it don’t makes me upload because from my pc to the host the connection is not secure.

You should ask that in a Wordpress forum.

I don’t use Wordpress.

Yes but it appened after switching to ssl.
There is some option I can change … ? Or please let me know how and if I am able to delete the all the directory letsencrypt and try to install letsencrypt certs again

Well I have solved the problem. Fortunately I managed to find the error in the log and I understood what happened.

“certbot-auto” installs the certificates using the user: nobody. In my system there already existed by default a user “nobody” of the group “nogroup” but has no access to nginx. So to be able to install the certificates I had to insert a line with the directive: user nobody nogroup; inside nginx.conf. This allowed the installation of certificates. However, this procedure has changed the permissions in the directory: / jet / tmp / nginx /
where instead of: my_ssh_user: my_ssh_group I found: nobody: my_ssh_group and with this modified setting I received the internal server 500 error on the WordPress admin panel. So the problem is not related to WordPress but to the certificate installation procedure.
After installing the certificates I removed the user nobody nogroup directive; because during the restart of nginx, a warning came up saying that this directive is not supported and therefore will be ignored.
Restoring the permissions with chmod on the directory: / jet / tmp / nginx I fixed the problem and the internal server 500 error disappeared.

  1. question: when I have to do the renewal of the certificates the same problem will happen ?
  2. if I wanted to install more than one certificate, I have to indicate another directory for the installation or I can always give the same one?
1 Like

That’s a very untypical setting. The standard user should be root, so root access is required to read the private key. Using another user who owns the certificates is bad.

Don’t install multiple certbots. That’s always bad.

One installation per server.

That’s a very untypical setting. The standard user should be root, so root access is required to read the private key. Using another user who owns the certificates is bad.

I agree but, during the installation of the certificates, as I wrote above, certbot-auto crashed and as you advised I had to enter the user nobody to be able to install the certificates … so?

That’s only a resultant problem, not the original error.

Looks like you didn’t use root to install certbot.

No, I have installed with sudo …

sudo wget https://dl.eff.org/certbot-auto
sudo mv certbot-auto /jet/etc/letsencrypt/certbot-auto
sudo chown root /jet/etc/letsencrypt/certbot-auto
sudo chmod 0755 /jet/etc/letsencrypt/certbot-auto
sudo chmod a+x /jet/etc/letsencrypt/certbot-auto

sudo /jet/etc/letsencrypt/certbot-auto --nginx --nginx-ctl /jet/bin/nginx --nginx-server-root /jet/etc/nginx --config-dir /jet/etc/letsencrypt

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.