Failed authorization procedure

root@ip-172-31-17-82:/home/ubuntu# sudo certbot certonly --nginx -d emiratespass.net,www.emiratespass.net
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for emiratespass.net
http-01 challenge for www.emiratespass.net
Using default address 80 for authentication.
Using default address 80 for authentication.
nginx: [error] invalid PID number "" in "/run/nginx.pid"
Cleaning up challenges
nginx: [error] invalid PID number "" in "/run/nginx.pid"
nginx restart failed:
b''
b''

However, it is worth mentioning that the nginx service is stopped from earlier.

Right. Because nginx is off.

Go ahead and break out of the certbot running elsewhere if you haven’t already.

I am sorry but I would not know how to do that. I am not that tech savvy and would call myself more of a layman when it comes to server configurations. Sorry again for it, is there a way I can check if certbot is running elsewhere?

I mean in the other terminal. You can usually press crtl-c to get out of the execution.

I’m referring to the certbot that was paused.

oh ok, well I already took care of that, pressed enter and it gave the same errors. so now we have only one terminal with the last output I shared here.

Perfect. So let’s move forward then.

absolutely, when ever you ready.

Sorry to interject, but this problem may be related to your use of Varnish.

i assume you have Varnish listening on port 80, which means that you have your nginx virtualhosts listening on another port. Is that right?

Thanks for the assist @_az. You’re always welcome.

by all means. thank you for the input. Here’s the ports information:

root@ip-172-31-17-82:/home/ubuntu# sudo netstat -ltup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 localhost:domain 0.0.0.0:* LISTEN 712/systemd-resolve
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN 970/sshd
tcp 0 0 localhost:6082 0.0.0.0:* LISTEN 937/varnishd
tcp 0 0 0.0.0.0:http-alt 0.0.0.0:* LISTEN 24687/nginx: master
tcp 0 0 0.0.0.0:http 0.0.0.0:* LISTEN 937/varnishd
tcp6 0 0 localhost:9300 [::]:* LISTEN 858/java
tcp6 0 0 ip6-localhost:9300 [::]:* LISTEN 858/java
tcp6 0 0 [::]:ssh [::]:* LISTEN 970/sshd
tcp6 0 0 [::]:mysql [::]:* LISTEN 1023/mysqld
tcp6 0 0 localhost:9200 [::]:* LISTEN 858/java
tcp6 0 0 ip6-localhost:9200 [::]:* LISTEN 858/java
tcp6 0 0 [::]:http [::]:* LISTEN 937/varnishd
udp 0 0 localhost:domain 0.0.0.0:* 712/systemd-resolve
udp 0 0 ip-172-31-17-82.:bootpc 0.0.0.0:* 673/systemd-network

Yeah. So I would try this:

certbot certonly --nginx -d emiratespass.net --http-01-port 8080 --dry-run

and see whether it makes any difference.

be sure to use -d emiratespass.net,www.emiratespass.net

root@ip-172-31-17-82:/home/ubuntu# certbot certonly --nginx -d emiratespass.net --http-01-port 8080 --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for emiratespass.net
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:

• The dry run was successful.

Right. Now you can try your original Certbot command, but add the --http-01-port 8080 part to it. That’s what makes it compatible with your nginx/varnish installation.

Beautiful. That's what I like to see.

Knew you’d know @_az.

you mean the certbot certonly – nginx --http-01-port 8080 ?

Yes, whatever your plan was originally. That would be fine.

Presumably you are going to do something wacky like:

nginx(HTTPS) --> Varnish --> nginx(HTTP/8080)

because Varnish doesn’t have SSL termination. That bit’s up to you.