Help with certbot on AMazon Linux 2 using nginx


#1

Hello

I would like to use certbot on Amazon Linux 2. I have installed Linux. Then I found this tutorial:

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-an-instance.html#letsencrypt

The tutorial targets Apache. I was however, able to:

sudo yum install -y certbot python2-certbot-nginx

But when running sudo certbot I’m getting:

Certbot doesn’t know how to automatically configure the web server on this system.

The log shows:

2019-01-18 18:51:32,096:DEBUG:certbot.main:certbot version: 0.29.1
2019-01-18 18:51:32,096:DEBUG:certbot.main:Arguments:
2019-01-18 18:51:32,096:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#nu
ll,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2019-01-18 18:51:32,108:DEBUG:certbot.log:Root logging level set at 20
2019-01-18 18:51:32,108:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2019-01-18 18:51:32,109:DEBUG:certbot.plugins.selection:Requested authenticator None and installer None
2019-01-18 18:51:32,112:DEBUG:certbot.plugins.disco:No installation (PluginEntryPoint#nginx): Could not find a usable ‘nginx’ binary. Ensure ngin
x exists, the binary is executable, and your PATH is set correctly.
Traceback (most recent call last):
 File “/usr/lib/python2.7/site-packages/certbot/plugins/disco.py”, line 132, in prepare
   self._initialized.prepare()
 File “/usr/lib/python2.7/site-packages/certbot_nginx/configurator.py”, line 145, in prepare
   "Could not find a usable ‘nginx’ binary. Ensure nginx exists, "
NoInstallationError: Could not find a usable ‘nginx’ binary. Ensure nginx exists, the binary is executable, and your PATH is set correctly.
2019-01-18 18:51:32,113:DEBUG:certbot.plugins.selection:No candidate plugin
2019-01-18 18:51:32,113:DEBUG:certbot.plugins.selection:Selected authenticator None and installer None

It seems it can’t find nginx. My nginx is located at /etc/nginx/sbin/nginx.

Does anybody know how I can make certbot find it there? :slight_smile:


#2

I would try creating a symbolic link from:
/etc/nginx/nginx
to:
/etc/ngiunx/sbin/nginx


#3

Tried that :frowning:

sudo ln -s /etc/ngiunx/sbin/nginx /etc/nginx/nginx

Verified that it worked:

nginx -v

Outputs: nginx version: nginx/1.15.8

However, getting the exact same error when running sudo certbot!


#4

which certbot
find / -name certbot


#5

Sorry I had a TYPO
Then you redid the same TYPO
Is that the actual path you used?
or did you use
ls -s /etc/nginx/sbin/nginx /etc/nginx/nginx


#6

@rg305 Actually, prior to your suggestion, I had already placed a link in /usr/local/bin, so I guess that’s why it worked. I did do the typo though. For good measure, I tried without the typo as well, but with the same result.

[ec2-user@ip-172-31-42-47 ~]$ which certbot        
/usr/bin/certbot
[ec2-user@ip-172-31-42-47 ~]$ sudo find / -name certbot
/etc/sysconfig/certbot
/usr/bin/certbot
/usr/lib/python2.7/site-packages/certbot

#7

If this problem still exists, it would seem that the PATH used when running as sudo fails to locate NGINX.
I would compare PATHs:
For regular user:
set | grep PATH
For root user:
sudo su
set | grep PATH
If they are NOT the same you may have found the problem.


#8

@rg305 They are indeed not the same. Here is for ec2-user:

PATH=/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/ec2-user/.local/bin:/home/ec2-user/bin

And here is for root:

PATH=/sbin:/bin:/usr/sbin:/usr/bin

Should I place a symbolic link in any of the latter paths?

Thanks a lot for your help! :slight_smile:


#9

I think that should do the trick.

Although I do wonder…
What else may be “unreachable”…
How it got this way…
How should it be “normally”…
[but that it off-topic - should you encounter other similar problems I would look more into this difference]