How do I reinstall LetsEncrypt files on a new computer?

I’ve changed computers. I had backups of nginx.conf & the files in sites-available. After installing nginx and certbot on the new computer, I copied nginx.conf and the appropriate files (which contain the LetsEncrypt references) to sites-available and created the links to them in sites-enabled. I’ve tried running “nginx -t” but it has problems with nginx.conf presumably due to the LetsEncrypt files being missing. How do I reinstall the LetsEncrypt files on the new computer?

My domain is: johnrose.mywire.org & roseserver.mywire.org

I ran this command: sudo nginx -t

It produced this output:
manager@Server:~$ sudo nginx -t
[sudo] password for manager:
2025/08/13 07:59:00 [emerg] 9125#9125: open() "/etc/letsencrypt/options-ssl-nginx.conf" failed (2: No such file or directory) in /etc/nginx/sites-enabled/johnrose.mywire.org:35
nginx: configuration file /etc/nginx/nginx.conf test failed

My web server is (include version): nginx 1.24.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu Noble (24.04)

My hosting provider, if applicable, is: N/A

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Not yet done as can't start nginx

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 4.2.0

Why "presumably"? The error message tells you exactly where the problem is, so look at line 35 of /etc/nginx/sites-enabled/johnrose.mywire.org and see what it's requiring.

If it turns out it is, in fact, a missing cert file, several possibilities:

• Restore /etc/letsencrypt from backup
• Obtain a new cert using certbot certonly --standalone
  • Then make sure the Nginx config points to that new cert
  • And edit the renewal config file to use webroot for future renewals, because standalone mode will fail if there's already a web server running
• Self-signed cert:
  • Generate a self-signed cert
  • Put that cert somewhere on your system
  • Point the Nginx config to that cert
  • Use certbot to obtain a proper cert
  • Point the Nginx config to the new cert
• Removing HTTPS:
  • Edit your Nginx config to remove the HTTPS stuff--cert, key, listen 443, HTTPS redirects, etc.
  • Get a cert using certbot certonly --webroot
  • Restore your Nginx config files to their previous state, making sure they point to the correct cert/key files

I deleted the certificates using certbot. I deleted the /etc/letsencrypt directory. I removed all the certbot stuff from the Virtual Hosts files. "nginx -t " ran Ok. But when I did "sudo certbot --nginx -d johnroseserver.mywire.org -d roseserver.mywire org, I got, after answering the certbot questions about email etc:
Requesting a certificate for johnrose.mywire.org and roseserver.mywire.org
Encountered exception during recovery: certbot.errors.MisconfigurationError: nginx restart failed:
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
johnrose.mywire.org.txt (437 Bytes)
The /var/log file said much the same. Any ideas?

Something must have been using port 80 before running Certbot.

Be sure that nginx is already running before using Certbot with --nginx option.

What does this show:

sudo ss -pant | grep -Ei ':80|nginx'

nginx is not running according to "systemctl status nginx". However:
root@Server:/home/manager# sudo ss -pant | grep -Ei ':80|nginx'
LISTEN 0 511 0.0.0.0:443 0.0.0.0:* users:(("nginx",pid=42308,fd=9),("nginx",pid=42307,fd=9),("nginx",pid=42306,fd=9),("nginx",pid=42305,fd=9),("nginx",pid=42273,fd=9))
LISTEN 0 511 0.0.0.0:80 0.0.0.0:* users:(("nginx",pid=42308,fd=5),("nginx",pid=42307,fd=5),("nginx",pid=42306,fd=5),("nginx",pid=42305,fd=5),("nginx",pid=42273,fd=5))
LISTEN 0 511 [::]:80 [::]:* users:(("nginx",pid=42308,fd=6),("nginx",pid=42307,fd=6),("nginx",pid=42306,fd=6),("nginx",pid=42305,fd=6),("nginx",pid=42273,fd=6))

"journalctl -xeu nginx.service" does not show anything useful.

Try manually killing all those nginx instances or more simply just restart your server. If running certbot with --nginx option when nginx was not already started there can be two running. Certbot starts nginx natively (not using systemd) but usually you want to be using the one with systemd.

I restarted the server. nginx is running according Systems Monitor as a few processes and according to systemctl its service is running Ok because I had previously enabled it. I did "certbot -d johnrose.mywire.org -d roseserver.mywire.org" and it worked Ok putting certbot lines in the Virtual Hosts files (which I had previously taken out).

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.