How to renew certificate for nginx under ubuntu 14?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: faxgun.com

I ran this command: sudo certbot renew --dry-run

It produced this output:

Could not choose appropriate plugin: The requested nginx plugin does not appear to be installed

Attempting to renew cert (faxgun.com) from /etc/letsencrypt/renewal/faxgun.com.conf produced an unexpected error: The requested nginx plugin does not appear to be installed. Skipping.

All renewal attempts failed. The following certs could not be renewed:

/etc/letsencrypt/live/faxgun.com/fullchain.pem (failure)

My web server is (include version): nginx version: nginx/1.16.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 14.04.5 LTS

My hosting provider, if applicable, is: EC2

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.28.0

it seems python-certbot-nginx is not available for ubuntu 14? How can I install the nginx plugin?

Hi @David8

checking your older topic

there was a working nginx plugin:

Plugins selected: Authenticator nginx, Installer nginx

Why doesn’t that work anymore?

is EOL. Perhaps try Certbot-Auto or switch to another client. Or update your Ubuntu.

1 Like

Or just use --webroot instead of --nginx

Certbot-auto isn’t guaranteed to work on 14.04 anymore, though last I heard it currently still does for now.

It would be better to upgrade to a supported OS, maintain your own branch of Certbot, or use an ACME client with more support for old systems.

3 Likes

thanks Juergen and all.

I’m planning to upgrade the OS, but I have a question:

  • I want to set up a new instance to avoid downtime for the website.
  • But if I set up a new instance with ubuntu 16, can I directly use certbot on this new instance? It will be a new IP.
  • Should I do certbot before I switch the new IP to the domain, or after?
  • Any other recommendation or things I should pay attention to??

Thanks!

Read the basics about Challenge types:

You can’t use http validation on your new server if your domain points to your old server.

But you can always use manual and dns validation, that should always work -> do that on your old server, then you have a new certificate and a lot of time. Then use the new certificate on your new server (copy it manual).

You can do it with a bunch of extra work by creating a temporary additional name for the new server and creating an HTTP redirect from /.well-known/acme-challenge on the old server to the temporary name of the new server. Then the new server can successfully request a certificate for the old server’s name.