I want to setup a cert on port 443

My domain is: raidhosting.nl (but want to use a subdomain panel.raidhosting.nl)

I ran this command:
acme.sh --issue --alpn --pre-hook “systemctl stop nginx” --post-hook “systemctl start nginx” -d panel.raidhosting.nl

It produced this output: https://hastebin.com/tacoxegano.cs

My web server is (include version): nginx 1.10.3

The operating system my web server runs on is (include version): Ubuntu Server 16.04 (LTS)

My hosting provider, if applicable, is: no

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

I want to setup pterodactyl on port 443 because my Isp uses port 80.
I’m following this guide to set this up but it doesn’t work for me but if there is another guide please lmk.

It seems that it was unable to run the pre and post hook commands.
Try running the command with sudo.

If i run it with sudo it doesn’t find the command, that’s the same when i do it with root

Perhaps changing:

To something more like:
"sudo ./systemctl stop nginx"

It’s still giving me an error

Maybe try service nginx stop and service nginx start instead?

I’m getting this when doing it your way @schoen i’m getting this in the log file:
https://hastebin.com/saduqavoha.cs
I don’t know it is an issue with cert bot or with nginx because nginx won’t even start now.

Perhaps the OpenSSL server that acme.sh started is still running and still listening on port 443?

@Neilpang, would you be willing to advise about this?

I can try restarting the host, but before that didn’t help maybe it’ll stop acme.sh.

You could potentially run pidof openssl to find the OpenSSL server and then kill -9 that process ID (if that’s the problem). Or ss -plt.

That probably isn’t the problem because when i run

ss -plt

I get this:

State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 70 127.0.0.1:mysql :
LISTEN 0 128 :ssh :
LISTEN 0 128 :::ssh :::

and get this when running

systemctl status nginx

What i get:

● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Thu 2019-10-10 20:52:48 CEST; 28min ago
Process: 1353 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=1/FAILURE)

Oct 10 20:52:43 pterodactyl systemd[1]: Starting A high performance web server and a reverse proxy server…
Oct 10 20:52:47 pterodactyl nginx[1353]: nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/panel.raidhosting.nl/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(’/etc/letsencrypt/live/pane
Oct 10 20:52:47 pterodactyl nginx[1353]: nginx: configuration file /etc/nginx/nginx.conf test failed
Oct 10 20:52:48 pterodactyl systemd[1]: nginx.service: Control process exited, code=exited status=1
Oct 10 20:52:48 pterodactyl systemd[1]: Failed to start A high performance web server and a reverse proxy server.
Oct 10 20:52:48 pterodactyl systemd[1]: nginx.service: Unit entered failed state.
Oct 10 20:52:48 pterodactyl systemd[1]: nginx.service: Failed with result ‘exit-code’.

Did you delete a cert recently?

1 Like

I believe not. Why is that that problem? Then I prob did.

1 Like

If your certificate is mentioned in an nginx configuration file, then you have to delete or edit that nginx configuration file when deleting the referenced certificate. Neither Certbot nor nginx have features that will do this for you.

Oh that could be the issue because yesterday I setup cloudflare wrong, so it couldn’t connect. But before I noticed it hit the limit of 5 per hour. Where would I change that?

Try

grep -r /etc/letsencrypt/live/panel.raidhosting.nl/fullchain.pem /etc/nginx

to find where it’s referenced in your nginx configuration.

acme.sh’s installer sets up a shell alias for the current user when you install it. If you install it as a normal user it will set up the shell alias for that user, so it won’t be set up for root. Maybe try installing it as root, then running it as root?

1 Like

@jmorahan if I try executing it as root it doesn’t find the command, when I do sudo it does the same thing.

Yeah, but did you originally install it as root? eg.

$ sudo -i
# curl https://get.acme.sh | sh
# exit     # logout and login again to activate the shell alias
$ sudo -i
# acme.sh --issue --alpn --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx" -d panel.raidhosting.nl

I’ll try that tomorrow. And thanks for all the help! (all of you).