Nginx invalid PID number "" error during certbot renew


#1

Hi i use Fedora 27 and nginx.

When i try sudo certbot renew --dry-run

i have this output

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/politkrytyka.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.politkrytyka.org
http-01 challenge for politkrytyka.org
Using default address 80 for authentication.
nginx: [error] invalid PID number "" in "/run/nginx.pid"
Cleaning up challenges
nginx: [error] invalid PID number "" in "/run/nginx.pid"
Encountered exception during recovery: 
Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/certbot/auth_handler.py", line 75, in handle_authorizations
    resp = self._solve_challenges(aauthzrs)
  File "/usr/lib/python3.6/site-packages/certbot/auth_handler.py", line 126, in _solve_challenges
    resp = self.auth.perform(all_achalls)
  File "/usr/lib/python3.6/site-packages/certbot_nginx/configurator.py", line 1049, in perform
    self.restart()
  File "/usr/lib/python3.6/site-packages/certbot_nginx/configurator.py", line 859, in restart
    nginx_restart(self.conf('ctl'), self.nginx_conf)
  File "/usr/lib/python3.6/site-packages/certbot_nginx/configurator.py", line 1119, in nginx_restart
    "nginx restart failed:\n%s\n%s" % (out.read(), err.read()))
certbot.errors.MisconfigurationError: nginx restart failed:
b''
b''

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/certbot/error_handler.py", line 108, in _call_registered
    self.funcs[-1]()
  File "/usr/lib/python3.6/site-packages/certbot/auth_handler.py", line 310, in _cleanup_challenges
    self.auth.cleanup(achalls)
  File "/usr/lib/python3.6/site-packages/certbot_nginx/configurator.py", line 1068, in cleanup
    self.restart()
  File "/usr/lib/python3.6/site-packages/certbot_nginx/configurator.py", line 859, in restart
    nginx_restart(self.conf('ctl'), self.nginx_conf)
  File "/usr/lib/python3.6/site-packages/certbot_nginx/configurator.py", line 1119, in nginx_restart
    "nginx restart failed:\n%s\n%s" % (out.read(), err.read()))
certbot.errors.MisconfigurationError: nginx restart failed:
b''
b''
Attempting to renew cert (politkrytyka.org) from /etc/letsencrypt/renewal/politkrytyka.org.conf produced an unexpected error: nginx restart failed:
b''
b''. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/politkrytyka.org/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/politkrytyka.org/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

i checked /run/nginx.pid and it’s empty…

what i should do?


Action required: Let's Encrypt certificate renewals
#2

Hi. I’ve moved your post to a new topic.

Is Nginx running?


#3

Hi
Yes, it works fine.


#4

What is the pid location used in the nginx.conf file?
Where is the actual nginx.pid file?


#5

In nginx.conf pid option is commented

#pid        logs/nginx.pid;

actual nginx.pid in /run directory, and it empty


#6

If /run is empty, then that is not where the pid is…
Try:
find / -name nginx.pid


#7

I mean that, i have /run/nginx.pid, but this file is empty


#8

The nginx.pid file should always be either:

  • not there (deleted) = when nginx is stopped
  • contains a number (PID) = while nginx is running

The nginx.pid file should never be empty.

I would:
sudo service nginx stop
sudo rm /run/nginx.pid
sudo service nginx start

Then recheck the file’s content:
sudo cat /run/nginx.pid


#9

After sudo service nginx stop and sudo rm /run/nginx.pid server didn’t stop working.

And when I tried sudo service nginx start, I had:

Redirecting to /bin/systemctl start nginx.service
Job for nginx.service failed because the control process exited with error code.
See "systemctl  status nginx.service" and "journalctl  -xe" for details.

Here output of systemctl status nginx.service

● nginx.service - The nginx HTTP and reverse proxy server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
  Drop-In: /usr/lib/systemd/system/nginx.service.d
           └─php-fpm.conf
   Active: failed (Result: exit-code) since Fri 2019-02-15 11:16:15 EET; 4min 0s ago
  Process: 17525 ExecStart=/usr/sbin/nginx (code=exited, status=1/FAILURE)
  Process: 17524 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
  Process: 17523 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
 Main PID: 29019 (code=exited, status=0/SUCCESS)

Feb 15 11:16:14 bigkrp.localdomain nginx[17525]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Feb 15 11:16:14 bigkrp.localdomain nginx[17525]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
Feb 15 11:16:14 bigkrp.localdomain nginx[17525]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Feb 15 11:16:15 bigkrp.localdomain nginx[17525]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
Feb 15 11:16:15 bigkrp.localdomain nginx[17525]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Feb 15 11:16:15 bigkrp.localdomain nginx[17525]: nginx: [emerg] still could not bind()
Feb 15 11:16:15 bigkrp.localdomain systemd[1]: nginx.service: Control process exited, code=exited status=1
Feb 15 11:16:15 bigkrp.localdomain systemd[1]: Failed to start The nginx HTTP and reverse proxy server.
Feb 15 11:16:15 bigkrp.localdomain systemd[1]: nginx.service: Unit entered failed state.
Feb 15 11:16:15 bigkrp.localdomain systemd[1]: nginx.service: Failed with result 'exit-code'.

And output of journalctl -xe

Feb 15 11:17:52 bigkrp.localdomain audit[17539]: CRYPTO_KEY_USER pid=17539 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:
Feb 15 11:17:52 bigkrp.localdomain audit[17539]: CRYPTO_KEY_USER pid=17539 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:
Feb 15 11:17:52 bigkrp.localdomain audit[17539]: CRYPTO_KEY_USER pid=17539 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:
Feb 15 11:17:52 bigkrp.localdomain audit[17539]: USER_LOGIN pid=17539 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0
Feb 15 11:17:53 bigkrp.localdomain audit[732]: AVC avc:  denied  { map } for  pid=732 comm="php-fpm" path="/srv/www/wordpress/public_html/.use
Feb 15 11:17:58 bigkrp.localdomain audit[728]: AVC avc:  denied  { map } for  pid=728 comm="php-fpm" path="/srv/www/wordpress/public_html/.use
Feb 15 11:17:58 bigkrp.localdomain audit[6091]: AVC avc:  denied  { map } for  pid=6091 comm="php-fpm" path="/srv/www/wordpress/public_html/.u
Feb 15 11:18:21 bigkrp.localdomain audit[742]: AVC avc:  denied  { map } for  pid=742 comm="php-fpm" path="/srv/www/wordpress/public_html/.use
Feb 15 11:18:48 bigkrp.localdomain sshd[17541]: Did not receive identification string from 103.63.215.102 port 57600
Feb 15 11:18:48 bigkrp.localdomain audit[17541]: CRYPTO_KEY_USER pid=17541 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:
Feb 15 11:18:48 bigkrp.localdomain audit[17541]: CRYPTO_KEY_USER pid=17541 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:
Feb 15 11:18:48 bigkrp.localdomain audit[17541]: CRYPTO_KEY_USER pid=17541 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:
Feb 15 11:18:55 bigkrp.localdomain audit[6079]: AVC avc:  denied  { map } for  pid=6079 comm="php-fpm" path="/srv/www/wordpress/public_html/.u
Feb 15 11:19:16 bigkrp.localdomain audit[727]: AVC avc:  denied  { map } for  pid=727 comm="php-fpm" path="/srv/www/wordpress/public_html/.use
Feb 15 11:19:26 bigkrp.localdomain audit[6085]: AVC avc:  denied  { map } for  pid=6085 comm="php-fpm" path="/srv/www/wordpress/public_html/.u
Feb 15 11:19:31 bigkrp.localdomain audit[6084]: AVC avc:  denied  { map } for  pid=6084 comm="php-fpm" path="/srv/www/wordpress/public_html/.u
Feb 15 11:19:54 bigkrp.localdomain audit[17543]: CRYPTO_KEY_USER pid=17543 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:
Feb 15 11:19:54 bigkrp.localdomain audit[17543]: CRYPTO_KEY_USER pid=17543 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:
Feb 15 11:19:54 bigkrp.localdomain audit[17543]: CRYPTO_KEY_USER pid=17543 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:
Feb 15 11:19:54 bigkrp.localdomain audit[17542]: CRYPTO_SESSION pid=17542 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s
Feb 15 11:19:54 bigkrp.localdomain audit[17542]: CRYPTO_SESSION pid=17542 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s
Feb 15 11:19:55 bigkrp.localdomain audit[436]: USER_AVC pid=436 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0
                                                exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
Feb 15 11:19:55 bigkrp.localdomain sshd[17542]: Invalid user usr01 from 50.39.111.9 port 53310
Feb 15 11:19:55 bigkrp.localdomain sshd[17542]: Received disconnect from 50.39.111.9 port 53310:11: Bye Bye [preauth]
Feb 15 11:19:55 bigkrp.localdomain sshd[17542]: Disconnected from invalid user usr01 50.39.111.9 port 53310 [preauth]
Feb 15 11:19:55 bigkrp.localdomain audit[17542]: CRYPTO_KEY_USER pid=17542 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:
Feb 15 11:19:55 bigkrp.localdomain audit[17542]: CRYPTO_KEY_USER pid=17542 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:
Feb 15 11:19:55 bigkrp.localdomain audit[17542]: USER_ERR pid=17542 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c
Feb 15 11:19:55 bigkrp.localdomain audit[17542]: CRYPTO_KEY_USER pid=17542 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:
Feb 15 11:19:55 bigkrp.localdomain audit[17542]: CRYPTO_KEY_USER pid=17542 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:
Feb 15 11:19:55 bigkrp.localdomain audit[17542]: CRYPTO_KEY_USER pid=17542 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:
Feb 15 11:19:55 bigkrp.localdomain audit[17542]: USER_LOGIN pid=17542 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0
Feb 15 11:20:33 bigkrp.localdomain audit[24504]: AVC avc:  denied  { map } for  pid=24504 comm="php-fpm" path="/srv/www/wordpress/public_html/

#10

This is NOT good.
If you find running nginx instances after issuing sudo service nginx stop, then you should probably kill them or just reboot the entire system (once).
[this shouldn’t happen - something has gone terribly wrong]