Nginx setup in server errors


#1

is there any chance i can run command to get

server.crt and server.key files to replace in nginx ??]]

i tried this command

sudo certbot --nginx certonly
and get this error

nginx: [error] invalid PID number “” in “/run/nginx.pid”
Cleaning up challenges
nginx: [error] invalid PID number “” in “/run/nginx.pid”
Encountered exception during recovery:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 75, in handle_authorizations
resp = self._solve_challenges(aauthzrs)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 139, in _solve_challenges
resp = self.auth.perform(all_achalls)
File “/usr/lib/python3/dist-packages/certbot_nginx/configurator.py”, line 1071, in perform
self.restart()
File “/usr/lib/python3/dist-packages/certbot_nginx/configurator.py”, line 881, in restart
nginx_restart(self.conf(‘ctl’), self.nginx_conf)
File “/usr/lib/python3/dist-packages/certbot_nginx/configurator.py”, line 1141, in nginx_restart
“nginx restart failed:\n%s\n%s” % (out.read(), err.read()))
certbot.errors.MisconfigurationError: nginx restart failed:
b’’
b’’

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot/error_handler.py”, line 108, in _call_registered
self.funcs-1
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 323, in _cleanup_challenges
self.auth.cleanup(achalls)
File “/usr/lib/python3/dist-packages/certbot_nginx/configurator.py”, line 1090, in cleanup
self.restart()
File “/usr/lib/python3/dist-packages/certbot_nginx/configurator.py”, line 881, in restart
nginx_restart(self.conf(‘ctl’), self.nginx_conf)
File “/usr/lib/python3/dist-packages/certbot_nginx/configurator.py”, line 1141, in nginx_restart
“nginx restart failed:\n%s\n%s” % (out.read(), err.read()))
certbot.errors.MisconfigurationError: nginx restart failed:
b’’


#2

any thought guys?please


#3

Hi @gemihema

there are a lot of informations missing. The standard template of #help


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):


#4

My domain is:vmdirect.co.uk
I ran this command:sudo certbot --nginx certonly

It produced this output:

nginx: [error] invalid PID number “” in “/run/nginx.pid”
Cleaning up challenges
nginx: [error] invalid PID number “” in “/run/nginx.pid”
Encountered exception during recovery:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 75, in handle_authorizations
resp = self._solve_challenges(aauthzrs)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 139, in _solve_challenges
resp = self.auth.perform(all_achalls)
File “/usr/lib/python3/dist-packages/certbot_nginx/configurator.py”, line 1071, in perform
self.restart()
File “/usr/lib/python3/dist-packages/certbot_nginx/configurator.py”, line 881, in restart
nginx_restart(self.conf(‘ctl’), self.nginx_conf)
File “/usr/lib/python3/dist-packages/certbot_nginx/configurator.py”, line 1141, in nginx_restart
“nginx restart failed:\n%s\n%s” % (out.read(), err.read()))
certbot.errors.MisconfigurationError: nginx restart failed:
b’’
b’’

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot/error_handler.py”, line 108, in _call_registered
self.funcs-1
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 323, in _cleanup_challenges
self.auth.cleanup(achalls)
File “/usr/lib/python3/dist-packages/certbot_nginx/configurator.py”, line 1090, in cleanup
self.restart()
File “/usr/lib/python3/dist-packages/certbot_nginx/configurator.py”, line 881, in restart
nginx_restart(self.conf(‘ctl’), self.nginx_conf)
File “/usr/lib/python3/dist-packages/certbot_nginx/configurator.py”, line 1141, in nginx_restart
“nginx restart failed:\n%s\n%s” % (out.read(), err.read()))
certbot.errors.MisconfigurationError: nginx restart failed:
b’’
My web server is (include version):

nginx
I can login to a root shell on my machine (yes ):
My hosting provider, if applicable, is: it is didicated server in worldstream.net

I’m using a control panel to manage my site (no):


#5

any help appreciated guys thanks


#6

From the outside, it’s clear that you do not have a regular nginx installation.

Your webserver identifies itself on ports 80 and 443 as WorldShield and tengine, respectively.

Tengine, in particular, appears to be a fork of nginx.

certbot --nginx is unlikely to be able to figure out how to configure Tengine. Certbot is able to automatically configure the type of nginx installations that typically come from either Linux or nginx.org official packages.

Anything else, you need to guide Certbot on what to do.

So perhaps you can help Certbot to identify the right nginx installation:

nginx:
  Nginx Web Server plugin

  --nginx-server-root NGINX_SERVER_ROOT
                        Nginx server root directory. (default: /etc/nginx)
  --nginx-ctl NGINX_CTL
                        Path to the 'nginx' binary, used for 'configtest' and
                        retrieving nginx version number. (default: nginx)

But it’s possible that Certbot is just not compatible with Tengine at all, and you will have to use less complex modes of operation, such as using webroot mode:

certbot certonly --webroot -w /path/to/your/webroot -d example.org

(Only after you setup a suitable webroot).

You also have the option of asking the Tengine community for advice.


#7

What’s your Certbot - version?

Perhaps you have used tls-sni-01 validation, that’s deprecated and not longer supported. But your main configuration is ok (via https://check-your-website.server-daten.de/?q=vmdirect.co.uk ):

Domainname Http-Status redirect Sec. G
http://vmdirect.co.uk/
185.132.133.148 200 0.047 H
http://www.vmdirect.co.uk/
185.132.133.148 200 0.046 H
https://vmdirect.co.uk/
185.132.133.148 -2 1.077 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 185.132.133.148:443
https://www.vmdirect.co.uk/
185.132.133.148 -2 1.063 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 185.132.133.148:443
http://vmdirect.co.uk/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
185.132.133.148 404 0.047 A
Not Found
Visible Content: 404 Not Found nginx
http://www.vmdirect.co.uk/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
185.132.133.148 404 0.046 A
Not Found
Visible Content: 404 Not Found nginx

Port 80 is open, checking /.well-known/acme-challenge/unknown-file answers with a correct http status 404 - Not Found.

So you should always be able to use your webroot:

certbot run -a webroot certonly -w yourWebRoot -d vmdirect.co.uk -d www.vmdirect.co.uk

But if your certbot version is too old, first you should update your certbot.

PS: There is no older Letsencrypt certificate

https://crt.sh/?q=vmdirect.co.uk

So it’s your first certificate, so you should have a new Certbot.


#8

as mentioned in first post

i need
server.crt and server.key files to replace in nginx
to replace in nginx as nginx is installed in

/home/xtreamcodes/iptv_xtream_codes/nginx/conf


#9

can i obtain server.crt and server.key
in differant server fir this domain ??? please help


#10

What’s the result executing the webroot command?


#11

i have tried it in another server and it worked
for another domain but i need the server.crt and server .key to replace in nginx

results

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/this-is-backup.co.uk/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/this-is-backup.co.uk/privkey.pem
    Your cert will expire on 2019-06-12. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot again
    with the “certonly” option. To non-interactively renew all of

#12

Then you have all you want.

Certonly = you have to do additional steps.