Nginx wont start after trying to get new Certifcate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:onebeautyworld.com

I ran this command:certbot certonly --nginx -d onebeautyworld.com,www.onebeautyworld.com --http-01-port 8080
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for onebeautyworld.com
http-01 challenge for www.onebeautyworld.com
nginx: [error] invalid PID number “” in “/run/nginx.pid”
Cleaning up challenges
nginx: [error] invalid PID number “” in “/run/nginx.pid”
Encountered exception during recovery:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 75, in handle_authorizations
resp = self._solve_challenges(aauthzrs)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 139, in _solve_challenges
resp = self.auth.perform(all_achalls)
File “/usr/lib/python3/dist-packages/certbot_nginx/configurator.py”, line 1071, in perform
self.restart()
File “/usr/lib/python3/dist-packages/certbot_nginx/configurator.py”, line 881, in restart
nginx_restart(self.conf(‘ctl’), self.nginx_conf)
File “/usr/lib/python3/dist-packages/certbot_nginx/configurator.py”, line 1141, in nginx_restart
“nginx restart failed:\n%s\n%s” % (out.read(), err.read()))
certbot.errors.MisconfigurationError: nginx restart failed:
b’’
b’’

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot/error_handler.py”, line 108, in _call_registered
self.funcs-1
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 323, in _cleanup_challenges
self.auth.cleanup(achalls)
File “/usr/lib/python3/dist-packages/certbot_nginx/configurator.py”, line 1090, in cleanup
self.restart()
File “/usr/lib/python3/dist-packages/certbot_nginx/configurator.py”, line 881, in restart
nginx_restart(self.conf(‘ctl’), self.nginx_conf)
File “/usr/lib/python3/dist-packages/certbot_nginx/configurator.py”, line 1141, in nginx_restart
“nginx restart failed:\n%s\n%s” % (out.read(), err.read()))
certbot.errors.MisconfigurationError: nginx restart failed:
b’’
b’’
nginx restart failed:
b’’
b’’

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.31.0

It seems the nginx configuration was already “damaged” prior to running certbot.

These are from the certbot User Guide:

Authenticators are plugins used with the certonly command to obtain a certificate. The authenticator validates that you control the domain(s) you are requesting a certificate for, obtains a certificate for the specified domain(s), and places the certificate in the /etc/letsencrypt directory on your machine. The authenticator does not install the certificate (it does not edit any of your server’s configuration files to serve the obtained certificate). If you specify multiple domains to authenticate, they will all be listed in a single certificate. To obtain multiple separate certificates you will need to run Certbot multiple times.

Port used in the http-01 challenge. This only affects the port Certbot listens on. A conforming ACME server will still attempt to connect on port 80. (default: 80)

So what was the last thing that changed?
Do you have a backup/working config?

Looks like a previously started nginx instance was killed somehow, but not cleanly, and left a previous PID number in /run/nginx.pid. Does your nginx even start regardless of certbot?

No. It gives the following error:

root@ip-172-31-17-82:/# service nginx start
Job for nginx.service failed because the control process exited with error code.
See “systemctl status nginx.service” and “journalctl -xe” for details.

I had stopped it myself before trying to install, using command Systemctl stop nginx
:-/ and than tried installing new certificate because i changed domain. afterwards, that didnt work and Nginx wont start either.

I am so sorry but I have to say I am a little new to all this. All I know is that I had another domain working perfectly with a SSL. Than I changed the domain so wanted to install new certificate. Previously when I installed, I had to stop nginx service. that’s what i did this time also before running command. That didnt work and now nginx wont start either.

I change the site-available configuration, added server_name (new domain); Stopped nginx and now in this problem

Retrace your editing steps.
Perhaps there is a TYPO in there somewhere.
Or try:

I restarted the Instance on EC2 and nginx started, Got the certificate confirmation also. But now when I am accessing the website it shows the certifcate for the previous domain instead of a new one. Resulting in google Warning.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: onebeautyworld.com

I ran this command: sudo certbot certonly --nginx -d onebeautyworld.com,www.onebeautyworld.com --http-01-port 8080

It produced this output:

My web server is (include version): nginx version: nginx/1.14.0 (Ubuntu)

The operating system my web server runs on is (include version): Linux

My hosting provider, if applicable, is: EC2 - AWS

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.31.0

do you have a reverse proxy that will let certbot exit on port 80? because validation will only work on port 80.

anyhow, you are serving a certificate for another domain name. you should probably read certbot's documentation on how to get a fresh certificate for your current domain, and don't use certonly if you also want certbot to install the certificate.

Hi @hamdani

there is no problem visible, there is a valid Letsencrypt certificate.