What is the output when you run /etc/init.d/nginx restart? You should see something like this if it works:
* Restarting nginx nginx [ OK ]
Error logs are typically in /var/log/nginx/error.log. You might also want to check /var/log/syslog for nginx-related messages around the time you try the restart.
When I run that command sudo /etc/init.d/nginx restart it shows this,
nginx stop/waiting
nginx start/running
When i check /var/log/nginx.error.log, there is a whole list of,
2016/06/29 09:14:22 [emerg] 14970#14970: bind() to 0.0.0.0:443 failed (98: Address already in use)
2016/06/29 09:14:22 [emerg] 14970#14970: bind() to 0.0.0.0:80 failed (98: Address already in use)
2016/06/29 09:14:22 [emerg] 14970#14970: bind() to [::]:80 failed (98: Address already in use)
When I check /var/log/syslog, there is a very long list, some of it is,
Jun 29 06:38:57 kz sendmail[14050]: My unqualified host name (kz) unknown; sleeping for retry
Jun 29 06:39:01 kz CRON[14052]: (root) CMD ( [ -x /usr/lib/php5/maxlifetime ] && [ -x /usr/lib/php5/sessionclean ] && [ -d /var/lib/php5 ] && /usr/lib/php5/sessionclean /var/lib$
Jun 29 06:39:57 kz sendmail[14050]: unable to qualify my own domain name (kz) ā using short name
Jun 29 06:39:57 kz sendmail[14050]: u5SMdvEQ014050: from=root, size=554, class=0, nrcpts=1, msgid=201606282239.u5SMdvEQ014050@kz, relay=root@localhost
Jun 29 06:39:57 kz sm-mta[14065]: u5SMdvLE014065: from=root@kz, size=766, class=0, nrcpts=1, msgid=201606282239.u5SMdvEQ014050@kz, proto=ESMTP, daemon=MTA-v4, relay=localhost$
Jun 29 06:39:57 kz sendmail[14050]: u5SMdvEQ014050: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30554, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.$
Jun 29 06:39:57 kz sm-mta[14066]: u5SMdvLE014065: to=root@kz, ctladdr=root@kz (0/0), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30947, dsn=2.0.0, stat=Sent
Jun 29 06:40:01 kz CRON[14069]: (smmsp) CMD (test -x /etc/init.d/sendmail && /usr/share/sendmail/sendmail cron-msp)
It certainly seems as if you have 2 versions of nginx running.
does
service nginx status
give any clues ?
odd that when you did a "ps aux | grep nginx " it didn't show up a different version. Personally I'd be tempted to restart the server, at least that should clear / restart whatever versions of nginx there are ...
Iām guessing /etc/init.d/nginx doesnāt have the PID of your running nginx instance for some reason and thinks nginx ist stopped. Rebooting the server like @serverco suggested might be a good idea, or a kill -9 on your nginx master process, followed by a service nginx start.
Your initial logs show that there was something fishy going on with your apt installation of nginx (did you switch to the nginx deb repository by any chance? If thereās some difference between the init scripts of those packages, this might account for the weird restart behaviour.), so this would be more or less unrelated to Letās Encrypt and only came up because letsencrypt-auto happens to run apt-get update during installation.
As Iām really a total server noob, the only setup I did was just following some tutorial to install nginx and set up the virtual hosts. After that itās the letsencrypt installation. Not sure where down the route a second nginx instance came aboutā¦
How do I use the kill -9 command? Or reboot the server? Tried typing it straight in but got back,
kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ā¦ or kill -l [sigspec]
rebooting is as simple as reboot. To kill the master process, the syntax is kill -9 <PID>, so kill -9 30389 (thatās the PID from your ps aux | grep nginx output earlier).
Ah the reboot worked! Thanks!!!
The certs are linked properly nowā¦
Butā¦ Do I need to reboot every month when I get a new cert, etc?
It seems the cron job didnāt activate too, is it because of the two instances issue?
No, that was related to the problem with the nginx package. Just to be sure a service nginx restart is working now, I would recommend repeating the earlier test (i.e.: ps aux | grep nginx, then service nginx restart, then ps aux | grep nginx and confirm that the nginx master process PID has changed between the two ps aux outputs).
That's not done automatically (with the small exception of the packaged Debian version of certbot).
You probably want something like this in your crontab:
The --post-hook takes care of restarting nginx when your certificate is renewed (not every time the cron runs!). The client will be executed twice a day (that's the recommendation) and will only renew when necessary.
Does this mean the restart worked? Not really sure what to look at to compare.
My current cron job is this,
22 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log
27 2 * * 1 /etc/init.d/nginx reload
Should I add the line,
50 */12 * * * /opt/letsencrypt/letsencrypt-auto renew --post-hook "service nginx restart"
too?
Or switch out the nginx reload to service nginx restart?
Yes, that means the restart appears to have worked. Two things to notice, the first number after each item in that list changed, that number is a process ID, it stays the same for the lifetime of a process, so the old processes went away, and new ones were created. Second, the original output has dates in it āJun30ā and the new has times ā09:03ā, this column is narrow, so the code puts either a time today, or if the process is a day or more old it puts the date (actually if itās a year or more old it puts the year, but most people should never have processes running for more than a year due to security patches)
You can replace BOTH items from your current cron job with the single line pfg recommended.
Right now your job says, every morning at about 02:22 try to renew, and then at 02:27 try to restart nginx. Whereas pfgās suggestion will try to renew (but usually do nothing, the renew step is automatically skipped when your certificates donāt need renewing yet) twice per day, and ONLY restart nginx if the renewal actually happened.
Thanks so much for everyoneās help! These server stuff has been really confusing, but Iām making baby steps forward! =D
Edit: Sorry, one more question, what does 50 */12 * * * actually mean. Which part of it represents twice a day, etc? I tried running that through a cron translater but returned an error. =(