Bummer. Thought it was good chance that would work.
Before going further with --webroot you could try removing the two lines for stapling. The other person said it resolved their similar hang.
Either remove or comment out these. They'll be obsolete for Let's Encrypt soon anyway.
ssl_stapling on;
ssl_stapling_verify on;
Then try this to check if hangs
EDIT: Oh, don't forget to reload nginx after any config changes and then try this:
sudo certbot certonly --dry-run --nginx -d program.youimpact.com
We'll get you to an auto-renew one way or another. Don't worry.
3 Likes
clifmo
22
This seems to have resolved it. I don't see any hanging certbot process but will check back again to be sure.
3 Likes
Interesting. Please do confirm and report back.
I have an nginx system with those stapling lines and it renews fine using --nginx plugin. Even using same Certbot snap version as you.
If you confirm then something in combination with those must be the cause.
As to your next steps, be sure to run this to get new production cert and reset the Certbot renewal profile for auto-renew
sudo certbot --nginx -d program.youimpact.com
Go ahead and allow upgrade to ECDSA cert unless you know you need RSA (you don't if you just use it with that nginx)
Then, test your renew with
sudo certbot renew --dry-run
If that works you should be good.
3 Likes
clifmo
24
New auto-renew cert works as expected, dry run, too.
3 Likes
system
Closed
25
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.