Running certbot just returns with no action

Help
1

Please fill out the fields below so we can help you better.

My domain is: resolved locally, and through a no-ip ddns service

I ran this command: sudo certbot --webroot -w /var/www/html -d local.domain

It produced this output: nothing, just returned to shell

My web server is (include version): latest nginx

The operating system my web server runs on is (include version): debian jessie

My hosting provider, if applicable, is: self

I can login to a root shell on my machine (yes or no, or I donā€™t know): yes

Iā€™m using a control panel to manage my site (no, or provide the name and version of the control panel): no

2

Hi @dirtyelf,

Did you get a log file in /var/log/letsencrypt?

3

oddly i dont have a letsencrypt dir in /var/logā€¦

4

Hmmm! Maybe try which certbot? And head $(which certbot)?

5

/usr/bin/certbot

#!/usr/bin/python
# EASY-INSTALL-ENTRY-SCRIPT: 'certbot==0.10.2','console_scripts','certbot'
__requires__ = 'certbot==0.10.2'
import re
import sys
from pkg_resources import load_entry_point

if __name__ == '__main__':
    sys.argv[0] = re.sub(r'(-script\.pyw?|\.exe)?$', '', sys.argv[0])
    sys.exit(
6

Are you sure the site is accessible on port 80 from the Internet?
Does the no-ip ddns service resolve your FQDN as IPv4, IPv6, both?

7

bear with me, iā€™m new-ish to this stuffā€¦ i am interested in learning and have been reading up on http/https/webservers/security/etcā€¦ iā€™ve setup a webserver and a local dns server (bind) to resolve an address locally. then setup a no-ip ddns account to access the webserve from the outside world. i figured since it is now ā€œoutsideā€ https would be a good idea and thatā€™s how i ended up here.

i am able to access the site externally via my no-ip ddns address and the only port i have forwarded to the serverā€™s ip on my router is 80 at the moment, not sure how to determine IPv4 vs IPv6

i get the impression that https is useless (or not possible) when resolving internally?

i appreciate the responses! iā€™m sure iā€™ll get this figured out with a bit of help

8

nslookup your.no-ip.name

If you intend on providing secured web services, then allow port 443 as well.

Not sure what you mean here, but https is basically http with added security.
If you can get to the site via http then you should be able to get to it via https.

9

Https has its uses internally, as it would prevent other devices on your network from eavesdropping on communications over the encrypted connection. However, setting TLS up internally often involves running your own local CA. Not technically required, but usually far simpler than trying to maintain ā€˜realā€™ certs on internal domains.

What are you actually putting in for local.domain? Is it the public ddns domain?

One way to check if you have IPv6 records set up (fā€™you probably donā€™t and thatā€™s probably not the case here, but itā€™s educational) is the command dig domain.no-ip.com AAAA, obviously replacing that with your real domain. It will return any IPv6 DNS records for that domain.

Either way, this is all tangential to the issue of certbot not doing anything. How did you go about installing Certbot initially?

10

nslookup returns a server and an address as well as a non-authoritative answer with a name and an address

i intended on forwarding that port once i had the certs up, do i need to do that beforehand?

yes, that makes sense. i dont know how it differs when it is a local dns server resolving a local ip. my plan was to list both addresses on the cert so that locally i could use https as well as when connecting externally. perhaps that isnt the best idea?

yes.

i installed certbot with apt-get and jessie backdoor

11

You won't be able to issue a Let's Encrypt certificate for an internal name. It must be a publicly accessible name with a valid TLD (.com, .org, .wtf (yes it's real now), etc.) This setup gets a bit tricky and complicated, let's focus on one objective at a time.

12

ok. even running the command without my local name in a -d field produces the same resultā€¦ nothing.

13

Something very odd is going on. Itā€™s as though something is preventing it from executing. Try sudo python and see if you get a terminal prompt for a python interpreter. (Use quit() to get out of this prompt.)

14

Guys, is the server down or something? letsencrypt.status.io

15

This should also be irrelevant to the main issue of certbot not outputting anything to the terminal.

16 
Python 2.7.9 (default, Sep 17 2016, 20:26:04) 
[GCC 4.9.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> 
KeyboardInterrupt
>>> quit()
17

what have i done?! :cold_sweat:

if i run certbot -auto i get illegal instruction returned

If i run sudo certbot -auto i get nothing, return to shell

18

Hahaha, thatā€™s not you. =]

So this might end up being tedious, but Iā€™m trying to eliminate one issue at a time. Try these:

Make a file called test.py, in it place the following:

print('Hello world!')

Close it and run sudo python test.py and tell me if ā€˜hello world!ā€™ displays.

Next up, try sudo su to get a root shell and run certbot from there. This is starting to sound like some security issue, but Iā€™m more knowledgeable about centos/red hat than Debian an the security side.

Finally, what happens if you Ren certbot without sudo?

19

  • printed hello world to the console no problem

  • ran sudo bash for root shell (necessary on raspberryPi from my understanding) and when i run certbot certonly --webroot -w /var/www/html -d X.mynetgear.com i get illegal instruction returned

  • bash: Ren: command not found

20

thank you for your help so farā€¦ i must go to sleep. day job commences in t-minus 5 hoursā€¦

iā€™ll check back here later