Sudo certbot --nginx gives error "permanently dropping privs did not work"

My domain is:

I ran this command: sudo certbot --nginx

It produced this output: permanently dropping privs did not work

My web server is (include version): nginx 1.14.1

The operating system my web server runs on is (include version): AlmaLinux release 8.7 (Stone Smilodon)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): N/A can't install certbot

Hi @Lance.Lewis, and welcome to the LE community forum :slight_smile:

These two statements confuse me:

How did you (try to) install certbot?


Please provide more of the output, preferably the entire log file at /var/log/letsencrypt/letsencrypt.log.


It looks like this error comes verbatim from snapd.

I tried installing Certbot via snapd on an AlmaLinux 8.7 x86_64 server and it worked OK for me. I'm not sure what would cause this.

I found a single report that looks to be the same issue here (about Certbot too, actually!) in this GitHub comment.

The reporter seems to suggest that trying to execute Certbot the first time via some magical combination of logged in user/sudo worked for them.

Maybe you can try:

  • Login directly as root and then run Certbot without using sudo, or
  • Login as a non-root user and run Certbot using sudo, or
  • Login as a non-root user and sudo su - and then don't use sudo to run Certbot, or
  • Login as a non-root user and sudo su - and then do use sudo to run Certbot.


You are correct the two statements don't make sense. I originally ran into problems with the yum install of certbot and created the ticket. I was, however, able to get around the certbot install issue then ran into the certbot --nginx issue. I should have updated this on the ticket.

1 Like

There is no log file in that dir or other.

Probably because the bug in snap makes that Certbot doesn't even get a chance to run.. And as the issue is with snap, it wouldn't matter anyway I'm afraid.


Thank you for the link and information. Based upon this I tried a few more attempts from a clean OS image. I was finally able to get past by using a standard user account with SUDO privileges.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.