Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
The nginx plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError()
2018-03-15 18:22:14,627:DEBUG:certbot.main:certbot version: 0.22.0
2018-03-15 18:22:14,627:DEBUG:certbot.main:Arguments: ['--nginx']
2018-03-15 18:22:14,627:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2018-03-15 18:22:14,645:DEBUG:certbot.log:Root logging level set at 20
2018-03-15 18:22:14,645:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2018-03-15 18:22:14,646:DEBUG:certbot.plugins.selection:Requested authenticator nginx and installer nginx
2018-03-15 18:22:14,647:DEBUG:certbot.plugins.disco:No installation (PluginEntryPoint#nginx):
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/certbot/plugins/disco.py", line 126, in prepare
self._initialized.prepare()
File "/usr/lib/python2.7/site-packages/certbot_nginx/configurator.py", line 131, in prepare
raise errors.NoInstallationError
NoInstallationError
2018-03-15 18:22:14,647:DEBUG:certbot.plugins.selection:No candidate plugin
2018-03-15 18:22:14,647:DEBUG:certbot.plugins.selection:Selected authenticator None and installer None
My web server is (include version):
nginx version: nginx/1.12.2
The operating system my web server runs on is (include version):
CentOS 7
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
thanks for your reply. I wish it was so simple. See below. Any help is hugely appreciated.
Also, I already saw that GitHub post earlier, and also created the symlinks. The issue remains.
which nginx
/usr/sbin/nginx
yum info nginx
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.vooservers.com
* epel: mirror.bytemark.co.uk
* extras: mirrors.melbourne.co.uk
* remi-safe: mirror.netweaver.uk
* updates: mirror.bytemark.co.uk
Installed Packages
Name : nginx
Arch : x86_64
Epoch : 1
Version : 1.12.2
Release : 1.el7
Size : 1.5 M
Repo : installed
From repo : epel
Summary : A high performance web server and reverse proxy server
URL : http://nginx.org/
Licence : BSD
Description : Nginx is a web server and a reverse proxy server for HTTP, SMTP,
: POP3 and IMAP protocols, with a strong focus on high concurrency,
: performance and low memory usage.
nginx -V
nginx version: nginx/1.12.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_perl_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream=dynamic --with-stream_ssl_module --with-google_perftools_module --with-debug --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' --with-ld-opt='-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E'
OK, I’ll try that tomorrow first thing and report back. I installed (and started using) nginx only today, and everything is working well. The issue is only certbot.
I agree with @stevenzhu that this error ordinarily means that Certbot can’t find your copy of nginx, which doesn’t necessarily mean that nginx isn’t installed.
One thing to be aware of is that certbot renew (which is normally supposed to be run automatically from cron) might or might not work on your system because of this issue. You might want to keep an eye on this to investigate whether or not automated renewal is or isn’t working for you. Let’s Encrypt certificates expire after 90 days and certbot renew will start attempting to renew your certificate if run after 60 days from now (May 14, 2018).
certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/editor.curioustravellers.ac.uk.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal
-------------------------------------------------------------------------------
The following certs are not due for renewal yet:
/etc/letsencrypt/live/editor.curioustravellers.ac.uk/fullchain.pem expires on 2018-06-12 (skipped)
No renewals were attempted.
Hard to say, since it didn't actually attempt a renewal (since one wasn't due yet). Maybe try with --dry-run to see what would happen if a renewal was due.
Although if you run that from root's cron, $PATH is just root's path anyway, right? So maybe echo "$PATH" as a normal user and put the literal path in the cron job. (ie, if echo "$PATH" prints, say, /bin:/usr/bin:/usr/sbin, then put env PATH="/bin:/usr/bin:/usr/sbin" certbot renew --quiet in cron)
This is not a totally realistic test because it uses the command-line environment rather than the crontab environment, which can often be different.
This is a potentially valid solution, but its effects similarly won't be known until mid-May.
There is a way to test somewhat more realistically with --force-renew but I don't think I really want to encourage people to ever put than in a cron job, even for testing purposes. So if you don't mind waiting, @lguariento, I would suggest waiting until May and then seeing what happens.
Attempting to renew cert (editor.curioustravellers.ac.uk) from /etc/letsencrypt/renewal/editor.curioustravellers.ac.uk.conf produced an unexpected error: Failed authorization procedure. editor.curioustravellers.ac.uk (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://editor.curioustravellers.ac.uk/.well-known/acme-challenge/cHAGyYrzSI53A6y2fo_4_jzvX1hH1S3ooJUzJsNnTHE: Timeout. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/editor.curioustravellers.ac.uk/fullchain.pem (failure)
error. I have a /var/www/certbot folder with 755 access and a
Hmm, when I try to access your site over HTTPS I get a timeout. You get a 404, which is an odd difference. Do you have a firewall blocking port 443 for particular IP ranges or something like that?
So if you don't mind waiting,