Hi,
I set up certbot and is due for its first renewal. And when I try sudo certbot renew it gives command not found error. I guess it is a path error. Except that I cannot seem to find where it is located.
When I created it (I had saved the commands) I used: sudo certbot --nginx. I do not remember which directory.
The details of my server are:
Could someone please help me locate the directory?
Thanks,
Raj
Hi @Raju_Rao,
If certbot isn’t in your path, maybe you were using certbot-auto instead? (certbot comes from an OS package which would normally put it in a directory that’s already in your path. certbot-auto comes from a manual download and you could have saved it in any directory of your choice.)
Maybe you could run locate certbot and/or history | grep certbot?
Thanks schoen. locate certbot shows
/etc/apt/sources.list.d/certbot-ubuntu-certbot-xenial.list
/etc/apt/sources.list.d/certbot-ubuntu-certbot-xenial.list.save
/etc/apt/trusted.gpg.d/certbot_ubuntu_certbot.gpg
/etc/apt/trusted.gpg.d/certbot_ubuntu_certbot.gpg~
/etc/cron.d/certbot
/etc/letsencrypt/csr/0000_csr-certbot.pem
/etc/systemd/system/certbot.timer
/etc/systemd/system/timers.target.wants/certbot.timer
/var/lib/apt/lists/ppa.launchpad.net_certbot_certbot_ubuntu_dists_xenial_InRelease
/var/lib/apt/lists/ppa.launchpad.net_certbot_certbot_ubuntu_dists_xenial_main_binary-amd64_Packages
/var/lib/apt/lists/ppa.launchpad.net_certbot_certbot_ubuntu_dists_xenial_main_i18n_Translation-en
/var/lib/dpkg/info/certbot.list
/var/lib/dpkg/info/certbot.postrm
/var/lib/systemd/deb-systemd-helper-enabled/certbot.timer.dsh-also
/var/lib/systemd/deb-systemd-helper-enabled/timers.target.wants/certbot.timer
/var/lib/systemd/deb-systemd-helper-masked/certbot.timer
/var/lib/systemd/timers/stamp-certbot.timer
Does this help in suggesting how I run the renew command? There does not seem to be directory. As mentioned I have setup dockers and do not remember using auto or download but only certbot --nginx.
The history | grep certbot command throws up:
1644 sudo certbot renew
1652 sudo certbot renew
1654 cd .certbot
1655 which certbot-auto
1656 which certbot
1657 sudo certbot renew --dry-run
1691 sudo certbot renew
1724 sudo certbot renew
1732 locate certbot
1733 history | grep certbot
Any suggestions? Thanks
Huh, it looks like you might have installed it and then uninstalled it for some reason. Could you try running a dpkg command to check into this?
dpkg -l certbot python-certbot letsencrypt python-letsencrypt
It shows:
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-==============-============-============-=================================
rc certbot 0.19.0-1+ubu all automatically configure HTTPS usi
un letsencrypt <none> <none> (no description available)
un python-certbot <none> <none> (no description available)
dpkg-query: no packages found matching python-letsencryptHuh! Well, if you installed Certbot with apt-get install certbot or something similar, maybe you could reinstall it the same way? (This doesn’t erase your existing certificates or their renewal configurations or anything.)
You mentioned Docker—maybe you used a particular Docker container image to obtain your certificate and so Certbot may not currently be installed on your server in the host environment? Maybe when you most recently used Certbot, it was inside a container?
(The rc does suggest that Certbot was once installed on the host system, but that it was subsequently removed. But that doesn’t show whether this copy of Certbot is the one you used to obtain your certificates.)
Here is what I did Schoen:
sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx
Followed by:
sudo certbot --nginxIt could be possible that I removed images because there was something funny going on with Dockers. It is my first time. And I found multiple images being created. And removed the images and ran docker build. 
Schoen: If I were to recreate the AWS server and setup the whole thing without dockers, how do I get certbot installed using my existing certificates? Is it an easy process or complicated? My server is currently beta and being tested for what we are doing. So no loss on recreating it … as long as it works. 
You can install Certbot from apt or with the certbot-auto auto-downloader. If you still have your files in /etc/letsencrypt and haven't deleted or renamed them, it will find them and use them for renewals.
So you are suggesting that I run the apt update commands and run renew. I have confirmed that the /etc/letsencrypt has all the requisite files. Just in case I wish to re-create the server and set up certbot again, is there any link or procedure listed on how to create a fresh server using existing archived letsencrypt directory or keys. I searched and found one community question but the process was not very clear. Many thanks
Schoen: I reinstalled certbot using apt update and this time it began the renewal process but gave the following error:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/hudddle.io.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for hudddle.io
tls-sni-01 challenge for www.hudddle.io
nginx: [error] invalid PID number "" in "/run/nginx.pid"
Cleaning up challenges
nginx: [error] invalid PID number "" in "/run/nginx.pid"
Encountered exception during recovery
nginx restart failed:
b''
b''
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 115, in _solve_challenges
resp = self.auth.perform(self.achalls)
File "/usr/lib/python3/dist-packages/certbot_nginx/configurator.py", line 865, in perform
self.restart()
File "/usr/lib/python3/dist-packages/certbot_nginx/configurator.py", line 680, in restart
nginx_restart(self.conf('ctl'), self.nginx_conf)
File "/usr/lib/python3/dist-packages/certbot_nginx/configurator.py", line 926, in nginx_restart
"nginx restart failed:\n%s\n%s" % (out.read(), err.read()))
certbot.errors.MisconfigurationError: nginx restart failed:
b''
b''
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/error_handler.py", line 100, in _call_registered
self.funcs[-1]()
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 284, in _cleanup_challenges
self.auth.cleanup(achalls)
File "/usr/lib/python3/dist-packages/certbot_nginx/configurator.py", line 884, in cleanup
self.restart()
File "/usr/lib/python3/dist-packages/certbot_nginx/configurator.py", line 680, in restart
nginx_restart(self.conf('ctl'), self.nginx_conf)
File "/usr/lib/python3/dist-packages/certbot_nginx/configurator.py", line 926, in nginx_restart
"nginx restart failed:\n%s\n%s" % (out.read(), err.read()))
certbot.errors.MisconfigurationError: nginx restart failed:
b''
b''
Attempting to renew cert (hudddle.io) from /etc/letsencrypt/renewal/hudddle.io.conf produced an unexpected error: nginx restart failed:
b''
b''. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/hudddle.io/fullchain.pem (failure)
-------------------------------------------------------------------------------
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/hudddle.io/fullchain.pem (failure)
-------------------------------------------------------------------------------
1 renew failure(s), 0 parse failure(s)
Any suggestions?
Oops, now my nginx is not starting 
have decided to reconfigure my server. Lesson learnt on dockers. . Thanks for the help
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.