Weird behaviour of letsencrypt after domain change

UHLHosting · April 10, 2022, 1:20pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: meet.musashi.ninja -old meet.uhlhosting.ch

I ran this command:

root@meet:/etc/nginx# letsencrypt certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: meet.uhlhosting.ch
    Domains: meet.uhlhosting.ch
    Expiry Date: 2022-06-25 02:00:17+00:00 (VALID: 75 days)
    Certificate Path: /etc/letsencrypt/live/meet.uhlhosting.ch/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/meet.uhlhosting.ch/privkey.pem

root@meet:/etc/nginx# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: meet.uhlhosting.ch
    Domains: meet.uhlhosting.ch
    Expiry Date: 2022-06-25 02:00:17+00:00 (VALID: 75 days)
    Certificate Path: /etc/letsencrypt/live/meet.uhlhosting.ch/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/meet.uhlhosting.ch/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

It produced this output:

My web server is (include version): nginx version: nginx/1.18.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 20.04.4 LTS \n \l

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.40.0

The issue is that no matter what command I tried, it told me the plugin is not installed. Yet the certificates gets renewed without issues on old server meet.uhlhosting.ch , this is a clone with replaced ip and hostname.

root@meet:/etc/nginx# letsencrypt --nginx -d meet.musashi.ninja
Saving debug log to /var/log/letsencrypt/letsencrypt.log
The requested nginx plugin does not appear to be installed
root@meet:/etc/nginx#

How does the certificate gets renewed in nginx, when it tells me the plugin is not there? And how to remediate?

MikeMcQ · April 10, 2022, 1:44pm

Welcome to the community @UHLHosting

With your ubuntu system you should be using the snap install for certbot. The nginx plug-in is included in it.

Osiris · April 10, 2022, 2:27pm

UHLHosting:

The issue is that no matter what command I tried, it told me the plugin is not installed. Yet the certificates gets renewed without issues on old server meet.uhlhosting.ch , this is a clone with replaced ip and hostname.

Maybe your previous certificate wasn't issued using the nginx plugin.

rg305 · April 10, 2022, 2:58pm

Interesting...
Please show:

letsencrypt --version
which letsencrypt

JimPas · April 11, 2022, 5:12pm

I see he got his cert for his new domain early yesterday afternoon - about 5 hours after @rg305's post - but it's only for his subdomain and not the apex.

system · May 11, 2022, 5:13pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.