Почему Certbot не находит плагин под NGINX?

Question

[ymenaidtopa]

Выполняю команду: sudo certbot --nginx

Выдает:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
The requested nginx plugin does not appear to be installed

Статус NGINX:

systemctl status nginx.service
● nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2023-01-04 12:44:03 EST; 2s ago
  Process: 2553 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
  Process: 2550 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
 Main PID: 2554 (nginx)
   CGroup: /system.slice/nginx.service
           ├─2554 nginx: master process /usr/sbin/nginx -g daemon on; master_process on
           ├─2555 nginx: worker process                           
           └─2556 nginx: worker process                           

Jan 04 12:44:03 vm2101602 systemd[1]: Starting A high performance web server and a reverse proxy server...
Jan 04 12:44:03 vm2101602 systemd[1]: Started A high performance web server and a reverse proxy server.

Логи /var/log/letsencrypt/letsencrypt.log:

2023-01-04 12:43:19,666:DEBUG:certbot.main:certbot version: 0.27.0
2023-01-04 12:43:19,667:DEBUG:certbot.main:Arguments: ['--nginx']
2023-01-04 12:43:19,667:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2023-01-04 12:43:19,682:DEBUG:certbot.log:Root logging level set at 20
2023-01-04 12:43:19,683:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2023-01-04 12:43:19,684:DEBUG:certbot.plugins.selection:Requested authenticator nginx and installer nginx
2023-01-04 12:43:19,685:DEBUG:certbot.plugins.selection:No candidate plugin
2023-01-04 12:43:19,685:DEBUG:certbot.plugins.selection:Selected authenticator None and installer None
2023-01-04 12:44:44,471:DEBUG:certbot.main:certbot version: 0.27.0
2023-01-04 12:44:44,472:DEBUG:certbot.main:Arguments: ['--nginx']
2023-01-04 12:44:44,472:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2023-01-04 12:44:44,485:DEBUG:certbot.log:Root logging level set at 20
2023-01-04 12:44:44,485:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2023-01-04 12:44:44,486:DEBUG:certbot.plugins.selection:Requested authenticator nginx and installer nginx
2023-01-04 12:44:44,486:DEBUG:certbot.plugins.selection:No candidate plugin
2023-01-04 12:44:44,486:DEBUG:certbot.plugins.selection:Selected authenticator None and installer None
2023-01-04 12:46:21,155:DEBUG:certbot.main:certbot version: 0.27.0
2023-01-04 12:46:21,156:DEBUG:certbot.main:Arguments: ['--nginx']
2023-01-04 12:46:21,156:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2023-01-04 12:46:21,170:DEBUG:certbot.log:Root logging level set at 20
2023-01-04 12:46:21,171:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2023-01-04 12:46:21,171:DEBUG:certbot.plugins.selection:Requested authenticator nginx and installer nginx
2023-01-04 12:46:21,172:DEBUG:certbot.plugins.selection:No candidate plugin
2023-01-04 12:46:21,172:DEBUG:certbot.plugins.selection:No candidate plugin
2023-01-04 12:46:21,172:DEBUG:certbot.plugins.selection:Selected authenticator None and installer None
2023-01-04 12:46:21,172:INFO:certbot.main:Could not choose appropriate plugin: The requested nginx plugin does not appear to be installed
2023-01-04 12:46:21,173:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 9, in <module>
    load_entry_point('certbot==0.27.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 1364, in main
    return config.func(config, plugins)
  File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 1233, in certonly
    installer, auth = plug_sel.choose_configurator_plugins(config, plugins, "certonly")
  File "/usr/lib/python2.7/dist-packages/certbot/plugins/selection.py", line 237, in choose_configurator_plugins
    diagnose_configurator_problem("authenticator", req_auth, plugins)
  File "/usr/lib/python2.7/dist-packages/certbot/plugins/selection.py", line 341, in diagnose_configurator_problem
    raise errors.PluginSelectionError(msg)
PluginSelectionError: The requested nginx plugin does not appear to be installed
2023-01-04 12:46:50,641:DEBUG:certbot.main:certbot version: 0.27.0
2023-01-04 12:46:50,642:DEBUG:certbot.main:Arguments: ['--nginx']
2023-01-04 12:46:50,642:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2023-01-04 12:46:50,655:DEBUG:certbot.log:Root logging level set at 20
2023-01-04 12:46:50,656:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2023-01-04 12:46:50,657:DEBUG:certbot.plugins.selection:Requested authenticator nginx and installer nginx
2023-01-04 12:46:50,657:DEBUG:certbot.plugins.selection:No candidate plugin
2023-01-04 12:46:50,657:DEBUG:certbot.plugins.selection:Selected authenticator None and installer None

Comments

[Сергей Соколов]

как устанавливали cerbot ?
Вот инструкция

[ymenaidtopa]

Сергей Соколов, через apt-get, snap отказывается работать на сервере

[Сергей Соколов]

ymenaidtopa, есть пара альтернатив, из которых лучшая – Docker.

Через apt-get установилось что-то очень старое.

[ymenaidtopa]

Сергей Соколов, есть инструкция по установке?

Answer 1

[Valentin Barbolin]

В 16.04 нет пакета python-certbot-nginx поэтому все делаем руками.

## Ставим CertBot
sudo apt-get install certbot

## Создаем папку
sudo mkdir -p /var/www/cert_bot/.well-known/acme-challenge
sudo chown -R www-data:www-data /var/www/cert_bot

## Создаем базовый конфиг в /etc/nginx/site-enable/default 
server {
          listen  80;
          
          server_name  _;
        root /var/www/cert_bot;

        location /.well-known/acme-challenge/ {
                access_log off;
                default_type "text/plain";
        }
        location / {
                return 301 https://$server_name$request_uri;
                }
}

## Пробуем запросить сертификат
sudo certbot certonly --dry-run--webroot --agree-tos --email hostmaster@domain.com -w /var/www/cert_bot/ -d domain.com 

## Если все ок, заправиваем без --dry-run
sudo certbot certonly --webroot --agree-tos --email hostmaster@domain.com -w /var/www/cert_bot/ -d domain.com 

## Добавляем конфиг с SSL /etc/nginx/site-enable/domain-ssl
server {
        listen   443 ssl;
       
        server_name domain.com;
        

        ssl                  on;
        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/domain.com/privkey.pem;
        #ssl_dhparam /etc/nginx/dhparam.pem;

        root /var/www/html
}

## Добавляем в крон автообновление сертификата 
sudo crontab -e -u root
0 0 10,25 * * certbot renew

Answer 2

[Александр Карабанов]

apt install python3-certbot-nginx

Comments

[ymenaidtopa]

ошибку дает, не находит пакет

[Valentin Barbolin]

ymenaidtopa,
> ошибку дает, не находит пакет
Это уже второй вопрос

https://www.nginx.com/blog/using-free-ssltls-certi...

[ymenaidtopa]

Andrey Barbolin, apt-get install python-certbot-nginx
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package python-certbot-nginx is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source

E: Package 'python-certbot-nginx' has no installation candidate

[Valentin Barbolin]

ymenaidtopa, Наверное что-то с sources.list

показывай
lsb_release -a
cat /etc/apt/sources.list

[ymenaidtopa]

Andrey Barbolin, lsb_release -a

o LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.1 LTS
Release:        16.04
Codename:       xenial

cat /etc/apt/sources.list

deb http://archive.ubuntu.com/ubuntu xenial main restricted universe
deb http://archive.ubuntu.com/ubuntu xenial-updates main restricted universe
deb http://security.ubuntu.com/ubuntu xenial-security main restricted universe multiverse
deb http://archive.canonical.com/ubuntu xenial partner

[Valentin Barbolin]

ymenaidtopa, Попробуй этот список
https://gist.github.com/frodoslaw/af78ccc3289a5a18...

apt-get update
apt-get install python-certbot-nginx

[ymenaidtopa]

Andrey Barbolin, список обновил, все равно

root@vm2101602:~# apt-get update
Hit:1 http://archive.canonical.com/ubuntu xenial InRelease                                                               
Hit:2 http://archive.ubuntu.com/ubuntu xenial InRelease                                                            
Get:3 http://archive.ubuntu.com/ubuntu xenial-updates InRelease [99.8 kB]
Get:4 http://archive.ubuntu.com/ubuntu xenial-security InRelease [99.8 kB]
Get:5 http://archive.ubuntu.com/ubuntu xenial-backports InRelease [97.4 kB]
Get:6 http://archive.ubuntu.com/ubuntu xenial/multiverse amd64 Packages [144 kB]
Get:7 http://archive.ubuntu.com/ubuntu xenial/multiverse Translation-en [106 kB]
Get:8 http://archive.ubuntu.com/ubuntu xenial-updates/multiverse amd64 Packages [22.6 kB] 
Get:9 http://archive.ubuntu.com/ubuntu xenial-updates/multiverse Translation-en [8476 B]
Get:10 http://archive.ubuntu.com/ubuntu xenial-security/main amd64 Packages [1648 kB]
Get:11 http://archive.ubuntu.com/ubuntu xenial-security/main Translation-en [360 kB]
Get:12 http://archive.ubuntu.com/ubuntu xenial-security/restricted amd64 Packages [9824 B]
Get:13 http://archive.ubuntu.com/ubuntu xenial-security/restricted Translation-en [2152 B]
Get:14 http://archive.ubuntu.com/ubuntu xenial-security/universe amd64 Packages [785 kB]
Get:15 http://archive.ubuntu.com/ubuntu xenial-security/universe Translation-en [225 kB]
Get:16 http://archive.ubuntu.com/ubuntu xenial-security/multiverse amd64 Packages [7864 B]
Get:17 http://archive.ubuntu.com/ubuntu xenial-security/multiverse Translation-en [2672 B]
Get:18 http://archive.ubuntu.com/ubuntu xenial-backports/main amd64 Packages [9812 B]
Get:19 http://archive.ubuntu.com/ubuntu xenial-backports/main Translation-en [4456 B]
Get:20 http://archive.ubuntu.com/ubuntu xenial-backports/universe amd64 Packages [11.3 kB]
Get:21 http://archive.ubuntu.com/ubuntu xenial-backports/universe Translation-en [4476 B]
Fetched 3650 kB in 8s (420 kB/s)                             
Reading package lists... Done
root@vm2101602:~# apt-get install python-certbot-nginx 
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Package python-certbot-nginx is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source

E: Package 'python-certbot-nginx' has no installation candidate
root@vm2101602:~#

[Valentin Barbolin]

ymenaidtopa,
https://www.digitalocean.com/community/tutorials/h...

[ymenaidtopa]

Andrey Barbolin,

root@vm2101602:~# sudo add-apt-repository ppa:certbot/certbot
Cannot add PPA: 'ppa:~certbot/ubuntu/certbot'.
ERROR: '~certbot' user or team does not exist.

[Valentin Barbolin]

ymenaidtopa, Я поздравляю тебя с устаревшей системой.
https://eff-certbot.readthedocs.io/en/stable/insta...

[ymenaidtopa]

Andrey Barbolin, что там мне искать (не бей за тупость)?

[Valentin Barbolin]

ymenaidtopa, Пробовать-выбирать варианты которые там описаны (doker, pip).
Кстати python-certbot-nginx это всего лишь набор скриптов, который останавливает nginx сам начинает слушать 80 порт, потом снова его запускает.

Сам certbot у тебя установился? Тогда можно через nginx запросить сертификат самому.

## Install CertBot
sudo apt-get install certbot

## Make www dir
sudo mkdir -p /var/www/cert_bot/.well-known/acme-challenge
sudo chown -R www-data:www-data /var/www/cert_bot

## Fix nging config 
server {
          listen  80;
          
          server_name  domain.com;
        root /var/www/cert_bot;

        location /.well-known/acme-challenge/ {
                access_log off;
                default_type "text/plain";
        }
        location / {
                return 301 https://$server_name$request_uri;
                }
}

## Request cert
sudo certbot certonly --webroot --agree-tos --email hostmaster@domain.com -w /var/www/cert_bot/ -d domain.com 

## Add ssl to nging config
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;

## Add to cron for auto renew
0 0 10,25 * * certbot renew

[ymenaidtopa]

Andrey Barbolin, certbot да, через apt-get установился

[ymenaidtopa]

Andrey Barbolin, а где найти конфиг nginx?

[Valentin Barbolin]

ymenaidtopa, /etc/nginx/site-enable/domain.com

domain.com - это твой домен, может быть и другое название файла.

[ymenaidtopa]

Andrey Barbolin, есть файл default, изменять его, или создавай файл с моим доменом?

[Valentin Barbolin]

ymenaidtopa, Скопируй сюда default я покажу что поправить

[ymenaidtopa]

Andrey Barbolin,

##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
	listen 80 default_server;
	listen [::]:80 default_server;

	# SSL configuration
	#
	# listen 443 ssl default_server;
	# listen [::]:443 ssl default_server;
	#
	# Note: You should disable gzip for SSL traffic.
	# See: https://bugs.debian.org/773332
	#
	# Read up on ssl_ciphers to ensure a secure configuration.
	# See: https://bugs.debian.org/765782
	#
	# Self signed certs generated by the ssl-cert package
	# Don't use them in a production server!
	#
	# include snippets/snakeoil.conf;

	root /var/www/html;

	# Add index.php to the list if you are using PHP
	index index.html index.htm index.nginx-debian.html;

	server_name _;

	location / {
		# First attempt to serve request as file, then
		# as directory, then fall back to displaying a 404.
		try_files $uri $uri/ =404;
	}

	# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
	#
	#location ~ \.php$ {
	#	include snippets/fastcgi-php.conf;
	#
	#	# With php7.0-cgi alone:
	#	fastcgi_pass 127.0.0.1:9000;
	#	# With php7.0-fpm:
	#	fastcgi_pass unix:/run/php/php7.0-fpm.sock;
	#}

	# deny access to .htaccess files, if Apache's document root
	# concurs with nginx's one
	#
	#location ~ /\.ht {
	#	deny all;
	#}
}


# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
#	listen 80;
#	listen [::]:80;
#
#	server_name example.com;
#
#	root /var/www/example.com;
#	index index.html;
#
#	location / {
#		try_files $uri $uri/ =404;
#	}
#}

[Valentin Barbolin]

Все удали, оставь только это, перезапусти nginx и попробуй получить сертификат.

server {
          listen  80 default_server;
          
          server_name  _;
        root /var/www/cert_bot;

        location /.well-known/acme-challenge/ {
                access_log off;
                default_type "text/plain";
        }
        location / {
                return 301 https://$server_name$request_uri;
                }
}

Папки надо сделать.
## Make www dir
sudo mkdir -p /var/www/cert_bot/.well-known/acme-challenge
sudo chown -R www-data:www-data /var/www/cert_bot

Сначала попробуй запросить сертификат с ключем --dry-run, он проверяем все ли правильно настроено т.к. если будешь задрачивать запросами, то могут забанить
sudo certbot certonly --dry-run --webroot --agree-tos --email hostmaster@domain.com -w /var/www/cert_bot/ -d domain.com

Если все ОК - запроси сертификат
sudo certbot certonly --webroot --agree-tos --email hostmaster@domain.com -w /var/www/cert_bot/ -d domain.com

[ymenaidtopa]

Andrey Barbolin, о как, опять какие-то ошибки :/

root@vm2101602:~# sudo certbot certonly --dry-run --webroot --agree-tos --email givenmudus23@gmail.com -w /var/www/cert_bot/ -d vk-king-games.ru
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
An unexpected error occurred:
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
Please see the logfiles in /var/log/letsencrypt for more details.

[Valentin Barbolin]

ymenaidtopa,
> SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
Наверное устарели руты на системе, еще раз привет старой ОС.

Попробуй обновить пакет ca-certificates
apt-get install ca-certificates

[ymenaidtopa]

Andrey Barbolin, с каждым разом все страшнее, и страшнее

E: Could not get lock /var/lib/dpkg/lock-frontend - open (11: Resource temporarily unavailable)
E: Unable to acquire the dpkg frontend lock (/var/lib/dpkg/lock-frontend), is another process using it?

[Valentin Barbolin]

ymenaidtopa, У тебя скорее всего автообновление настроено и как раз сейчас идет процесс обновления какого-то ПО. Можешь подождать и попробовать позже.

Или посмотреть через процессы когда закончиться
ps aux | grep dpkg

[Valentin Barbolin]

ymenaidtopa, Надеюсь ты от root запускал?
sudo apt-get install ca-certificates

[ymenaidtopa]

Andrey Barbolin, да, но там нужно было перезагрузить, путем sudo reboot, это уже в гугле нашел.

вот что дала команда

sudo certbot certonly --dry-run --webroot --agree-tos --email givenmudus23@gmail.com -w /var/www/cert_bot/ -d vk-king-games.ru

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for vk-king-games.ru
Using the webroot path /var/www/cert_bot for all unmatched domains.
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - The dry run was successful.
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.

[Valentin Barbolin]

ymenaidtopa,
> The dry run was successful.
Все круто, пробуй без --dry-run

[ymenaidtopa]

Andrey Barbolin, вроде все получилось, но какая-то фигня, перехожу на vk-king-games.ru , перенаправляет на https://_, а если перейти по vk-king-games.ru , то откроется сайт , и пишет, что соединение не защищено

кстати, вот что сказала консоль

root@vm2101602:~# sudo certbot certonly --webroot --agree-tos --email givenmudus23@gmail.com -w /var/www/cert_bot/ -d vk-king-games.ru
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
Starting new HTTPS connection (1): supporters.eff.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for vk-king-games.ru
Using the webroot path /var/www/cert_bot for all unmatched domains.
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/vk-king-games.ru/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/vk-king-games.ru/privkey.pem
   Your cert will expire on 2023-04-05. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

[Valentin Barbolin]

ymenaidtopa, У тебя ж нет пакета python-certbot-nginx которы все автоматизирует, соответственно все надо делать руками.

Теперь надо поправить конфиг nginx и добавить в него сертификаты.
Попробуй так

server {
          listen  80 default_server;
          
          server_name  _;
        root /var/www/cert_bot;

        location /.well-known/acme-challenge/ {
                access_log off;
                default_type "text/plain";
        }
        location / {
                return 301 https://$server_name$request_uri;
                }
}

server {
        listen   443 ssl;
       
        server_name vk-king-games.ru;
        

        ssl                  on;
        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_certificate /etc/letsencrypt/live/vk-king-games.ru/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/vk-king-games.ru/privkey.pem;
        #ssl_dhparam /etc/nginx/dhparam.pem;

        root /var/www/html
}

[ymenaidtopa]

Andrey Barbolin,

root@vm2101602:~# systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: en
   Active: failed (Result: exit-code) since Thu 2023-01-05 07:24:35 EST; 17s ago
  Process: 7691 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 -
  Process: 7685 ExecReload=/usr/sbin/nginx -g daemon on; master_process on; -s r
  Process: 280 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=
  Process: 7721 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process 
 Main PID: 297 (code=exited, status=0/SUCCESS)

Jan 05 07:24:35 vm2101602 systemd[1]: Starting A high performance web server and
Jan 05 07:24:35 vm2101602 nginx[7721]: nginx: [emerg] open() "/etc/nginx/ssl.con
Jan 05 07:24:35 vm2101602 nginx[7721]: nginx: configuration file /etc/nginx/ngin
Jan 05 07:24:35 vm2101602 systemd[1]: nginx.service: Control process exited, cod
Jan 05 07:24:35 vm2101602 systemd[1]: Failed to start A high performance web ser
Jan 05 07:24:35 vm2101602 systemd[1]: nginx.service: Unit entered failed state.
Jan 05 07:24:35 vm2101602 systemd[1]: nginx.service: Failed with result 'exit-co
lines 1-16/16 (END)

[Valentin Barbolin]

ymenaidtopa, Не видно ошибку, самое интересное не поместилось на экран.
покажи вывод

sudo nginx -T

[Valentin Barbolin]

ymenaidtopa, Я тут ";" забыл добавить
ssl_certificate /etc/letsencrypt/live/vk-king-games.ru/fullchain.pem;

[ymenaidtopa]

Andrey Barbolin,

root@vm2101602:~# sudo nginx -T 
nginx: [emerg] open() "/etc/nginx/ssl.conf" failed (2: No such file or directory) in /etc/nginx/sites-enabled/default:25
nginx: configuration file /etc/nginx/nginx.conf test failed

[Valentin Barbolin]

ymenaidtopa, Закоментируй строку include ssl.conf;

[ymenaidtopa]

Andrey Barbolin, работает! спасибо Тебе, дорогой Человек!

[Valentin Barbolin]

ymenaidtopa, Отлично, оформил как ответ, поставь галочку.

Answer 3

[ky0]

Почему Certbot не находит плагин под NGINX?

Потому что актуальная версия Убунты - 22, а у вас 16. Обновитесь.

Comments

[ymenaidtopa]

не подходит для сервера, даже через хостинг-провайдера , говорят не будет работает

[ky0]

ymenaidtopa, что не подходит? 22-ая Убунта отлично подходит для сервера.

[ymenaidtopa]

ky0, я её ставлю и сервер не работает, написал об этом в ТП, там сказали, что для их серверов 16 бубунта - максимум

[Александр Карабанов]

ymenaidtopa, глупости

[ymenaidtopa]

Александр Карабанов, согласен, но по другому никак

кстати, поможете, пожалуйста, с очередной ошибкой

root@vm2101602:~# sudo certbot certonly --dry-run --webroot --agree-tos --email givenmudus23@gmail.com -w /var/www/cert_bot/ -d vk-king-games.ru
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
An unexpected error occurred:
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
Please see the logfiles in /var/log/letsencrypt for more details.