Certbot nginx plugin could not open file

Question

Hello,

I have a simple personal website yohannparis.com that I want to make HTTPS.

I setup my Nginx server block following this tutorial:
https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-server-blocks-virtual-hosts-on-ubuntu-16-04

And I followed this tutorial to install Let’s Encrypt on my server block:
https://www.digitalocean.com/community/tutorials/how-to-set-up-let-s-encrypt-with-nginx-server-blocks-on-ubuntu-16-04

Everything worked like a charm, up to Step 4 where the following command:

sudo certbot --nginx -d yohannparis.com -d www.yohannparis.com

return this:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Could not open file: /etc/nginx/sites-enabled/yohannparis.com
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for yohannparis.com
tls-sni-01 challenge for www.yohannparis.com
Cleaning up challenges
Could not open file: /etc/nginx/sites-enabled/yohannparis.com
Cannot find a VirtualHost matching domain yohannparis.com. In order for Certbot to correctly perform the challenge please add a corresponding server_name directive to your nginx configuration: https://nginx.org/en/docs/http/server_names.html

I checked the permissions on my server block file in /etc/nginx/ but it all look good:

.
├── [drwxr-xr-x]  conf.d
[...]
├── [drwxr-xr-x]  sites-available
│   ├── [-rw-r--r--]  default
│   └── [-rw-r--r--]  yohannparis.com
├── [drwxr-xr-x]  sites-enabled
│   └── [lrwxrwxrwx]  yohannparis.com -> sites-available/yohannparis.com
[...]

I tried to access the log on /var/log/letsencrypt, but it wasn’t helpful:

2017-11-29 21:03:32,206:DEBUG:certbot.error_handler:Calling registered functions
2017-11-29 21:03:32,206:INFO:certbot.auth_handler:Cleaning up challenges
2017-11-29 21:03:32,478:WARNING:certbot_nginx.parser:Could not open file: /etc/nginx/sites-enabled/yohannparis.com
2017-11-29 21:03:33,529:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.19.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 861, in main
    return config.func(config, plugins)
  File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 698, in run
    certname, lineage)
  File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 85, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/usr/lib/python2.7/dist-packages/certbot/client.py", line 357, in obtain_and_enroll_certificate
    certr, chain, key, _ = self.obtain_certificate(domains)
  File "/usr/lib/python2.7/dist-packages/certbot/client.py", line 318, in obtain_certificate
    self.config.allow_subset_of_names)
  File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 74, in get_authorizations
    resp = self._solve_challenges()
  File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 115, in _solve_challenges
    resp = self.auth.perform(self.achalls)
  File "/usr/lib/python2.7/dist-packages/certbot_nginx/configurator.py", line 767, in perform
    sni_response = chall_doer.perform()
  File "/usr/lib/python2.7/dist-packages/certbot_nginx/tls_sni_01.py", line 55, in perform
    vhost = self.configurator.choose_vhost(achall.domain)
  File "/usr/lib/python2.7/dist-packages/certbot_nginx/configurator.py", line 242, in choose_vhost
    "https://nginx.org/en/docs/http/server_names.html") % (target_name))
MisconfigurationError: Cannot find a VirtualHost matching domain yohannparis.com. In order for Certbot to correctly perform the challenge please add a corresponding server_name directive to your nginx configuration: https://nginx.org/en/docs/http/server_names.html

I changed my server block file permissions to 777, but to no effect!

Where can I found a solution to this issue?

Thank you for your help.
Yohann Paris

Answer 1

naderabbara February 22, 2018

Hey all,

I also had this problem but this ended up working for me:

It has to do with broken symlinks in /sites-enabled. A symlink may break for different reasons, in this case, nginx can still follow the link, but certbot cannot. Why? I don’t know tbh.

To fix, I simply removed the symlink and created a new one.

If you list the directory you can typically spot a broken symlink with red text and a black background, and a working symlink with blue text:

naderabbara@server:/etc/nginx/sites-enabled$ ls
brokensymlink    workingsymlink

I removed the broken symlink and created a new one:

sudo rm <broken symlink>
sudo ln -s path/to/nginx/conf nginx-conf

Hope it’s this simple for you.

Reply Report

Yohann February 27, 2018

Thanks for the report.
Indeed, my symlink where red, and once I recreated them things started to work well.

Unfortunately, now there is something not going well. Apparently a test done by certbot is not accepted by Let’s encrypt on version prior to 0.21.0.

Even after updating apt-get I’m stuck in version 0.19.0, so I need to wait for the fixed version to be available on the packet manager.
Reply Report
- naderabbara March 13, 2018
  
  I also had this problem. You could uninstall certbot and reinstall it and it may work, or you can force upgrade packages individually by running apt list --upgradable and then apt-get install <package>. That didn’t work for me.
  
  Alternatively, you can run the apt-get distro-upgrade command, and this will upgrade every package that has an available upgrade. However you should be wary this might destabilize your setup. I didn’t have anything serious on my droplet and it was backed up, so I went ahead and did this and it worked well.
  
  Good luck!
  
  Reply Report
  
  Yohann March 13, 2018
  
  Thank @naderabbara.
  
  That’s eventually what I have done, and I now have certbot 0.21.1 and solve my issue.
  
  Reply Report

Answer 2

Yohann February 27, 2018

Thanks for the report.
Indeed, my symlink where red, and once I recreated them things started to work well.

Unfortunately, now there is something not going well. Apparently a test done by certbot is not accepted by Let’s encrypt on version prior to 0.21.0.

Even after updating apt-get I’m stuck in version 0.19.0, so I need to wait for the fixed version to be available on the packet manager.
Reply Report
- naderabbara March 13, 2018
  
  I also had this problem. You could uninstall certbot and reinstall it and it may work, or you can force upgrade packages individually by running apt list --upgradable and then apt-get install <package>. That didn’t work for me.
  
  Alternatively, you can run the apt-get distro-upgrade command, and this will upgrade every package that has an available upgrade. However you should be wary this might destabilize your setup. I didn’t have anything serious on my droplet and it was backed up, so I went ahead and did this and it worked well.
  
  Good luck!
  
  Reply Report
  
  Yohann March 13, 2018
  
  Thank @naderabbara.
  
  That’s eventually what I have done, and I now have certbot 0.21.1 and solve my issue.
  
  Reply Report

Related

Question

Certbot nginx plugin could not open file

Related

Leave a comment

Looking for something else?

Sign up for our newsletter

Related

Question

Certbot nginx plugin could not open file

Related

Leave a comment

Related

question

letsencrypt invalid SSL Cert

question

Letsencrypt on Ubuntu 16.04/Nginx

question

Why my site which uses "Let's Encrypt" is marked as "not safe" by Chrome?

question

Secure with Let's Encrypt using Server Blocks

Looking for something else?