I ran into an issue where EasyEngine was telling me that my LetsEncrypt certificate was valid, but browsers were reporting it expired. EasyEngine wouldn’t renew it because it was valid for more than 30 days.
Following some recommendations on this forum, I decided to try to remove LetsEncrypt and re-enable it using:
sudo ee site update themeofthecrop.com --letsencrypt=off
Then re-enable it using:
sudo ee site update themeofthecrop.com --letsencrypt
The certificate issue seems to go smoothly, however, nginx fails to reload (note, I chose option 2
below, but have tried 1
, 2
, and 3
as well):
crop@themeofthecrop-ubuntu-2gb-nyc3-01:~$ sudo ee site update themeofthecrop.com --letsencrypt
Letsencrypt is currently in beta phase.
Do you wish to enable SSl now for themeofthecrop.com?
Type "y" to continue [n]:y
You already have an existing certificate for the domain requested.
(ref: /etc/letsencrypt/renewal/themeofthecrop.com.conf)
Please select an option from below?
1: Reinstall existing certificate
2: Keep the existing certificate for now
3: Renew & replace the certificate (limit ~5 per 7 days)
Type the appropriate number [1-3] or any other key to cancel: 2
Using Existing Certificate files
Let's Encrypt successfully setup for your site
Your certificate and chain have been saved at /etc/letsencrypt/live/themeofthecrop.com/fullchain.pem
Configuring Nginx SSL configuration
Adding /var/www/themeofthecrop.com/conf/nginx/ssl.conf
Adding /etc/nginx/conf.d/force-ssl-themeofthecrop.com.conf
Added HTTPS Force Redirection for Site http://themeofthecrop.com
Creating Cron Job for cert auto-renewal
Reload : nginx [Failed]
service nginx reload failed. check issues with `nginx -t` command
Running nginx -t
shows me a permissions error, however, running with sudo
the tests pass fine:
crop@themeofthecrop-ubuntu-2gb-nyc3-01:~$ nginx -t
nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (13: Permission denied)
2018/03/05 06:30:26 [warn] 24669#0: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:1
2018/03/05 06:30:26 [emerg] 24669#0: BIO_new_file("/etc/letsencrypt/live/themeofthecrop.com/fullchain.pem") failed (SSL: error:0200100D:system library:fopen:Permission denied:fopen('/etc/letsencrypt/live/themeofthecrop.com/fullchain.pem','r') error:2006D002:BIO routines:BIO_new_file:system lib)
nginx: configuration file /etc/nginx/nginx.conf test failed
crop@themeofthecrop-ubuntu-2gb-nyc3-01:~$ sudo !!
sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
When I look at /var/log/ee/ee.log
, I see this entry which looks to be related to the reload process:
reload: Job is not running: nginx
2018-03-05 06:30:16,888 (INFO) ee : [Failed]
2018-03-05 06:30:16,889 (ERROR) ee : service nginx reload failed. check issues with `nginx -t` command
I have tried manually restarting nginx
with sudo service nginx restart
and it works fine. When I check the site info, it reports SSL is disabled:
crop@themeofthecrop-ubuntu-2gb-nyc3-01:~$ sudo ee site info themeofthecrop.com
Information about themeofthecrop.com:
Nginx configuration wp basic (enabled)
PHP Version 5.6
HHVM disabled
SSL disabled
I’ve spent a while now reading entries in this forum and elsewhere and trying to sort through it, but I’m running out of ideas. Can anyone spot where I might be going wrong here?
Thanks.