Try ERPNext Buy Support Partners Foundation

Bench lets-encrypt setup failing

Whenever I run the following command - it shows that it works, however ssl cert files are never created, which breaks my nginx config.

sudo -H bench setup lets-encrypt erp.mysite.com

Have you checked the log files? What was the “success” message running the command?

What I normally do is:
sudo -H bench setup lets-encrypt erp.mysite.com --custom-domain erp.mysite.com

virtualenv: error: unrecognized arguments: --no-site-packages
Traceback (most recent call last):
File “”, line 27, in
File “”, line 19, in create_venv
File “/usr/lib/python2.7/subprocess.py”, line 190, in check_call
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command ‘[‘virtualenv’, ‘–no-site-packages’, ‘–python’, ‘/usr/bin/python2.7’, ‘/opt/eff.org/certbot/venv’]’ returned non-zero exit status 2

1 Like

This is what I think is causing the problem I believe. When I follow all the prompts, it does everything except create the pem files in /etc/letsencrypt, so the file references in the nginx.conf file are no longer valid

same problem with me

Has anyone found a solution to this problem?

Hello

The problems comes because lets encrypt is no longer supporting certbot-auto, there is problem in setting up the environment .
This will try to configure the environment for certbot-auto to run.
sudo -H bench setup lets-encrypt erp.mysite.com --custom-domain erp.mysite.com

The nginx config files will be modified but the cert will not be created
See: https://github.com/frappe/bench/issues/1073

For now i have found two workarounds:

  1. run this command: USE_PYTHON_3=1 /opt/certbot-auto
    This will install the certbot-auto environment, and then you can request to create the cert…

  2. Follow the certbot installation instructions:
    https://certbot.eff.org/lets-encrypt/ubuntufocal-other
    For ubuntu:
    Stop the nginx service: sudo service nginx stop
    Install cerbot: sudo snap install --classic certbot
    Generate cert: sudo certbot certonly --standalone

In both steps the cert will be created in the same dir /etc/letsencrypt/…
Which is the same dir is configured when running
sudo -H bench setup lets-encrypt

So then you only need to do:
sudo service nginx start
sudo service nginx reload