starred/modoboa-modoboa

Fork 0

mirror of https://github.com/modoboa/modoboa.git synced 2026-04-26 09:26:00 +03:00

[GH-ISSUE #1546] Ubuntu 18.04 - letsencrypt renew - nginx restart fail #1218

New issue

Closed

opened 2026-02-27 11:15:55 +03:00 by kerem · 5 comments

kerem commented

2026-02-27 11:15:55 +03:00

Owner

Originally created by @InToSSH on GitHub (Jul 31, 2018).
Original GitHub issue: https://github.com/modoboa/modoboa/issues/1546

Impacted versions

Modoboa: 1.10.6
installer used: Yes
Webserver: Nginx

Steps to reproduce

Manually run cron task created by installer in /etc/cron.d/letsencrypt

Current behavior

Fails to restart nginx on renewal giving this error:
nginx: [error] invalid PID number "" in "/run/nginx.pid"

I was digging around for a bit and found the problem and solution.
Problem is that the cron task contains pre and post-hook with nginx restart,
but also in the /etc/letsencrypt/renewal/<cert_name>.conf there is a pre and post hook specified. So it tries to stop the nginx twice, giving the error that pid file does not exist.
I fixed it by removing the nginx stop/start from the cron task, and removing pre_hook in the config file for nginx stop, and added nginx restart to post_hook in the config file. So the nginx is running for the letsencrypt verification but gets restarted after the renewal and only once.

Originally created by @InToSSH on GitHub (Jul 31, 2018). Original GitHub issue: https://github.com/modoboa/modoboa/issues/1546 # Impacted versions * Modoboa: 1.10.6 * installer used: Yes * Webserver: Nginx # Steps to reproduce Manually run cron task created by installer in /etc/cron.d/letsencrypt # Current behavior Fails to restart nginx on renewal giving this error: `nginx: [error] invalid PID number "" in "/run/nginx.pid"` I was digging around for a bit and found the problem and solution. Problem is that the cron task contains pre and post-hook with nginx restart, but also in the /etc/letsencrypt/renewal/<cert_name>.conf there is a pre and post hook specified. So it tries to stop the nginx twice, giving the error that pid file does not exist. I fixed it by removing the nginx stop/start from the cron task, and removing pre_hook in the config file for nginx stop, and added nginx restart to post_hook in the config file. So the nginx is running for the letsencrypt verification but gets restarted after the renewal and only once.

kerem

2026-02-27 11:15:55 +03:00

closed this issue
added the
feedback-needed
label

kerem commented

2026-02-27 11:15:55 +03:00

Author

Owner

@vac commented on GitHub (Aug 30, 2018):

I have the same issue. Clean Ubuntu 18.04 Server installation.

@InToSSH: thanks for sharing workaround!

@vac commented on GitHub (Aug 30, 2018): I have the same issue. Clean Ubuntu 18.04 Server installation. @InToSSH: thanks for sharing workaround!

kerem commented

2026-02-27 11:15:55 +03:00

Author

Owner

@stefaweb commented on GitHub (Sep 14, 2018):

Hi!

You can replace the original /etc/cron.d/letsencrypt with:

/opt/certbot-auto -q renew --pre-hook 'nginx -t && service stop nginx stop' --post-hook 'nginx -t && service nginx start && service postfix reload && service dovecot reload'

This seems to solve the problem.

@stefaweb commented on GitHub (Sep 14, 2018): Hi! You can replace the original `/etc/cron.d/letsencrypt` with: `/opt/certbot-auto -q renew --pre-hook 'nginx -t && service stop nginx stop' --post-hook 'nginx -t && service nginx start && service postfix reload && service dovecot reload'` This seems to solve the problem.

kerem commented

2026-02-27 11:15:55 +03:00

Author

Owner

@tonioo commented on GitHub (Sep 20, 2018):

@InToSSH Thank you for the feedback.

@tonioo commented on GitHub (Sep 20, 2018): @InToSSH Thank you for the feedback.

kerem commented

2026-02-27 11:15:55 +03:00

Author

Owner

@makakken commented on GitHub (Oct 16, 2018):

@tonioo same on debian 9.5
when i run:
systemctl status nginx.service

i get:

nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2018-10-16 16:03:19 CEST; 2min 4s ago
     Docs: man:nginx(8)
  Process: 940 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
  Process: 903 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
 Main PID: 958 (nginx)
    Tasks: 3 (limit: 4915)
   CGroup: /system.slice/nginx.service
           ├─958 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
           ├─963 nginx: worker process
           └─964 nginx: worker process

Oct 16 16:03:19 mail systemd[1]: Starting A high performance web server and a reverse proxy server...
Oct 16 16:03:19 mail systemd[1]: Started A high performance web server and a reverse proxy server.

then i run:
/opt/certbot-auto renew --no-self-upgrade --force-renewal

and get:

Processing /etc/letsencrypt/renewal/dock.co.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Plugins selected: Authenticator nginx, Installer None
Running pre-hook command: service nginx stop
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for dock.co
nginx: [error] open() "/run/nginx.pid" failed (2: No such file or directory)
Waiting for verification...
Cleaning up challenges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/dock.co/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/dock.co/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Running post-hook command: service nginx start && service postfix reload && service dovecot reload
Hook command "service nginx start && service postfix reload && service dovecot reload" returned error code 1
Error output from service:
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xe" for details.

@makakken commented on GitHub (Oct 16, 2018): @tonioo same on debian 9.5 when i run: `systemctl status nginx.service` i get: ``` nginx.service - A high performance web server and a reverse proxy server Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2018-10-16 16:03:19 CEST; 2min 4s ago Docs: man:nginx(8) Process: 940 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS) Process: 903 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS) Main PID: 958 (nginx) Tasks: 3 (limit: 4915) CGroup: /system.slice/nginx.service ├─958 nginx: master process /usr/sbin/nginx -g daemon on; master_process on; ├─963 nginx: worker process └─964 nginx: worker process Oct 16 16:03:19 mail systemd[1]: Starting A high performance web server and a reverse proxy server... Oct 16 16:03:19 mail systemd[1]: Started A high performance web server and a reverse proxy server. ``` then i run: `/opt/certbot-auto renew --no-self-upgrade --force-renewal` and get: ``` Processing /etc/letsencrypt/renewal/dock.co.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Plugins selected: Authenticator nginx, Installer None Running pre-hook command: service nginx stop Renewing an existing certificate Performing the following challenges: tls-sni-01 challenge for dock.co nginx: [error] open() "/run/nginx.pid" failed (2: No such file or directory) Waiting for verification... Cleaning up challenges - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - new certificate deployed without reload, fullchain is /etc/letsencrypt/live/dock.co/fullchain.pem - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations, all renewals succeeded. The following certs have been renewed: /etc/letsencrypt/live/dock.co/fullchain.pem (success) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Running post-hook command: service nginx start && service postfix reload && service dovecot reload Hook command "service nginx start && service postfix reload && service dovecot reload" returned error code 1 Error output from service: Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details. ```

kerem commented

2026-02-27 11:15:56 +03:00

Author

Owner

@makakken commented on GitHub (Oct 16, 2018):

after restart everything works fine.
it seems there is a problem in /etc/letsencrypt/renewal/dock.co.conf with . post and pre hooks which is not fixed with github.com/modoboa/modoboa-installer@e7a9e5fc71

@makakken commented on GitHub (Oct 16, 2018): after restart everything works fine. it seems there is a problem in /etc/letsencrypt/renewal/dock.co.conf with . post and pre hooks which is not fixed with https://github.com/modoboa/modoboa-installer/commit/e7a9e5fc710f764c24232822ba8434f3298c0b42