LetsEncrypt Fails for Multi-tenant Setup

We recently converted from a single tenant to multi-tenant setup for ErpNext. We are running Ubuntu 18.04 on a DigitalOcean droplet. Previously we had been using LetsEncrypt for SSL on the first site. When we got the second site up and running, we tried to add SSL for the second site. We are getting:
“WARN: Superuser Privileges Required for this Command”.

We are running the command with the frappe account which has sudo privileges. Not sure what the deal is but I assume that there was a permissions change after we added the second site. Anyone have experience with this? Right now we have one site (original) working with SSL and one site is unsecured (new). Would love any assistance here.

What did it return when you ran the command with sudo?

It’s seems to complain about needing to upgrade to python 3. I migrated the first site some time ago and I assumed that when we added the second site that I needed to run the same command again. I ran “bench migrate-env python3” to make sure that both sites were migrated to Python3.

It seems to have some references to Python 2.7. Not sure how to proceed.

Yes. This issue is not with bench. It is with certbot.
Bench has setup the nginx config with the ssl, all it needs is the actual ssl certificates from certbot.

you can install certbot using snap.
check out this link:
stop nginx by

sudo systemctl stop nginx

then do

sudo certbot certonly --standalone

stat nginx again

sudo systemctl start nginx
1 Like


Thank you for your help! I ran the commands and it said that it was successful, but my site is still not secured with SSL. I tried restarted Nginx several times and even rebooted the whole server. No dice. Do I still need to run bench setup lets-encrypt {mysitename}?

sudo certbot certificates - to see the location and status of certs.
check your nginx.conf to ensure ssl certificate points to right location as the above command…generally if it cannot find the ssl certificate - it will throw error when u restart nginx. check status of nginx to ensure no errors. also clear cache / cookies on browser. sometimes if you access with http before - u need to force url to use https (especially in chrome)

yes! bench setup lets-encrypt is the one that sets up the nginx.conf for ERPNext. Except, if fails at the point of certbot because of certbot issues. After lets-encrypt, you need to stop nginx. All that is missing is the ssl certificate.
The certbot part standalone is the one that will place the ssl certificate. You can restart the nginx and it will be ok


Yes python 3 is a requirement.

Hope it helps:

As @krnkris pointed out, I fixed it just hours ago.

The steps are simple.

  1. Start a new shell (ssh window)
  2. Go to /opt. A script called “certbot-auto” should be present
  3. run
    $ sudo USE_PYTHON_3=1 ./certbot-auto

The certificate is generated and we are happy


Finally got it working, thanks everyone. After you tell certbot to use Python3 you complete the certbot standalone request it’s important to put BOTH sites in the same request. I was trying to do them each one at a time and in the end was just overwriting each other. When you do this it will ask you if you want to “expand” your existing cert rather than overwrite. This was my last hiccup. All working now:)