Setup crashes during NGINX setup in openHABian on Pi

Hi, I am following the instructions in
and I have openHAB 2 on an openHABian raspberry Pi 2 - working on local LAN.
Using sudo openhabian-config, I have tried to install the NGINX reverse proxy with Let’s Encrypt certificates.
As instructed, I have port 80 open on my firewall for the certbot to do it’s thing during setup.

All goes well, up to the point where it says "Creating Let’s Encrypt certificate…"
Then the process stops and openhabian-config shows a screen saying I should report this to the community.

See the tail end of the output I get, there are no errors or warnings up to this point.

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Creating Let's Encrypt certificate...
/usr/local/bin/openhabian-config: line 787: 27521 Illegal instruction     certbot certonly --webroot -w /var/www/$domain -d $domain
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

We hope you got what you came for! See you again soon ;)

Seems to be a bug in the script in combination with your way of usage. Did you provide a valid domain when you were asked for one?

Hi, yes, I entered my public domain name. Just that though. I didn’t put https etc.
Just the domain name. Looking through the docs and my machine, I can see that the directories named after the domain have been created. and the nginx config file has entries to my domain in it.

I’ve configured a system three weeks ago, without problems. May I ask you to try again?

Yes, certainly. I have tried many times now. I always get the same result.
my firewall is definitely open on :80 and :443 forwarding to my machine local IP.
When I visit the external domain name, I see the openhab ui on http, but site not found on https (expected as https is not being set up due to this issue).

I tried following the manual steps in the docs, but the cerbot command doesn’t seem to fetch any certs, but doesn’t give any errors either.

Looking closer at the error message, it seems like you are using the wrong version of certbot:

Did you install certbot prior to using the openhabian-config menu function?

[14:43:14] pi@openHABianPi:~$ certbot --version
certbot 0.9.3

[14:43:18] pi@openHABianPi:~$dpkg -s certbot
Package: certbot
Status: install ok installed
Priority: extra
Section: web
Installed-Size: 74
Maintainer: Debian Let's Encrypt <>
Architecture: all
Source: python-certbot
Version: 0.9.3-1~bpo8+1

Hi thanks for looking into this.
No I didn’t install anything myself. I only used the default install of the OS and then openhabian-config to do everything.

So, if it is the wrong version, I guess we need to bring this to the attention of someone who can update the packages in openhabian?

Also, I found a workaround for the setup breaking for me.
I got my Start_SSL certificate from my OH1 setup and added that by hand to the nginx conf file for openhab (/etc/nginx/sites-enabled/openhab)
generally following the instructions for self signed certificates in the docs.

Great you found a solution.

It would help to know which version you are on. My guess is, that something went wrong there. Could you please post the results of the two commands I’ve shown in my previous answer?

Yes, of course. Sorry, I din’t understand that you needed the output from me.
here it is below:

[16:44:23] pi@openHABianPi:~$ certbot --version
Illegal instruction
[16:45:09] pi@openHABianPi:~$

[16:45:09] pi@openHABianPi:~$ dpkg -s certbot
Package: certbot
Status: install ok installed
Priority: extra
Section: web
Installed-Size: 74
Maintainer: Debian Let's Encrypt <>
Architecture: all
Source: python-certbot
Version: 0.9.3-1~bpo8+2
Replaces: letsencrypt
Provides: letsencrypt
Depends: dialog, python-certbot (= 0.9.3-1~bpo8+2), init-system-helpers (>= 1.18~), python, python:any (>= 2.7~)
Suggests: python-certbot-apache, python-certbot-doc
Breaks: letsencrypt (<= 0.6.0)
 /etc/cron.d/certbot 88d0bd291b44222e55a073ae3e4cdba3
Description: automatically configure HTTPS using Let's Encrypt
 The objective of Certbot, Let's Encrypt, and the ACME (Automated
 Certificate Management Environment) protocol is to make it possible
 to set up an HTTPS server and have it automatically obtain a
 browser-trusted certificate, without any human intervention. This is
 accomplished by running a certificate management agent on the web
 This agent is used to:
   - Automatically prove to the Let's Encrypt CA that you control the website
   - Obtain a browser-trusted certificate and set it up on your web server
   - Keep track of when your certificate is going to expire, and renew it
   - Help you revoke the certificate if that ever becomes necessary.
 This package contains the main application, including the standalone
 and the manual authenticators.
[16:45:50] pi@openHABianPi:~$

This is strange. Just to rule rule one thing out, try a reinstall of that package.

Please execute step by step:

sudo su

apt purge certbot

echo -e "deb jessie-backports main" > /etc/apt/sources.list.d/backports.list
gpg --keyserver --recv-key 8B48AD6246925553
gpg -a --export 8B48AD6246925553 | apt-key add -
gpg --keyserver --recv-key 7638D0442B90D010
gpg -a --export 7638D0442B90D010 | apt-key add -
apt update
apt install certbot -t jessie-backports

certbot --version

Hi ThomDietrich, I did exactly what you asked.

I got this at the end of it:

[16:07:19] root@openHABianPi:/home/pi# certbot --version
Illegal instruction
[16:07:35] root@openHABianPi:/home/pi#

I hope this helps to explain things

root@openhab:/home/pi# certbot --version
certbot 0.9.3

I can’t seem to replicate :frowning:

1 Like

Could it be because I have a Raspberry Pi 2?
Is there something different about the processor instruction set on those?

Also one of the first things I checked. That could have been the case with a RPi1.

Okay your situation is pretty strange and not what I would expect on a recent installation of openHABian. Would it be an option for you to backup and start with a fresh installation?

I am sorry, it is not an option for me to do a fresh install on this machine. I was forced to move to OH2 after my OH1 setup died - I have a lot of devices around the house - so I can’t play around too much.

What I might do is buy another RPi 2 and try to replicate on that so I don’t mess up my working setup.

BTW. I should add, I did find a workaround (I mentioned it in a previous post), so personally, I am not blocked by this issue any more, but I am happy to stick on it if it helps other people.

Ah right, well then…
So far you are the only one with this problem. Let’s ignore it for now :wink:

Yippee! :slight_smile:

Same problem for me: “cerbot --version” (even after reinstall with “apt install certbot -t jessie-backport”) gives an “illegal instruction” in line 878 on a RasPi 1B with latest Raspian Jessie.

Any further hints…?

(an hour later): Okay, doesn’t help me anyway. Tried to get the certificate from my desktop Ubuntu. Certbot works there but I learned, that I cannot get a certificate from LetsEncrypt as my DDNS subdomain exeeds the limits: too many request from all the other users of the same DDNS service - too many subdomains… :frowning:

Yeah that’s problematic. You can still register your own domain for a few euros a year and then CNAME reference it to the ddns name.