`certbot --nginx` results in "The requested nginx plugin does not appear to be installed"

I get the following error on Ubuntu 22.04:

$ nix-shell -p nginx certbot-full

$ sudo $(which certbot) --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
The requested nginx plugin does not appear to be installed

$ sudo cat /var/log/letsencrypt/letsencrypt.log
2023-07-24 00:23:29,416:DEBUG:certbot._internal.main:certbot version: 2.1.1
2023-07-24 00:23:29,426:DEBUG:certbot._internal.main:Location of certbot entry point: /nix/store/2574inb55dncri9fdbsqh2qbhk4qya5v-python3.10-certbot-2.1.1/bin/certbot
2023-07-24 00:23:29,426:DEBUG:certbot._internal.main:Arguments: ['--nginx']
2023-07-24 00:23:29,426:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#certbot-route53:auth,PluginEntryPoint#dns-cloudflare,PluginEntryPoint#dns-rfc2136,PluginEntryPoint#dns-route53,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2023-07-24 00:23:29,433:DEBUG:certbot._internal.log:Root logging level set at 30
2023-07-24 00:23:29,434:DEBUG:certbot._internal.plugins.selection:Requested authenticator nginx and installer nginx
2023-07-24 00:23:29,434:DEBUG:certbot._internal.plugins.selection:No candidate plugin

I’m probably missing something basic because there is nothing about certbot in the Nixpkgs manual and the NixOS wiki article does not apply (I think; anyway, it also doesn’t mention this issue).

Do I even need the --nginx option?

I have a Nix shell expression that “bundles” NGINX with its config (courtesy of this thread). Basically, the NGINX configuration file is saved in the Nix store, and a script along the lines of nginx -c /nix/store/...nginx.conf will be save there too.


  • Now, I’m not even sure if certbot --nginx would work in this case (with nginx.conf being in a non-standard place an all), but wanted to see what would happen. Should I pursue this or is there a guide that I’m not aware of that deals with this exact situation?

  • I would like to use certbot provided by Nix, but maybe I should just bite the bullet, install it the “recommended” way (i.e., snap) and configure NGINX manually? (Just started out with NGINX as well, so any leads on this would also be appreciated!)