Action 'graceful' failed

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.topbamboo.co.uk

I ran this command: $ sudo certbot --apache

It produced this output: Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for www.topbamboo.co.uk
Enabled Apache socache_shmcb module
Enabled Apache ssl module
/usr/lib/python2.7/dist-packages/OpenSSL/rand.py:58: UserWarning: implicit cast from ‘char *’ to a different pointer type: will be forbidden in the future (check that the types are as you expect; use an explicit ffi.cast() if they are correct)
result_code = _lib.RAND_bytes(result_buffer, num_bytes)
Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 172.17.0.2. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Cleaning up challenges
Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 172.17.0.2. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Encountered exception during recovery
Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 172.17.0.2. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
Traceback (most recent call last):
File “/usr/lib/python2.7/dist-packages/certbot/error_handler.py”, line 99, in _call_registered

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 172.17.0.2. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
Traceback (most recent call last):
File “/usr/lib/python2.7/dist-packages/certbot/error_handler.py”, line 99, in _call_registered
self.funcs-1
File “/usr/lib/python2.7/dist-packages/certbot/auth_handler.py”, line 280, in _cleanup_challenges
self.auth.cleanup(achalls)
File “/usr/lib/python2.7/dist-packages/certbot_apache/configurator.py”, line 1769, in cleanup
self.restart()
File “/usr/lib/python2.7/dist-packages/certbot_apache/configurator.py”, line 1658, in restart
self._reload()
File “/usr/lib/python2.7/dist-packages/certbot_apache/configurator.py”, line 1669, in _reload
raise errors.MisconfigurationError(str(err))
MisconfigurationError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 172.17.0.2. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 172.17.0.2. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.
AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 172.17.0.2. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

My web server is (include version): Apache 2.4.27

The operating system my web server runs on is (include version): Debian 8

My hosting provider, if applicable, is: Google Cloud Platform - Compute Engine

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

expects Apache to be running... Yet:

Please show:
netstat -pant

Hi, thanks for the reply, is this the info your after?

$ netstat -pant
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:55878 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:8998 0.0.0.0:* LISTEN 256/python
tcp 0 0 0.0.0.0:65001 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:8998 127.0.0.1:55258 TIME_WAIT -
tcp 0 0 127.0.0.1:55273 127.0.0.1:8998 TIME_WAIT -
tcp 0 0 127.0.0.1:55266 127.0.0.1:8998 CLOSE_WAIT -
tcp 0 0 127.0.0.1:43545 127.0.0.1:55878 ESTABLISHED 3345/python
tcp 0 0 127.0.0.1:43542 127.0.0.1:55878 TIME_WAIT -
tcp 0 0 127.0.0.1:8998 127.0.0.1:55241 TIME_WAIT -
tcp 0 0 127.0.0.1:55878 127.0.0.1:43545 ESTABLISHED -
tcp 0 0 127.0.0.1:8998 127.0.0.1:55266 FIN_WAIT2 -
tcp 0 0 127.0.0.1:8998 127.0.0.1:55251 TIME_WAIT -
tcp 0 0 172.17.0.2:22 74.125.73.33:45218 ESTABLISHED -
tcp6 0 0 :::8085 :::* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -

try:
sudo netstat -pant

$ sudo netstat -pant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:55878 0.0.0.0:* LISTEN 3338/0
tcp 0 0 127.0.0.1:8998 0.0.0.0:* LISTEN 256/python
tcp 0 0 0.0.0.0:65001 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 258/python
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 24/sshd
tcp 0 0 127.0.0.1:55266 127.0.0.1:8998 CLOSE_WAIT 258/python
tcp 0 0 127.0.0.1:43545 127.0.0.1:55878 ESTABLISHED 3345/python
tcp 0 0 127.0.0.1:55878 127.0.0.1:43545 ESTABLISHED 3338/0
tcp 0 64 172.17.0.2:22 74.125.73.33:45218 ESTABLISHED 3335/sshd: dave_mun
tcp6 0 0 :::8085 :::* LISTEN -
tcp6 0 0 :::22 :::* LISTEN 24/sshd

So python is listening on port 80 - not Apache.
I'm used to something more like this:
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1553/nginx: master
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 1242/apache2

nonetheless, "sudo certbot --apache" is a FAIL, as Apache is not running.
since port 80 is in use and 443 is NOT in use, you could try:
sudo certbot certonly --standalone --preferred-challenges tls-sni --agree-tos -m your.email@addre.ss -d www.topbamboo.co.uk
Which should spin up a temporary webserver on port 443 and if successful place certs in the /etc/letsencrypt/live/ folder.
How you would get python to use a TLS cert is another question - outside this forum.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.