Action required: Let's Encrypt certificate renewals


#46

[root@HMFR-4 conf.d]# certbot renew --dry-run -v --installer null --no-directory-hooks --pre-hook “systemctl stop httpd”

File “/usr/lib/python2.7/site-packages/certbot/plugins/standalone.py”, line 78, in run
raise errors.StandaloneBindError(error, port)
StandaloneBindError: Problem binding to port 80: Could not bind to IPv4 or IPv6.

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/merchant.priceblaze.pk/fullchain.pem (failure)
/etc/letsencrypt/live/admin.priceblaze.pk/fullchain.pem (failure)
/etc/letsencrypt/live/www.priceblaze.pk/fullchain.pem (failure)


** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/merchant.priceblaze.pk/fullchain.pem (failure)
/etc/letsencrypt/live/admin.priceblaze.pk/fullchain.pem (failure)
/etc/letsencrypt/live/www.priceblaze.pk/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)


Running post-hook command: systemctl start httpd
Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 9, in
load_entry_point(‘certbot==0.29.1’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 1352, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 1259, in renew
renewal.handle_renewal_request(config)
File “/usr/lib/python2.7/site-packages/certbot/renewal.py”, line 457, in handle_renewal_request
len(renew_failures), len(parse_failures)))
Error: 3 renew failure(s), 0 parse failure(s)
3 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:


#47

Does this command stop the web server?

And this command seems to have no effect:


#48

i got this when i run this commmand

certbot renew --dry-run -v --standalone --no-directory-hooks --pre-hook “systemctl stop httpd”

ile “/usr/lib/python2.7/site-packages/certbot/plugins/standalone.py”, line 78, in run
raise errors.StandaloneBindError(error, port)
StandaloneBindError: Problem binding to port 80: Could not bind to IPv4 or IPv6.

Calling registered functions
Cleaning up challenges
Attempting to renew cert (www.priceblaze.pk) from /etc/letsencrypt/renewal/www.priceblaze.pk.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6… Skipping.
Traceback was:
Traceback (most recent call last):
File “/usr/lib/python2.7/site-packages/certbot/renewal.py”, line 432, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 1170, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 118, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File “/usr/lib/python2.7/site-packages/certbot/renewal.py”, line 307, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File “/usr/lib/python2.7/site-packages/certbot/client.py”, line 353, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/usr/lib/python2.7/site-packages/certbot/client.py”, line 389, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File “/usr/lib/python2.7/site-packages/certbot/auth_handler.py”, line 75, in handle_authorizations
resp = self._solve_challenges(aauthzrs)
File “/usr/lib/python2.7/site-packages/certbot/auth_handler.py”, line 132, in _solve_challenges
resp = self.auth.perform(all_achalls)
File “/usr/lib/python2.7/site-packages/certbot/plugins/standalone.py”, line 234, in perform
return [self._try_perform_single(achall) for achall in achalls]
File “/usr/lib/python2.7/site-packages/certbot/plugins/standalone.py”, line 241, in _try_perform_single
_handle_perform_error(error)
File “/usr/lib/python2.7/site-packages/certbot/plugins/standalone.py”, line 239, in _try_perform_single
return self._perform_single(achall)
File “/usr/lib/python2.7/site-packages/certbot/plugins/standalone.py”, line 245, in _perform_single
servers, response = self._perform_http_01(achall)
File “/usr/lib/python2.7/site-packages/certbot/plugins/standalone.py”, line 254, in _perform_http_01
servers = self.servers.run(port, challenges.HTTP01, listenaddr=addr)
File “/usr/lib/python2.7/site-packages/certbot/plugins/standalone.py”, line 78, in run
raise errors.StandaloneBindError(error, port)
StandaloneBindError: Problem binding to port 80: Could not bind to IPv4 or IPv6.

The following certs could not be renewed:
/etc/letsencrypt/live/admin.priceblaze.pk/fullchain.pem (failure)
/etc/letsencrypt/live/www.priceblaze.pk/fullchain.pem (failure)


** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

The following certs were successfully renewed:
/etc/letsencrypt/live/merchant.priceblaze.pk/fullchain.pem (success)

The following certs could not be renewed:
/etc/letsencrypt/live/admin.priceblaze.pk/fullchain.pem (failure)
/etc/letsencrypt/live/www.priceblaze.pk/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)


Running post-hook command: systemctl start httpd
Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 9, in
load_entry_point(‘certbot==0.29.1’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 1352, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 1259, in renew
renewal.handle_renewal_request(config)
File “/usr/lib/python2.7/site-packages/certbot/renewal.py”, line 457, in handle_renewal_request
len(renew_failures), len(parse_failures)))
Error: 2 renew failure(s), 0 parse failure(s)
2 renew failure(s), 0 parse failure(s)


#49

This should have stopped the web server:

This shows something is still using port 80:

I repeat myself:

and add:
Please show what is running on port 80:
netstat -pant


#50

tcp 0 0 38.108.7.164:22 125.209.123.78:63791 ESTABLISHED 3810/sshd: root@not
tcp6 0 0 :::3306 :::* LISTEN 2750/mysqld
tcp6 0 0 :::8080 :::* LISTEN 2865/httpd
tcp6 0 0 :::80 :::* LISTEN 2865/httpd
tcp6 0 0 :::8081 :::* LISTEN 2865/httpd
tcp6 0 0 :::8082 :::* LISTEN 2865/httpd
tcp6 0 0 :::22 :::* LISTEN 1447/sshd
tcp6 0 0 ::1:631 :::* LISTEN 1453/cupsd
tcp6 0 0 :::5432 :::* LISTEN 13610/postgres
tcp6 0 0 :::443 :::* LISTEN 2865/httpd
tcp6 0 0 38.108.7.164:443 46.229.168.138:65400 TIME_WAIT -

first i stop the httpd service then i run this

certbot renew --dry-run -v --standalone --no-directory-hooks --pre-hook “systemctl stop httpd”

result is above.

kindly suggest me with post hook command so i will try and run that


split this topic #51

A post was split to a new topic: Nginx invalid PID number “” error during certbot renew


#52

The --pre-hook used is supposed to stop the https service.

The matching --post-hook would be:
--post-hook "systemctl start httpd"


#53

certbot renew --dry-run -v --standalone --no-directory-hooks --post-hook “systemctl star httpd”

File “/usr/lib/python2.7/site-packages/certbot/plugins/standalone.py”, line 254, in _perform_http_01
servers = self.servers.run(port, challenges.HTTP01, listenaddr=addr)
File “/usr/lib/python2.7/site-packages/certbot/plugins/standalone.py”, line 78, in run
raise errors.StandaloneBindError(error, port)
StandaloneBindError: Problem binding to port 80: Could not bind to IPv4 or IPv6.

Calling registered functions
Cleaning up challenges
Attempting to renew cert (www.priceblaze.pk) from /etc/letsencrypt/renewal/www.priceblaze.pk.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6… Skipping.
Traceback was:
Traceback (most recent call last):
File “/usr/lib/python2.7/site-packages/certbot/renewal.py”, line 432, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 1170, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 118, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File “/usr/lib/python2.7/site-packages/certbot/renewal.py”, line 307, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File “/usr/lib/python2.7/site-packages/certbot/client.py”, line 353, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/usr/lib/python2.7/site-packages/certbot/client.py”, line 389, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File “/usr/lib/python2.7/site-packages/certbot/auth_handler.py”, line 75, in handle_authorizations
resp = self._solve_challenges(aauthzrs)
File “/usr/lib/python2.7/site-packages/certbot/auth_handler.py”, line 132, in _solve_challenges
resp = self.auth.perform(all_achalls)
File “/usr/lib/python2.7/site-packages/certbot/plugins/standalone.py”, line 234, in perform
return [self._try_perform_single(achall) for achall in achalls]
File “/usr/lib/python2.7/site-packages/certbot/plugins/standalone.py”, line 241, in _try_perform_single
_handle_perform_error(error)
File “/usr/lib/python2.7/site-packages/certbot/plugins/standalone.py”, line 239, in _try_perform_single
return self._perform_single(achall)
File “/usr/lib/python2.7/site-packages/certbot/plugins/standalone.py”, line 245, in _perform_single
servers, response = self._perform_http_01(achall)
File “/usr/lib/python2.7/site-packages/certbot/plugins/standalone.py”, line 254, in _perform_http_01
servers = self.servers.run(port, challenges.HTTP01, listenaddr=addr)
File “/usr/lib/python2.7/site-packages/certbot/plugins/standalone.py”, line 78, in run
raise errors.StandaloneBindError(error, port)
StandaloneBindError: Problem binding to port 80: Could not bind to IPv4 or IPv6.

The following certs could not be renewed:
/etc/letsencrypt/live/www.priceblaze.pk/fullchain.pem (failure)


** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

The following certs were successfully renewed:
/etc/letsencrypt/live/merchant.priceblaze.pk/fullchain.pem (success)
/etc/letsencrypt/live/admin.priceblaze.pk/fullchain.pem (success)

The following certs could not be renewed:
/etc/letsencrypt/live/www.priceblaze.pk/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)


Running post-hook command: systemctl star httpd
Hook command “systemctl star httpd” returned error code 1
Error output from systemctl:
Unknown operation ‘star’.

Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 9, in
load_entry_point(‘certbot==0.29.1’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 1352, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 1259, in renew
renewal.handle_renewal_request(config)
File “/usr/lib/python2.7/site-packages/certbot/renewal.py”, line 457, in handle_renewal_request
len(renew_failures), len(parse_failures)))
Error: 1 renew failure(s), 0 parse failure(s)
1 renew failure(s), 0 parse failure(s)
[root@HMFR-4 ~]# service httpd start
Redirecting to /bin/systemctl start httpd.service

kindly suggest now


#54

This means that httpd was NOT stopped.

Try with sudo:

sudo certbot renew --dry-run -v --standalone --no-directory-hooks --post-hook “systemctl star httpd”

#55

[root@HMFR-4 ~]# sudo certbot renew --dry-run -v --standalone --no-directory-hooks --post-hook “systemctl start httpd”
usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] …

Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: unrecognized arguments: start httpd”

why i am using sudo …if i am on root


#56

With or without sudo, this command has to be on one line:

If it still gives the error:

Change the double quotes for single quotes:
certbot renew --dry-run -v --standalone --no-directory-hooks --post-hook ‘systemctl start httpd’

if it still get same error, there is something wrong with certbot or the certbot version is very old.
[it’s not old]


#57

can you please send me the proper command .


#58

Please try:

certbot renew --dry-run -v --standalone --no-directory-hooks --post-hook ‘systemctl start httpd’

or maybe:

certbot renew --dry-run -v --standalone --no-directory-hooks --pre-hook ‘systemctl stop httpd’ --post-hook ‘systemctl start httpd’

#59

The type of quote mark used is important… the quotes that work are ' and " - either should work - but and will not.


#60

“Mangled” by discourse?
Even the triple backticks can’t save me!
I typed it in right…
But I do see what you see on the screen too.


#61

Attempt #2:

certbot renew --dry-run -v --standalone --no-directory-hooks --post-hook 'systemctl start httpd'
certbot renew --dry-run -v --standalone --no-directory-hooks --pre-hook 'systemctl stop httpd' --post-hook 'systemctl start httpd'

#62

certbot renew --dry-run -v --standalone --no-directory-hooks --pre-hook ‘systemctl stop httpd’ --post-hook ‘systemctl start httpd’

File “/usr/lib/python2.7/site-packages/certbot/plugins/standalone.py”, line 78, in run
raise errors.StandaloneBindError(error, port)
StandaloneBindError: Problem binding to port 80: Could not bind to IPv4 or IPv6.

The following certs could not be renewed:
/etc/letsencrypt/live/admin.priceblaze.pk/fullchain.pem (failure)
/etc/letsencrypt/live/www.priceblaze.pk/fullchain.pem (failure)


** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

The following certs were successfully renewed:
/etc/letsencrypt/live/merchant.priceblaze.pk/fullchain.pem (success)

The following certs could not be renewed:
/etc/letsencrypt/live/admin.priceblaze.pk/fullchain.pem (failure)
/etc/letsencrypt/live/www.priceblaze.pk/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)


Running post-hook command: systemctl start httpd
Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 9, in
load_entry_point(‘certbot==0.29.1’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 1352, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 1259, in renew
renewal.handle_renewal_request(config)
File “/usr/lib/python2.7/site-packages/certbot/renewal.py”, line 457, in handle_renewal_request
len(renew_failures), len(parse_failures)))
Error: 2 renew failure(s), 0 parse failure(s)
2 renew failure(s), 0 parse failure(s)
[root@HMFR-4 ~]#


#63

certbot renew --dry-run -v --standalone --no-directory-hooks --post-hook ‘systemctl start httpd’

servers = self.servers.run(port, challenges.HTTP01, listenaddr=addr)

File “/usr/lib/python2.7/site-packages/certbot/plugins/standalone.py”, line 78, in run
raise errors.StandaloneBindError(error, port)
StandaloneBindError: Problem binding to port 80: Could not bind to IPv4 or IPv6.

The following certs could not be renewed:
/etc/letsencrypt/live/www.priceblaze.pk/fullchain.pem (failure)


** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

The following certs were successfully renewed:
/etc/letsencrypt/live/merchant.priceblaze.pk/fullchain.pem (success)
/etc/letsencrypt/live/admin.priceblaze.pk/fullchain.pem (success)

The following certs could not be renewed:
/etc/letsencrypt/live/www.priceblaze.pk/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)


Running post-hook command: systemctl start httpd
Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 9, in
load_entry_point(‘certbot==0.29.1’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 1352, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 1259, in renew
renewal.handle_renewal_request(config)
File “/usr/lib/python2.7/site-packages/certbot/renewal.py”, line 457, in handle_renewal_request
len(renew_failures), len(parse_failures)))
Error: 1 renew failure(s), 0 parse failure(s)
1 renew failure(s), 0 parse failure(s)
[root@HMFR-4 ~]# systemctl status httpd


#64

Does this actually stop the web server?:

After that is called there is something still on port 80:


closed #65

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.