Apache Crashes after Running Certbot

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: w4rku.us.to

I ran this command: sudo certbot --apache-ctl /opt/lampp/bin/apachectl

It produced this output: (98)Address already in use: AH00072: make_sock: could not bind to address no listening sockets available, shutting down

My web server is apache Apache/2.4.52 (Ubuntu)

The operating system my web server runs on is Linux Mint 21

My hosting provider, if applicable, is: Self - built with lampp 8.0.23

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.21.0

It appears that I have conflicting virtualhosts (guessing). On resides in /opt/lampp/etc/extra/httpd-vhosts.conf and maybe another in /etc/apache2/ in one of the directories (not sure which one). I don't recall ever messing with anything in the /etc/apache2 directory in the past. I am not sure if it was even there. Howeverthe only thing I can think of that is starting two processes. If I run netstat after the fact there is nothing on port 80. I am stumped.

Thank you

1 Like

I'm not familiar with there being an apache-ctl option in certbot but it seems very like something is already using port 80 (e.g. apache is already running).


Hi @krutzy, and welcome to the LE community forum :slight_smile:

Is that the only output?
Did certbot ask any questions?
[if so, what where your responses?]

Please show:
certbot certificates
apachectl -t -D DUMP_VHOSTS
[or /opt/lampp/bin/apachectl -t -D DUMP_VHOSTS - whichever works]


Yes it asked me questions I can't remember how I answered. One thing was my domain name to use (I had aliases but only use the one).

I probably should have added I did run certbot --apache first and it failed so I did it again with the /opt/lampp/bin/apachectl option.

Here are the outputs:

ku@Mint-Tower:~$ sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Found the following certs:
Certificate Name: w4rku.us.to
Serial Number: 420dd2da483fea31525e85d888df840eeb1
Key Type: RSA
Domains: w4rku.us.to
Expiry Date: 2023-01-31 21:53:24+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/w4rku.us.to/fullchain.pem
Private Key Path: /etc/letsencrypt/live/w4rku.us.to/privkey.pem

I did the apachectl both ways (/opt/lampp/bin is in the path) and got these results

ku@Mint-Tower:~$ apachectl -t -D DUMP_VHOSTS
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:80 (/etc/apache2/sites-enabled/000-default.conf:1)

ku@Mint-Tower:/opt/lampp/bin$ /opt/lampp/bin/apachectl -t -D DUMP_VHOSTS
VirtualHost configuration:
*:80 is a NameVirtualHost
default server localhost (/opt/lampp/etc/extra/httpd-vhosts.conf:24)
port 80 namevhost localhost (/opt/lampp/etc/extra/httpd-vhosts.conf:24)
alias www.localhost
port 80 namevhost w4rku.us.to (/opt/lampp/etc/extra/httpd-vhosts.conf:32)
alias www.w4rku.us.to
alias w4rku.com
alias www.w4rku.com

I could restore from the snapshot and clean stuff up and run certbot again.

Thanks alot!

1 Like

It seems there are two versions of apache installed.
That will usually not go well with: certbot --apache.

I see a recently renewed cert - good for 89 more days:

So... something "worked".

I think you should cleanup the multiple apaches and probably switch to using --webroot for less "touches" to [this fragile] apache.


Will do and let you know!

Ok I am not sure what to do here. I restored to before I started. I removed the /etc/apache2 direcory - it only had a non-function file in it.
I installed via snap this time. I went to install using the following command and the results are as follow:

ku@Mint-Tower:~$ sudo certbot --apache-ctl /opt/lampp/bin/apachectl --webroot -w /opt/lampp/htdocs

Saving debug log to /var/log/letsencrypt/letsencrypt.log
With the webroot plugin, you probably want to use the "certonly" command, eg:

certbot certonly --webroot

(Alternatively, add a --installer flag. See User Guide — Certbot 1.31.0 documentation
and "--help plugins" for more information.)

If I use the "certonly" option, will that cause the autorenewal not to be enabled?

Before I mess things up again I wanted to be sure what I was doing and the implications.

Thanks again!

1 Like

Autorenewal should always be enabled [by default].
[if not, that's an easy fix]



Thank you for the help so far. I ran this and it appears that it worked and after reboot the server works and there is no /etc/apache2 directory. Progress!

The command I ran was as follows:

sudo certbot certonly --apache-ctl /opt/lampp/bin/apachectl --webroot -w /opt/lampp/htdocs

I answered the questions with my Email, accepted the TOS, said "N" to news, and it issued the certificate.

However there are two things I think need to be done still. First is an entry in the /opt/lampp/etc/extra/httpd-vhosts.conf and add a port 443 entry. Then change the .htaccess in the root of the website to take http and force it to https.

Make the change in WordPress (I have done some of this before with a hosting company's help).

Am I right or is the vhosts taken care of somewhere else?


1 Like

I have figured this much out. The httpd.conf file I have uses this entry.

# Secure (SSL/TLS) connections
<IfModule ssl_module>
<IfDefine SSL>
Include etc/extra/httpd-ssl.conf
# Note: The following must must be present to support
#       starting without SSL on platforms with no /dev/random equivalent
#       but a statically compiled-in mod_ssl.
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

In the the ect/extra/http-ssl.conf file are definitions for using a CA certificate ( I won't bother with those details).

LetsEcrypt uses the file httpd-vhosts-le-ssl.conf for this purpose. When I created using certonly this file was not created. If I substitute the above include with your name and create the file
httpd-vhosts-le-ssl.conf manually (there are a few examples out there) - would that solve the issue of the 443 entry and does the name have to be that? Also, is that SSLRandomSeed necessary?


1 Like

When using certonly, certbot won't do anything else - just obtain a cert.
You will have to address the other two concerns yourself.

That is expected.

I'm not sure I understand what is meant by "your name" and "the name"...
But a server block that listens on 443 with SSL on and uses the cert is required for HTTPS to "work".
That said, it can be in its' own file or included within the https-vhosts.conf file.
[they both get included into the running config]

It is likely a non-issue, but I would leave it as is.


Thank you - I have in the interim kind of figured that was going to be your answer. I am going to try one more thing and that I can define the paths for the apache for the options. That would be ideal.
If that doesn't work I will try work it out for myself.

Thank you!

1 Like

I wanted to let you know I got it working. Thank you so much for your wonderful assistance!


1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.