Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
On AWS EC2 instance, I’m running a custom web server that’s listening on port 443.
I’m trying to renew certificates for subdomains of fbpinningtest.com.
With certbot 1.4.0, I ran this command
sudo certbot renew --preferred-challenges=http-01 --dry-run
It produced this output:
[...] Cert not due for renewal, but simulating renewal for dry run Plugins selected: Authenticator apache, Installer apache Renewing an existing certificate Performing the following challenges: http-01 challenge for pass05.fbpinningtest.com Error while running apachectl graceful. httpd not running, trying to start (98)Address already in use: AH00072: make_sock: could not bind to address [::]:443 (98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:443 no listening sockets available, shutting down AH00015: Unable to open logs [...]
I was hoping that certbot would start httpd listening only on port 80 to perform its verification. Right now, I have to stop my custom web server, run certbot which starts an httpd instance listening on port 443, then stop it again, and restart my server. That’s annoying. Is there a way to verify on port 80 without having httpd listen on 443 at any time?
I can login to a root shell on my machine.