Cannot bind to port 80

patbell101 · May 25, 2018, 11:14am

My domain is: bell-computing.com / gourmetbritain-competition.com
I have two serverpilot apps ie seperate wordpress installs using seperate paths like this
/srv/users/serverpilot/apps/gourmetbritain/public
/srv/users/serverpilot/apps/wordpress/public
I already have a cert for bell-computing and was in the process of creatig a new one for gourmet…

I ran this command:
sudo service nginx-sp stop
sudo ./letsencrypt-auto certonly --standalone -d gourmetbritain-competition.com -d www.gourmetbritain-competition.com
sudo service nginx-sp start
then
sudo -H ./letsencrypt-auto renew --dry-run

It produced this output:
Attempting to renew cert (gourmetbritain-competition.com) from /etc/letsencrypt/renewal/gourmetbritain-competition.com.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6… Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/bell-computing.com/fullchain.pem (failure)
/etc/letsencrypt/live/gourmetbritain-competition.com/fullchain.pem (failure)

My web server is (include version):
apache/nginx

The operating system my web server runs on is (include version):
ubuntu 16.04.4

My hosting provider, if applicable, is:
serverpilot on a digitalocean droplet

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

_az · May 25, 2018, 11:20am

I would not expect your commands to succeed.

You stop nginx
You ask Certbot to issue certificates via --standalone. So far, so good.
You start nginx.
You ask Certbot to perform renewal.

Step 4 fails because it will use --standalone to perform the renewal (matching the settings you used to issue the certificate initially in Step 2.). However, standalone can’t succeed because nginx is occupying port 80 (due to Step 3).

If you want this to succeed, you need to include the stopping and starting of nginx in the Certbot command you use.

For instance,

./letsencrypt-auto certonly --standalone \
-d example.org -d www.example.org \
--pre-hook "service nginx-sp stop" \
--post-hook "service nginx-sp start"

(or to later update the settings once you already have a certificate):

./letsencrypt-auto renew --dry-run \
--pre-hook "service nginx-sp stop" \
--post-hook "service nginx-sp start"

_az · May 25, 2018, 11:44am

Also, something that may help, you can still use Certbot’s nginx plugin (and avoid --standalone), even with the way ServerPilot customizes the installation.

You can achieve this by passing some extra parameters to ./letsencrypt-auto --nginx:

  --nginx-server-root NGINX_SERVER_ROOT
                        Nginx server root directory. (default: /etc/nginx)
  --nginx-ctl NGINX_CTL
                        Path to the 'nginx' binary, used for 'configtest' and
                        retrieving nginx version number. (default: nginx)

patbell101 · May 25, 2018, 12:05pm

My bad. So I issued the command you suggested and it allowed me to find that I had a dns error on one of my records *.domain instead of just domain. Different registras tabulat the records differently. Thanks for your guidance. It works now with an SSL Server labs A rating

system · June 24, 2018, 12:05pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.