Cannot renew certificate: tcp port 80 is already used by (("nginx",pid=

My domain is: erdwerk-bioladen.de

I ran this command: acme.sh --renew -d cloud.erdwerk-bioladen.de

It produced this output:

[Tue 06 Feb 2024 07:02:07 PM CET] Renew: 'cloud.erdwerk-bioladen.de'
[Tue 06 Feb 2024 07:02:07 PM CET] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Tue 06 Feb 2024 07:02:07 PM CET] Standalone mode.
[Tue 06 Feb 2024 07:02:07 PM CET] LISTEN    0         128                0.0.0.0:80               0.0.0.0:*        users:(("nginx",pid=25772,fd=8),("nginx",pid=25771,fd=8),("nginx",pid=733,fd=8))
LISTEN    0         128                   [::]:80                  [::]:*        users:(("nginx",pid=25772,fd=9),("nginx",pid=25771,fd=9),("nginx",pid=733,fd=9))
[Tue 06 Feb 2024 07:02:07 PM CET] tcp port 80 is already used by (("nginx",pid=25772,fd=8),("nginx",pid=25771,fd=8),("nginx",pid=733,fd=8))
80                  [
[Tue 06 Feb 2024 07:02:07 PM CET] Please stop it first
[Tue 06 Feb 2024 07:02:07 PM CET] _on_before_issue.

My web server is (include version): nginx/1.14.2

The operating system my web server runs on is (include version): "Debian GNU/Linux 10

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): /acme.sh v2.8.8

I have two certificates on that server one for cloud.erdwerk-bioladen.de and another for mail.erdwerk-bioladen.de with the SAN domains imap.erdwerk-bioladen.de and smtp.erdwerk-bioladen.de.

acme.sh --list gives me:

Main_Domain                KeyLength  SAN_Domains                                        CA               Created                          Renew
cloud.erdwerk-bioladen.de    ""         no                                                 LetsEncrypt.org  Sat 19 Nov 2022 09:30:22 AM UTC  Wed 18 Jan 2023 09:30:22 AM UTC
mail.erdwerk-bioladen.de   ""         imap.erdwerk-bioladen.de,smtp.erdwerk-bioladen.de  LetsEncrypt.org  Tue 06 Feb 2024 06:01:13 PM UTC  Sat 06 Apr 2024 06:01:13 PM UTC

I am pretty sure this setup worked in the past. But since Januray 2023 the certificate for cloud.erdwerk-bioladen.de won't renew while it works fine for mail.erdwerk-bioladen.de.

Am I doing anything wrong?

Hello @chris492, welcome to the Let's Encrypt community. :slightly_smiling_face:

More acme.sh support is here Issues · acmesh-official/acme.sh · GitHub

2 Likes

Or we could ping @Neilpang for a leg up!

2 Likes

Why are you using standalone mode instead of webroot mode? Did you add (or reconfigure) nginx recently?

4 Likes

Webroot would be good.

3 Likes

Thanks for Ping me.

@chris492 you first issued the cert with standalone mode, which used your 80 port. and later you started your nginx server, which is listening on 80 port now. So, when you renew your cert, it tries to use the 80 port, but it's used by nginx already.

please issue the cert again with webroot mode.

5 Likes

Hi Neilpang, thanks for your advice.

It works with using acme.sh --issue -d cloud.erdwerk-bioladen.de -w /var/www/nextcloud/. Let's see if the certificate will be renewed after two month.

I tried with acme.sh --issue --nginx -d cloud.erdwerk-bioladen.de -w /var/www/nextcloud/
but got the error
cloud.erdwerk-bioladen.de:Verify error:93.104.208.86: Invalid response from https://cloud.erdwerk-bioladen.de/.well-known/acme-challenge/MQrnPaHXmSiYp2GIC6vywpcA5uXagHR0Pvfgf1bPoWU: 404

Just to clarify what has been installed on that server:

  • I first used it just as a mail server. But I installed Nginx right from the beginning for the certificate and Rspamd. I issued the certificate for mail.erdwerk-bioladen.de with the SAN domains imap.erdwerk-bioladen.de and smtp.erdwerk-bioladen.de.
  • Later I added a Nextcloud server. I issued a second certificate again using the Nginx mode. That worked fine at least one time as I gto a certifica. But that certificate was not renewed.
1 Like