Cannot renew my certificate

aungsithu · June 18, 2019, 12:11am

Hi Morning, Please help me. when i run this command "sudo certbot --authenticator standalone --installer nginx -d straatosphere.com --pre-hook “service nginx stop” --post-hook “service nginx start”

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator standalone, Installer nginx

Cert is due for renewal, auto-renewing…

Running pre-hook command: service nginx stop

Renewing an existing certificate

Performing the following challenges:

http-01 challenge for straatosphere.com

Cleaning up challenges

Running post-hook command: service nginx start

Hook command “service nginx start” returned error code 1

Error output from service:

Job for nginx.service failed because the control process exited with error code. See “systemctl status nginx.service” and “journalctl -xe” for details.

Problem binding to port 80: Could not bind to IPv4 or IPv6.

Thanks.

JuergenAuer · June 18, 2019, 7:08am

Hi @aungsithu

you have already created 3 certificates in the last days ( https://check-your-website.server-daten.de/?q=straatosphere.com#ct-logs ):

CertSpotter-Id	Issuer	not before	not after	Domain names	LE-Duplicate
972628475	CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US	2019-06-18 02:30:20	2019-09-16 02:30:20	cdn.straatosphere.com, cdn2.straatosphere.com, cdn3.straatosphere.com, cdn4.straatosphere.com, straatosphere.com, www.straatosphere.com - 6 entries	duplicate nr. 1
972399639	CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US	2019-06-17 23:33:46	2019-09-15 23:33:46	straatosphere.com - 1 entries	duplicate nr. 1
968562402	CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, C=US, ST=TX	2019-06-15 00:00:00	2019-09-13 23:59:59	mail.straatosphere.com, webmail.straatosphere.com - 2 entries

And you have a lot of older certificates, started 2017-04-10.

Looks like it is the first time you don't use tls-sni-01 validation. So switch to another validation method, not --standalone. So, the pre- and the post-hook are not longer required.

Start with

sudo certbot --nginx straatosphere.com -d www.straatosphere.com

You have a new certificate

CN=straatosphere.com
	18.06.2019
	16.09.2019
expires in 90 days	straatosphere.com - 1 entry

but that has only one domain name, so your www-version is insecure

aungsithu · June 18, 2019, 7:20am

@JuergenAuer, Thanks for replying.

I will try to fix this problem.

Thanks.

system · July 18, 2019, 7:20am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.