Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
let you know at last resort.
I ran this command:
certbot renew --pre-hook "service nginx stop" --post-hook "service nginx start"
It produced this output like this:
`Attempting to renew cert (example.com) from /etc/letsencrypt/renewal/example.com.conf produced an unexpected error: Failed authorization procedure. test.example.com (http-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for test.example.com - check that a DNS record exists for this domain, xyz.example.com (http-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for xyz.example.com - check that a DNS record exists for this domain. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/example.com-0001/fullchain.pem (failure)
/etc/letsencrypt/live/example.com-0002/fullchain.pem (failure)
/etc/letsencrypt/live/example.com-0003/fullchain.pem (failure)
/etc/letsencrypt/live/example.com-0004/fullchain.pem (failure)
/etc/letsencrypt/live/example.com/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/example.com-0001/fullchain.pem (failure)
/etc/letsencrypt/live/example.com-0002/fullchain.pem (failure)
/etc/letsencrypt/live/example.com-0003/fullchain.pem (failure)
/etc/letsencrypt/live/example.com-0004/fullchain.pem (failure)
/etc/letsencrypt/live/example.com/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Running post-hook command: service nginx start
Hook command "service nginx start" returned error code 1
Error output from service:
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xe" for details.`
I can understand the error of subdomain xyz not being able to recertify because I do have some certificates that donāt match to a domain because I removed some subdomain from the DNS.
So then I decided to do something like this certbot -i nginx -d example.com -d www.example.com.com certonly and it showed signs of success because now the expiration is in the future. Before that, all the certs were expired.
Now Iām trying to restart by doing sudo systemctl start nginx to make the changes be in effect.
and I get the error:
Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.
Then I do systemctl status nginx.service I get this error.
nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2020-06-10 04:31:28 UTC; 1min 21s ago
Docs: man:nginx(8)
Process: 26801 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, status=0/SUCCESS)
Process: 28090 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=1/FAILURE)
Process: 28079 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Main PID: 17020 (code=exited, status=0/SUCCESS)
Jun 10 04:31:27 ubuntu-s-1vcpu-1gb-nyc3-01 nginx[28090]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Jun 10 04:31:27 ubuntu-s-1vcpu-1gb-nyc3-01 nginx[28090]: nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
Jun 10 04:31:27 ubuntu-s-1vcpu-1gb-nyc3-01 nginx[28090]: nginx: [emerg] bind() to [::]:443 failed (98: Address already in use)
Jun 10 04:31:27 ubuntu-s-1vcpu-1gb-nyc3-01 nginx[28090]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
Jun 10 04:31:27 ubuntu-s-1vcpu-1gb-nyc3-01 nginx[28090]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Jun 10 04:31:27 ubuntu-s-1vcpu-1gb-nyc3-01 nginx[28090]: nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
Jun 10 04:31:28 ubuntu-s-1vcpu-1gb-nyc3-01 nginx[28090]: nginx: [emerg] still could not bind()
Jun 10 04:31:28 ubuntu-s-1vcpu-1gb-nyc3-01 systemd[1]: nginx.service: Control process exited, code=exited status=1
Jun 10 04:31:28 ubuntu-s-1vcpu-1gb-nyc3-01 systemd[1]: nginx.service: Failed with result āexit-codeā.
Jun 10 04:31:28 ubuntu-s-1vcpu-1gb-nyc3-01 systemd[1]: Failed to start A high performance web server and a reverse proxy server.
root@ubuntu-s-1vcpu-1gb-nyc3-01:/etc/nginx# systemctl status nginx.service
Iām doing research and it says that it has something to do with the config files. Itās weird because I didnāt touch the config files so Iām guessing the renew command did.
This is complicated for me.Iām not a server expert all I know is that my app listens to port 8090 when I code and it has nextjs node and PM2. I set up reverse proxy stuff a while ago donāt really want to go through all that learning experience again
I feel like it shouldnāt have been messed up with the renew command. I guess I just want to restart the server to see if cert for the main https site is up.
Why would I have to touch the config files all of a sudden?
My web server is (include version):
NGINX , nodejs , next.js and PM2
The operating system my web server runs on is (include version):
I think I use linux.
My hosting provider, if applicable, is:
Digital Ocean
I can login to a root shell on my machine (yes or no, or I donāt know):
Yes
Iām using a control panel to manage my site (no, or provide the name and version of the control panel):
NO
The version of my client is (e.g. output of certbot --version or certbot-auto --version if youāre using Certbot):
certbot 0.31.0