Can't restart NGINX

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
let you know at last resort.
I ran this command:
certbot renew --pre-hook "service nginx stop" --post-hook "service nginx start"

It produced this output like this:

`Attempting to renew cert (example.com) from /etc/letsencrypt/renewal/example.com.conf produced an unexpected error: Failed authorization procedure. test.example.com (http-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for test.example.com - check that a DNS record exists for this domain, xyz.example.com (http-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for xyz.example.com - check that a DNS record exists for this domain. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/example.com-0001/fullchain.pem (failure)
  /etc/letsencrypt/live/example.com-0002/fullchain.pem (failure)
  /etc/letsencrypt/live/example.com-0003/fullchain.pem (failure)
  /etc/letsencrypt/live/example.com-0004/fullchain.pem (failure)
  /etc/letsencrypt/live/example.com/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/example.com-0001/fullchain.pem (failure)
  /etc/letsencrypt/live/example.com-0002/fullchain.pem (failure)
  /etc/letsencrypt/live/example.com-0003/fullchain.pem (failure)
  /etc/letsencrypt/live/example.com-0004/fullchain.pem (failure)
  /etc/letsencrypt/live/example.com/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Running post-hook command: service nginx start
Hook command "service nginx start" returned error code 1
Error output from service:
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xe" for details.`

I can understand the error of subdomain xyz not being able to recertify because I do have some certificates that don’t match to a domain because I removed some subdomain from the DNS.

So then I decided to do something like this certbot -i nginx -d example.com -d www.example.com.com certonly and it showed signs of success because now the expiration is in the future. Before that, all the certs were expired.

Now I’m trying to restart by doing sudo systemctl start nginx to make the changes be in effect.

and I get the error:

Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.

Then I do systemctl status nginx.service I get this error.

nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2020-06-10 04:31:28 UTC; 1min 21s ago
Docs: man:nginx(8)
Process: 26801 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, status=0/SUCCESS)
Process: 28090 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=1/FAILURE)
Process: 28079 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Main PID: 17020 (code=exited, status=0/SUCCESS)

Jun 10 04:31:27 ubuntu-s-1vcpu-1gb-nyc3-01 nginx[28090]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Jun 10 04:31:27 ubuntu-s-1vcpu-1gb-nyc3-01 nginx[28090]: nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
Jun 10 04:31:27 ubuntu-s-1vcpu-1gb-nyc3-01 nginx[28090]: nginx: [emerg] bind() to [::]:443 failed (98: Address already in use)
Jun 10 04:31:27 ubuntu-s-1vcpu-1gb-nyc3-01 nginx[28090]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
Jun 10 04:31:27 ubuntu-s-1vcpu-1gb-nyc3-01 nginx[28090]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Jun 10 04:31:27 ubuntu-s-1vcpu-1gb-nyc3-01 nginx[28090]: nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
Jun 10 04:31:28 ubuntu-s-1vcpu-1gb-nyc3-01 nginx[28090]: nginx: [emerg] still could not bind()
Jun 10 04:31:28 ubuntu-s-1vcpu-1gb-nyc3-01 systemd[1]: nginx.service: Control process exited, code=exited status=1
Jun 10 04:31:28 ubuntu-s-1vcpu-1gb-nyc3-01 systemd[1]: nginx.service: Failed with result ‘exit-code’.
Jun 10 04:31:28 ubuntu-s-1vcpu-1gb-nyc3-01 systemd[1]: Failed to start A high performance web server and a reverse proxy server.
root@ubuntu-s-1vcpu-1gb-nyc3-01:/etc/nginx# systemctl status nginx.service


I’m doing research and it says that it has something to do with the config files. It’s weird because I didn’t touch the config files so I’m guessing the renew command did.

This is complicated for me.I’m not a server expert all I know is that my app listens to port 8090 when I code and it has nextjs node and PM2. I set up reverse proxy stuff a while ago don’t really want to go through all that learning experience again

I feel like it shouldn’t have been messed up with the renew command. I guess I just want to restart the server to see if cert for the main https site is up.
Why would I have to touch the config files all of a sudden?

My web server is (include version):
NGINX , nodejs , next.js and PM2

The operating system my web server runs on is (include version):
I think I use linux.
My hosting provider, if applicable, is:
Digital Ocean
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.31.0

1 Like

Please show the output of:
sudo netstat -pant | grep -E '80|443' | grep -i listen

1 Like

And then I have one question:
Why are you stopping nginx to get a cert?

1 Like
root@ubuntu-s-1vcpu-1gb-nyc3-01:/etc/nginx# sudo netstat -pant | grep -E '80|443' | grep -i listen
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      26817/nginx: master
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      26817/nginx: master
tcp6       0      0 :::443                  :::*                    LISTEN      26817/nginx: master
tcp6       0      0 :::80                   :::*                    LISTEN      26817/nginx: master

I had no intention on stoping NGINX. I just wanted to do the renew command to renew all certs, but it faild. I noticed in the command that it said “service nginx start” . So that is why I had the Idea to restart after the success with the single domain .

But the command used:

I think what you want is:
--deploy-hook "service nginx reload"

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.