I have a cron job for renewing certificates on my server. I have many vhost on this server.
Here is the script : certbot renew --pre-hook "/etc/init.d/apache2 stop" --post-hook "/etc/init.d/apache2 start"
Here is the configuration example for all vhost :
“/etc/letsencrypt/renewal/www.mydomain.com.conf” :
When I run the renew job, first certificate is renewed without any issue, but other following up fails with this error :
2018-09-07 07:21:42,223:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 111, in _solve_challenges
resp = self.auth.perform(self.achalls)
File "/usr/lib/python2.7/dist-packages/certbot/plugins/standalone.py", line 234, in perform
self._verify_ports_are_available(achalls)
File "/usr/lib/python2.7/dist-packages/certbot/plugins/standalone.py", line 231, in _verify_ports_are_available
"At least one of the required ports is already taken.")
MisconfigurationError: At least one of the required ports is already taken.
Any idea on what is wrong here ?
This lead to crash my apache2 has it didn’t start apache2 after that.
yes the temporary webserver start correctly for the first domain to renew, but if there is a second domain to renew, maybe it tries to start a new webserver and the last webserver is still running… is this a bug ?
I don’t want to use webroot mode for now, will look at this setup later.
The apache installer reloads apache in order for the renewed certificate to be picked up, I guess maybe that's starting apache again before the second cert is renewed? Since you're already stopping and starting apache in your pre/post hooks you don't need the apache installer to restart it separately, so you could change it to installer = None
The webroot authenticator is probably a better choice, though, as you wouldn't have to fully stop apache at all, and you could still use the apache installer with it for new certificates.