Cert renew script with stop apache pre hook : port 443 already open


My domain is: jpdn.net

I ran this command (via CRON) in order to auto. to check and renew a specific certificate :

#check and renew certbot cer for mail.xxxx.net
certbot certonly --standalone -n -d mail.xxx.net --pre-hook "service apache2 stop" --pre-hook "service postfix stop" --post-hook "service apache2 start" --post-hook "service postfix start" --post-hook "service dovecot restart"
mail -s "[Server] CERTBOT update for mail.xxxx.net" xxxx@xxxx.net  < /var/log/letsencrypt/letsencrypt.log
exit 0

sh certbot-renew-mail.sh
produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Cert is due for renewal, auto-renewing…
Running pre-hook command: service postfix stop
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for mail.xxxx.net

The program apache2 (process ID 31832) is already listening on TCP port 443. <----------------------
This will prevent us from binding to that port. Please stop the apache2 program
temporarily and then try again.


pre-hook "service apache2 stop" 

is in the script

But when I type directly

service apache2 stop
sh certbot-renew-mail.sh
service apache2 start

All works fine !

Then I’m think about multiple pre hooks :

–pre-hook “service apache2 stop” --pre-hook “service postfix stop"
There is no message for running the pre hook " apache2 stop” (only for postfix)

Is there something wrong on pre hooks comands ?
Should I use another port ?

Any idea ?

I believe that providing an option (like --pre-hook) multiple times will result in all but the last one being ignored. So in your case only the Postfix hook would run, not the Apache one. You can combine them into a single pre-hook using a ;.

Thank you very much for your reply !

Like this ?

certbot certonly --standalone -n -d mail.xxx.net --pre-hook "service apache2 stop ; service postfix stop" --post-hook "service apache2 start ; service postfix start ; service dovecot restart"

Yep, that is right. Thanks!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.