Certbot - a duplicate listen 0.0.0.0:443 in

Hi,
I bumped into this problem with Certbot, using certbot -d domain.com --nginx, using latest Alpine Linux:

nginx: [emerg] a duplicate listen 0.0.0.0:443 in /etc/nginx/http.d/config.conf

I found one topic here and saw no answer with solution, so I'd like to post one;

The problem was with Certbot. It didn't like that I had included listen 443; already in the server block.

So when Certbot adds one to the block, then Nginx gets it twice.

So before running Certbot, remove all listen 443; lines.

Feature request would be:
Detect if in config file is some listen 443; and then replace it, not append.

You should include the version of certbot used and the command string ran.

3 Likes

Which version of Certbot and the certbot-nginx plugin are we talking about?

3 Likes

What version of nginx [uses that path] ?

Google says:
image

3 Likes

Also, please share the sudo nginx -T output before and after Certbot did its thing. I'm not that familiair with Certbot and nginx, but with Apache, Certbot adds a new virtualhost. It would make sense for Certbot to generate a new server block for HTTPS entirely with nginx too, but I'm not sure about that.

4 Likes

It's quite clever. It reads the server blocks already present, finds the appropriate one for the domain gave and appends SSL certs to the end of the block.

Sometimes it rewrites some configuration, that's annoying, but yes, it works.

certbot is v1.27.0 on Alpine Linux v3.16.3, Nginx is 1.22.1
sudo certbot -d jancsi.cz and sudo certbot install -d jancsi.cz then

You are using the HTTP-01 Challenge which requires Port 80
Best Practice - Keep Port 80 Open

Let's Debug is showing AAAANotWorking ERROR https://letsdebug.net/jancsi.cz/1354397; Port 80 needs to be open on IPv6 as well.

Also SSL Server Test: jancsi.cz (Powered by Qualys SSL Labs) "Unable to connect to the server" to the IPv6 Address.

However here is a list of issued certificates crt.sh | jancsi.cz, the latest one being 2023-01-29.

1 Like

There are also DNS ERRORs and WARNINGs jancsi.cz | DNSViz
Hardenize Report: jancsi.cz
https://zonemaster.net/en/result/3a955f319740656d

1 Like

A post was split to a new topic: Nginx: [emerg] a duplicate listen 0.0.0.0:443

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.