"certbot-auto renew" errors with "Please stop the exe program temporarily and then try again."


#1

Hello,
I’m getting an error when I run certbot-auto renew, and am told to stop the exe program. I tried sudo service exe stop, but it didn’t work. I’m trying to figure out how to solve this. Full output of the error message is below.

My domain is:codebuddies.org

I ran this command:
certbot-auto renew
It produced this output:
Requesting root privileges to run certbot…
/home/cb-stage/.local/share/letsencrypt/bin/letsencrypt renew

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/codebuddies.org.conf
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
The program exe (process ID 7875) is already listening on TCP port 80. This will
prevent us from binding to that port. Please stop the exe program temporarily
and then try again. For automated renewal, you may want to use a script that
stops and starts your webserver. You can find an example at
https://letsencrypt.org/howitworks/#writing-your-own-renewal-script.
Alternatively you can use the webroot plugin to renew without needing to stop
and start your webserver.
-------------------------------------------------------------------------------
2016-09-26 03:03:58,502:WARNING:certbot.renewal:Attempting to renew cert from /etc/letsencrypt/renewal/codebuddies.org.conf produced an unexpected error: At least one of the (possibly) required ports is already taken.. Skipping.

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/codebuddies.org-0001.conf
-------------------------------------------------------------------------------

The following certs are not due for renewal yet:
  /etc/letsencrypt/live/codebuddies.org-0001/fullchain.pem (skipped)
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/codebuddies.org/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)

My operating system is (include version):
OSX 10.11.6
My web server is (include version):
53.0.2785.116
My hosting provider, if applicable, is:
DigitalOcean
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

(Note: the reason codebuddies.org-0001 above also exists is because I started following the instructions in https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-14-04 again, but I’m starting to think now that I didn’t have to re-issue a certificate; I just needed to run certbot-auto renew.)

Any help would be appreciated!

Thanks,
Linda


#2

UPDATE:
I remembered that I could ps aux and then sudo kill 7875 to stop the process.

And yay, the certificate renewed successfully!

However, on https://www.ssllabs.com/ssltest/analyze.html?d=codebuddies.org, the new certificate still isn’t recognized, and the site is still down.

Is it normal for there to be a couple hours’ delay when a certificate is renewed?


#3

No, you need to restart/reload the web server to make it pick up the new cert.


#4

Hmm. I restarted nginx, but it doesn’t seem to have accomplished anything.

$ sudo service nginx restart
 * Restarting nginx nginx             ```

#5

It has accomplished something. https://codebuddies.org/ is reachable, and shows it’s encrypted by a Let’s Encrypt certificate issued today - so that looks generally good.

The content doesn’t look right though - an nginx page, which I assume isnt what you intended and there is an issue with the nginx config as it’s pointing to the wrong directory for your site files ?


#6

Oh wait, it just reloaded and I see “Welcome to nginx!” now. Thanks all – yep, figuring out how to resolve this now.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.