Certbot auto renew making server go OFFLINE

rafaelfiori · July 10, 2018, 11:19am

Hello everyone,
My Webserver goes offline EVERYDAY 2 times at day at the pratically the same time!

I Tried to track logs, processes, memory, traffic, and i cant find where the problem relies on!

The error.log shows only this entries
2018/07/07 12:01:59 [notice] 13995#13995: signal process started
2018/07/07 12:01:59 [error] 13995#13995: invalid PID number “” in “/run/nginx.pid”
2018/07/07 12:02:05 [notice] 14016#14016: signal process started
2018/07/07 12:02:12 [notice] 14026#14026: signal process started
2018/07/07 12:02:19 [notice] 14031#14031: signal process started
2018/07/07 12:02:20 [emerg] 14063#14063: bind() to 0.0.0.0:80 failed (98: Address already in use)
2018/07/07 12:02:20 [emerg] 14063#14063: bind() to 0.0.0.0:443 failed (98: Address already in use)
2018/07/07 12:02:20 [emerg] 14063#14063: bind() to [::]:80 failed (98: Address already in use)
2018/07/07 12:02:20 [emerg] 14063#14063: bind() to [::]:443 failed (98: Address already in use)
2018/07/07 12:02:20 [emerg] 14063#14063: bind() to 0.0.0.0:80 failed (98: Address already in use)
2018/07/07 12:02:20 [emerg] 14063#14063: bind() to 0.0.0.0:443 failed (98: Address already in use)
2018/07/07 12:02:20 [emerg] 14063#14063: bind() to [::]:80 failed (98: Address already in use)
2018/07/07 12:02:20 [emerg] 14063#14063: bind() to [::]:443 failed (98: Address already in use)
2018/07/07 12:02:20 [emerg] 14063#14063: still could not bind()
2018/07/07 12:02:23 [alert] 13997#13997: unlink() “/run/nginx.pid” failed (2: No such file or directory)

Im preety sure that certbot is trying to renew the server and somehow is blocking port80 then the server goes offline and i need to root-in and restart nginx

I Already commented the content from /etc/cron.d/certbot but the script is still running somehow…

Theres a way to bypass this error? how can i deffinitly stop the auto renewing thing

Thank You, i really dont know more what to do

Debian 9
nginx/1.10.3
certbot 0.10.2
Virmach
can root

_az · July 10, 2018, 11:47am

Sounds a lot like you setup renewal with standalone mode and hooks to restart nginx, which doesn't work so well.

You can check this by checking the renewal parameters files in /etc/letsencrypt/renewal/*.conf .

That probably explains why it's setup the way it is. Due to the TLS-SNI issue that happened a while back, your present setup may have been a workaround.

My suggestion for you is to perform two tasks:

1. Upgrade your Certbot to a reasonable version. 0.10.2 is too old. Follow these instructions: https://certbot.eff.org/lets-encrypt/debianstretch-nginx

2. Once you've done that, get Certbot working with a proper renewal setup that won't cause nginx to die. One way to do this would be to perform renewals using the nginx authenticator instead of whatever you have now:

certbot renew --nginx --pre-hook "" --post-hook "" --preferred-challenges http

(The context to your crashing issue can be found at Certbot starts nginx after renew and bypasses systemd · Issue #5486 · certbot/certbot · GitHub , but you don't have to read through it, just try the above).

rafaelfiori · July 12, 2018, 1:09pm

Thank You very much
I just updated the version and moved the renew folder, now the server is not going offline anymore.

Now i’ll gonna try to fix the renew parameters

system · August 11, 2018, 1:18pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.