Certbot auto renewal failed

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: stomp.textras.com

I ran this command: sudo certbot certonly --standalone

It produced this output: I don't recall, it was 3 months ago

My web server is (include version): cowboy v2.x (i haven't found the exact version of cowboy but I've confirmed that it's in the v2.x range)

The operating system my web server runs on is (include version): ubuntu 18.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.26.0

Auto-renewal is not working for me. I initially installed the cert using sudo certbot certonly --standalone and it worked, but after 3 months the cert expired without renewal. I'm using the cert for tls on a rabbitmq server running in a docker container, so I had to create a mount volume that allows the running server in the container to access the cert installed on the host system. Manually renewing the cert works, but when I do a dry-run to test renewal I get this:

Failed to renew certificate stomp.textras.com with error: Could not bind TCP port 80 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.

Of course the rabbitmq server is running and using port 80, and when I manually renewed I had to stop the docker service entirely to perform the renewal. How can I handle this? Is there a way to configure the autorenewal steps and modify the commands so it gracefully shuts down the docker service, performs the renewal, then restarts the service?

@CodeWithOz Welcome to the community

Yes, you can setup hooks or you could place the certbot command in your own script which does the needed pre and post actions.


Is that something that can be placed behind a proxy?

1 Like

As MikeMcQ wrote, you can use hook scripts. If you also already have a mount volume for the websites, you can use this as well and don't have to stop and restart the web server.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.