certbot.errors.MisconfigurationError: nginx restart failed

Hi, I am new to these things and I got this as work to do - install virtual servers on apache machine in proxmox. Found out I need certbot to be able to install LetsEncrypt. This is the step where I cannot do anything else. If you want to ask for more details, please bear with me. Thank you.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: beeinside.com

I ran this command: sudo certbot --nginx and sudo certbot --nginx -d is.beeinside.com -d isnew.beeinside.com -d support.beeinside.com -v

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): www.is.beeinside.com, www.isnew.beeinside.com, www.support.beeinside.com
Requesting a certificate for www.is.beeinside.com and 2 more domains
Encountered exception during recovery: certbot.errors.MisconfigurationError: nginx restart failed:
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] still could not bind()
nginx restart failed:
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] still could not bind()

Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

If I do that var log, it shows this output:

nano /var/log/letsencrypt/letsencrypt.log
GNU nano 5.4 /var/log/letsencrypt/letsencrypt.log
cert, chain, key, _ = self.obtain_certificate(domains)
File "/snap/certbot/1788/lib/python3.8/site-packages/certbot/_internal/client.py", line 441, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/snap/certbot/1788/lib/python3.8/site-packages/certbot/_internal/client.py", line 493, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
File "/snap/certbot/1788/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 86, in handle_authorizations
resps = self.auth.perform(achalls)
File "/snap/certbot/1788/lib/python3.8/site-packages/certbot_nginx/_internal/configurator.py", line 1207, in perform
self.restart()
File "/snap/certbot/1788/lib/python3.8/site-packages/certbot_nginx/_internal/configurator.py", line 990, in restart
nginx_restart(self.conf('ctl'), self.nginx_conf, self.conf('sleep-seconds'))
File "/snap/certbot/1788/lib/python3.8/site-packages/certbot_nginx/_internal/configurator.py", line 1282, in nginx_restart
raise errors.MisconfigurationError(
certbot.errors.MisconfigurationError: nginx restart failed:
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] still could not bind()

2022-02-23 16:06:06,867:ERROR:certbot._internal.log:nginx restart failed:
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] still could not bind()

My web server is (include version):

The operating system my web server runs on is (include version): debian 11.2.0

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): na

What's the output of
sudo ss -tlpn | grep ':80 '
?

1 Like

LISTEN 0 511 *:80 : users:(("apache2",pid=22429,fd=4),("apache2",pid=22428,fd=4),("apache2",pid=19270,fd=4))

sudo killall nginx
nginx: no process found
root@beeinside:~# sudo systemctl start nginx
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xe" for details.

Yeah, sorry, I posted too soon and deleted too late apparently.

I see now you have an Apache / nginx conflict. I was going in a different direction

3 Likes

I'm interested to hear why there are 2 webservers installed on the same host. Is that deliberate? Are both required for a certain function?

3 Likes

You have apache runnning and listening on port 80.

Apache and nginx can cooperate, but every such situation is custom (different ports, or one reverse proxies the other) and you should tell us what you're trying to achieve.

2 Likes

@Osiris Well, let's say I had no idea I did that and it is there lol. So, if there is only one, it should work, right?

@9peppe Ok, so the work I should do and learn is to install Debian and Apache into it. And then to install 3 virtual servers there. Which I guess I did, but then obtaining certificate for them through LetsEncrypt/certbot brings me here.

My advice is to first get your webserver(s?) up and running properly and only then continue with getting certificates.

3 Likes

@Osiris That's what I did - set up virtual servers and then moved to this. It looks they work, but nobody around here was able to check on my pc. So I cannot say. All this is new to me.

Well, without knowing your exact setup it's VERY hard to give concrete advice. For example, your site returns "nginx" as the webserver, whereas your posts here say there's an Apache webserver running.

So something doesn't add up. My previous advice still stands: please get a firm grasp on what's going on with your webservers: which webserver does what, have all that figured out and then come back and explain your entire setup here, so we can give some targeted advice.

Also, your website already seems to be configured properly for HTTPS with a Let's Encrypt certificate? So I'm reeaaaaaaaaaaally puzzled now what you're exactly trying to do here..

3 Likes

What set up? I got debian in proxmox, installed php, apache2 and now trying to get certificates for virtual website I did create (3 of them as you can see).
The goal is to create 3 virtual servers in apache (been told this, so I am trying, hence don’t get why apache and nginx is an issue).

I Don’t get why all domains would have cert as I just tried to do it and it always came back with error. If it does, how do I check that?

Sorry for my poor knowledge or explanation.

EDIT:
I noticed I have 3 disabled virtual servers. When I list enabled ones, then those from here are shown. Not sure why it would conflict anywhere. Is it good idea to delete them? Or it is fine when they are disabled?

root@beeinside:~# ls /etc/apache2/sites-enabled
is.beeinside.com.conf isnew.beeinside.com.conf support.beeinside.com.conf
root@beeinside:~# ls /etc/apache2/sites-disabled
ls: cannot access '/etc/apache2/sites-disabled': No such file or directory
root@beeinside:~# cd /etc/apache2/sites-available/
root@beeinside:/etc/apache2/sites-available# ls -a
. isnew.beeinside.com.conf testserver3.com.conf
.. 'sudo apt-get purge apache2' webserver1.com.conf
000-default.conf support.beeinside.com.conf webserver2.com.conf
default-ssl.conf testserver1.com.conf webserver3.com.conf
is.beeinside.com.conf testserver2.com
is.beeinside.com.conf.save testserver2.com.conf
root@beeinside:/etc/apache2/sites-available#

It looks like you did this.

I read ahead and it looks like you want three virtualhosts. Where does nginx come into play? Why is there nginx installed at all?

Because they're fighting for control over port 80. Whoever gets is first has it, and the second can't start.

2 Likes

Reason being is that I found step by step website how to do the tasks I needed and they mentioned nginx. So if there is other way or better website, please tell me or show me how to do the certificates through LetsEncrypt. Thank you. That is my goal now. I deleted all disabled virtual hosts, so only those I want are there.

Of course. If you don't need/want nginx there is no reason on earth to install nginx.

If the only reason you installed nginx is that tutorial, you can remove nginx without issue.

So, let's rewind. You want a Debian server running Apache2 and serving three VirtualHosts.

It looks like you already have a Debian server, and your Apache will probably run fine once nginx goes away.

To add three virtualhosts, you just need to have three <VirtualHost *:80> blocks in your config (the canonical directory for them being each in a file by themselves in /etc/apache2/sites-available/mywebsitename.conf which you then enable with the a2ensite mywebsitename command.

Those files will contain information on

  1. which domain name the website is served under
  2. what directory (which files) is served for that virtualhost.
  3. what certificate is used for that virtualhost (once certbot --apache creates the <VirtualHost *:443> section that accompanies the 80 one)

If you have more questions, ask them.

1 Like

ok, thanks, going to remove nginx.
All other you mentioned I already did. So it should be there.

1 Like

Ok, so... does it work?

1 Like

Well, I still see some errors while removing nginx. Not sure what that means or if it is removed. As while checking the status, it shows same fail.

See:

root@beeinside:~# sudo apt purge nginx
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Package 'nginx' is not installed, so not removed
The following packages were automatically installed and are no longer required:
analog geoip-database libgeoip1 libnginx-mod-http-auth-pam libnginx-mod-http-dav-ext libnginx-mod-http-echo
libnginx-mod-http-geoip libnginx-mod-http-image-filter libnginx-mod-http-subs-filter
libnginx-mod-http-upstream-fair libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-stream
nginx-common nginx-full
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Setting up nginx-full (1.10.3-1+deb9u4) ...
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xe" for details.
invoke-rc.d: initscript nginx, action "start" failed.
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Thu 2022-02-24 09:32:43 GMT; 28ms ago
Docs: man:nginx(8)
Process: 31359 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 31360 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=1/FAILURE)
CPU: 30ms

Feb 24 09:32:41 beeinside nginx[31360]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Feb 24 09:32:41 beeinside nginx[31360]: nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
Feb 24 09:32:42 beeinside nginx[31360]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Feb 24 09:32:42 beeinside nginx[31360]: nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
Feb 24 09:32:42 beeinside nginx[31360]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Feb 24 09:32:42 beeinside nginx[31360]: nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
Feb 24 09:32:43 beeinside nginx[31360]: nginx: [emerg] still could not bind()
Feb 24 09:32:43 beeinside systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
Feb 24 09:32:43 beeinside systemd[1]: nginx.service: Failed with result 'exit-code'.
Feb 24 09:32:43 beeinside systemd[1]: Failed to start A high performance web server and a reverse proxy server.
dpkg: error processing package nginx-full (--configure):
installed nginx-full package post-installation script subprocess returned error exit status 1
Errors were encountered while processing:
nginx-full
E: Sub-process /usr/bin/dpkg returned an error code (1)
root@beeinside:~#

But it says not installed, so it should be fine then...? Now back to the virtual hosts, I need to do Letsencrypt on them to get https/certificate. any good website for this or could you help here if you know? Thanks

1 Like

It wants to bind port 80 to be removed? That's strange.

sudo systemctl stop apache2 ; sudo apt remove --autoremove nginx ; sudo apt purge nginx ; sudo systemctl start apache2

2 Likes

Yeah, question is why that bonding. Somewhere I did mistake or something? Here is the output:

root@beeinside:~# sudo systemctl stop apache2 ; sudo apt remove --autoremove nginx ; sudo apt purge nginx ; sudo systemctl start apache2

Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Package 'nginx' is not installed, so not removed
The following packages will be REMOVED:
analog geoip-database libgeoip1 libnginx-mod-http-auth-pam libnginx-mod-http-dav-ext libnginx-mod-http-echo
libnginx-mod-http-geoip libnginx-mod-http-image-filter libnginx-mod-http-subs-filter
libnginx-mod-http-upstream-fair libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-stream
nginx-common nginx-full
0 upgraded, 0 newly installed, 15 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 13.7 MB disk space will be freed.
Do you want to continue? [Y/n] y
(Reading database ... 64302 files and directories currently installed.)
Removing nginx-full (1.10.3-1+deb9u4) ...
Removing analog (2:6.0-22+b1) ...
Removing geoip-database (20170512-1) ...
Removing libnginx-mod-http-geoip (1.10.3-1+deb9u4) ...
Removing libgeoip1:amd64 (1.6.9-4) ...
Removing libnginx-mod-http-auth-pam (1.10.3-1+deb9u4) ...
Removing libnginx-mod-http-dav-ext (1.10.3-1+deb9u4) ...
Removing libnginx-mod-http-echo (1.10.3-1+deb9u4) ...
Removing libnginx-mod-http-image-filter (1.10.3-1+deb9u4) ...
Removing libnginx-mod-http-subs-filter (1.10.3-1+deb9u4) ...
Removing libnginx-mod-http-upstream-fair (1.10.3-1+deb9u4) ...
Removing libnginx-mod-http-xslt-filter (1.10.3-1+deb9u4) ...
Removing libnginx-mod-mail (1.10.3-1+deb9u4) ...
Removing libnginx-mod-stream (1.10.3-1+deb9u4) ...
Removing nginx-common (1.10.3-1+deb9u4) ...
Processing triggers for man-db (2.9.4-2) ...
Processing triggers for libc-bin (2.31-13+deb11u2) ...
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Package 'nginx' is not installed, so not removed
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.