Certbot failed to restart apache


#1

Hello,

I’m running a webserver apache2 version 2.4.10-10+deb8u12
certbot 0.10.2-1~bpo8+1
OS Debian 8.11

the certificate was renewed without issue but the post script wasn’t able to restart apache server which cause a serious outage.

Logs show up the following :

2018-12-09 11:04:27,577:ERROR:certbot.hooks:Hook command “apachectl -k start” returned error code 1
2018-12-09 11:04:27,577:ERROR:certbot.hooks:Error output from apachectl:
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Generally when apache couldn’t bind, it is because certbot is still running someway.

Do you have any information about that kind of bug ?


#2

Hi @romgo

please share your renew configuration, located

/etc/letsencrypt/renewal

Perhaps you have used standalone with tls-sni-01 - validation. This validation is deprecated, support ends 2019-02-13.

If certbot switches to http validation, perhaps you must change your configuration.


#3

Hi,

Options used in the renewal process

[renewalparams]
authenticator = standalone
post_hook = apachectl -k start
account = *****
pre_hook = apachectl -k stop
installer = apache

Has the renew worked I guess config is right no ?


#4

I think that this type of configuration is known to be a problem.

I would suggest changing the authenticator to apache, and removing the hooks:

Then try a certbot renew --dry-run.


#5

If you use standalone, Certbot creates a temporary webserver. So you must stop and start your own server -> you have a timeout.

So try to switch to apache as authenticator. Or (my preferred version) use webroot.


#6

Hi,

authenticator = apache should not be used in my case :


#7

Yes, that the issue certbot temporary webserver didn’t stop on time.
The issue here is that certbot try to restart my apache server when is webserver wans’t stoppe successfully. So I guess there is something wrong with standalone mode.


#8

If you can use webroot, you won’t have to stop, nor restart, your apache server.


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.