Certbot Hanging at Stopping Server


#1

Without debug the certbot hangs at cleaning up challenges. but with verbose debug mode it says stopping server and doesnt do anything more from that

My domain is: mqtt.kendrawannamaker.com

I ran this command: sudo certbot certonly --standalone --preferred-challenges http -d mqtt.kendrawannamaker.com --debug --verbose

It produced this output:
I killed the process after 19 minutes…

** letsencrypt.log @ /var/log/letsencrypt **
2019-01-28 23:30:59,663:DEBUG:certbot.error_handler:Calling registered functions
2019-01-28 23:30:59,663:INFO:certbot.auth_handler:Cleaning up challenges
2019-01-28 23:30:59,664:DEBUG:certbot.plugins.standalone:Stopping server at :::8 0…
2019-01-28 23:49:54,878:ERROR:certbot.log:Exiting abnormally:

My web server is (include version): No Webserver

The operating system my web server runs on is (include version): Ubuntu 18.04

My hosting provider, if applicable, is: AWS (Amazon EC2)

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.28.0


#2

Does this happen reliably or only sometimes?

While the server is hung, what does strace show?

You can capture the entire session to strace.log with e.g.:

sudo strace -fff -tt -s 128 certbot certonly --standalone \
--preferred-challenges http-01 -d mqtt.kendrawannamaker.com --dry-run \
2>&1 | tee -a strace.log

or you can try attaching to an already-hung Certbot process to see what it’s doing.

Since strace has a chance of leaking the partial cleartext of your ACME private keys, you should use --dry-run to avoid using your real keys.


#3

Does that mean that you are normally running a web server?
And certbot (with --standalone) tries to stop it but hangs?