Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: www.uebleis.at
I ran this command:
certbot --version || certbot-auto --version
grep '^pref_challs.tls-sni-01’ /etc/letsencrypt/renewal/
sudo /opt/bitnami/ctlscript.sh stop apache
sudo certbot renew
It produced this output:
bitnami@linux:~ certbot --version || certbot-auto --version
certbot 0.28.0
bitnami@linux:~ grep '^pref_challs.tls-sni-01’ /etc/letsencrypt/renewal/
bitnami@linux:~ sudo /opt/bitnami/ctlscript.sh stop apache
[sudo] password for bitnami:
Syntax OK
/opt/bitnami/apache2/scripts/ctl.sh : httpd stopped
bitnami@linux:~ sudo certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/www.uebleis.at.conf
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.uebleis.at
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (www.uebleis.at) from /etc/letsencrypt/renewal/www.uebleis.at.conf produced an unexpected error: Failed authorization procedure. www.uebleis.at (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.uebleis.at/.well-known/acme-challenge/M0Uq_dId-TADgL2jNk0J8yGI4CECFqmBLGYcVNIn6_8: “\n<html lang=“de-de” dir=“ltr”>\n\n\t<meta charset=“utf-8” />\n\t404 - Kategorie nicht gefunden\n\t<”. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.uebleis.at/fullchain.pem (failure)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.uebleis.at/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: www.uebleis.at
Type: unauthorized
Detail: Invalid response from
http://www.uebleis.at/.well-known/acme-challenge/M0Uq_dId-TADgL2jNk0J8yGI4CECFqmBLGYcVNIn6_8:
“\n<html lang=“de-de”
dir=“ltr”>\n\n\t<meta charset=“utf-8” />\n\t404 -
Kategorie nicht gefunden\n\t<”To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
bitnami@linux:~$
My web server is (include version):
apache2 from 2.4.7-1
The operating system my web server runs on is (include version):
ubuntu4.21
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot): certbot 0.28.0
I have succesfully renewed my certificate several times always stopping apache and running certbot renew. This time I am receiving the above error messages.
I have a peculiar setup, maybe that is the problem, but this setup has not changed since I installed certbot.
My Fritzbox transfers requests on port 80 to my homepage web server and https requests to the linux owncloud server.
I also tried to request the certificate without stopping my linux apache but this does not work either. Unfortunately I have no idea what certbot does, so I cannot really help myself. I also do not understand the error message.
Here is the output when I dont stop the apache server:
[spoiler]bitnami@linux:~$ sudo certbot renew
[sudo] password for bitnami:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/www.uebleis.at.conf
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.uebleis.at
Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
Unable to restart apache using [‘apache2ctl’, ‘graceful’]
Cleaning up challenges
Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
Unable to restart apache using [‘apache2ctl’, ‘graceful’]
Encountered exception during recovery:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2184, in _reload
util.run_script(self.option(“restart_cmd”))
File “/usr/lib/python3/dist-packages/certbot/util.py”, line 86, in run_script
raise errors.SubprocessError(msg)
certbot.errors.SubprocessError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 75, in handle_authorizations
resp = self._solve_challenges(aauthzrs)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 132, in _solve_challenges
resp = self.auth.perform(all_achalls)
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2286, in perform
self.restart()
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2174, in restart
self._reload()
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2202, in _reload
raise errors.MisconfigurationError(error)
certbot.errors.MisconfigurationError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2184, in _reload
util.run_script(self.option(“restart_cmd”))
File “/usr/lib/python3/dist-packages/certbot/util.py”, line 86, in run_script
raise errors.SubprocessError(msg)
certbot.errors.SubprocessError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot/error_handler.py”, line 108, in _call_registered
self.funcs-1
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 316, in _cleanup_challenges
self.auth.cleanup(achalls)
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2311, in cleanup
self.restart()
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2174, in restart
self._reload()
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2202, in _reload
raise errors.MisconfigurationError(error)
certbot.errors.MisconfigurationError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
Attempting to renew cert (www.uebleis.at) from /etc/letsencrypt/renewal/www.uebleis.at.conf produced an unexpected error: Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.uebleis.at/fullchain.pem (failure)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.uebleis.at/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
bitnami@linux:~$[/spoiler]