Certbot renew giving error

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: api.emergenttel.com

I ran this command:
certbot renew
It produced this output:

Renewing an existing certificate for api.emergenttel.com

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: api.emergenttel.com
Type: unauthorized
Detail: Invalid response from http://api.emergenttel.com/.well-known/acme-challenge/l8q89qyTioN2RngGnI3M2KUaQqLVPSx3VMYBPMOxexg [185.93.245.67]: "\n\n404 Not Found\n\n

Not Found

\n<p"

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Failed to renew certificate api.emergenttel.com with error: Some challenges have failed.

My web server is (include version):
Apache/2.4.37 (centos)
The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

my certbot is installed on different server and web service is running on other server.

1 Like
2

Hi @asim1, and welcome to the LE community forum :slight_smile:

Please show the logs for that last renewal attempt and failure.
I see that it is using standalone, so I wonder if you have taken that into consideration.
Please also show the output of:
sudo apachectl -S
And provide more information about the control panel being used:

1 Like
3

[root@imsapplication ~]# cat /var/log/letsencrypt/letsencrypt.log

2021-07-27 04:31:07,862:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2021-07-27 04:31:08,247:DEBUG:certbot._internal.main:certbot version: 1.17.0
2021-07-27 04:31:08,248:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/1280/bin/certbot
2021-07-27 04:31:08,248:DEBUG:certbot._internal.main:Arguments: ['-q', '--preconfigured-renewal']
2021-07-27 04:31:08,248:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-07-27 04:31:08,282:DEBUG:certbot._internal.log:Root logging level set at 40
2021-07-27 04:31:08,284:DEBUG:certbot.display.util:Notifying user: Processing /etc/letsencrypt/renewal/api.emergenttel.com.conf
2021-07-27 04:31:08,327:DEBUG:certbot._internal.plugins.selection:Requested authenticator <certbot._internal.cli.cli_utils._Default object at 0x7fc29e1e3c70> and installer <certbot._internal.cli.cli_utils._Default object at 0x7fc29e1e3c70>
2021-07-27 04:31:08,366:DEBUG:certbot._internal.storage:Should renew, less than 30 days before certificate expiry 2021-07-12 11:43:39 UTC.
2021-07-27 04:31:08,366:INFO:certbot._internal.renewal:Certificate is due for renewal, auto-renewing...
2021-07-27 04:31:08,366:INFO:certbot._internal.renewal:Non-interactive renewal: random delay of 153.19467749620856 seconds
2021-07-27 04:33:41,629:DEBUG:certbot._internal.plugins.selection:Requested authenticator standalone and installer None
2021-07-27 04:33:41,637:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot._internal.plugins.standalone:Authenticator
Initialized: <certbot._internal.plugins.standalone.Authenticator object at 0x7fc29e1e65e0>
Prep: True
2021-07-27 04:33:41,638:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.standalone.Authenticator object at 0x7fc29e1e65e0> and installer None
2021-07-27 04:33:41,638:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator standalone, Installer None
2021-07-27 04:33:41,651:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/118980969', new_authzr_uri=None, terms_of_service=None), 3dd1ff49c5f782891ef570e681c05c1a, Meta(creation_dt=datetime.datetime(2021, 4, 12, 14, 21, 29, tzinfo=<UTC>), creation_host='imsapplication.localdomain', register_to_eff=None))>
2021-07-27 04:33:41,652:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-07-27 04:33:41,656:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2021-07-27 04:33:43,817:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2021-07-27 04:33:43,818:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 27 Jul 2021 00:33:43 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "13ZEv6IV534": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2021-07-27 04:33:43,821:DEBUG:certbot.display.util:Notifying user: Renewing an existing certificate for api.emergenttel.com
2021-07-27 04:33:43,911:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): /etc/letsencrypt/keys/0093_key-certbot.pem
2021-07-27 04:33:43,916:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0093_csr-certbot.pem
2021-07-27 04:33:43,916:DEBUG:acme.client:Requesting fresh nonce
2021-07-27 04:33:43,916:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-07-27 04:33:44,457:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-07-27 04:33:44,458:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 27 Jul 2021 00:33:44 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001nYfneOJqupWw9nRA-kmCjJDppvRphGa5iajISKRAlxQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2021-07-27 04:33:44,458:DEBUG:acme.client:Storing nonce: 0001nYfneOJqupWw9nRA-kmCjJDppvRphGa5iajISKRAlxQ
2021-07-27 04:33:44,458:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "api.emergenttel.com"\n    }\n  ]\n}'
2021-07-27 04:33:44,461:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTE4OTgwOTY5IiwgIm5vbmNlIjogIjAwMDFuWWZuZU9KcXVwV3c5blJBLWttQ2pKRHBwdlJwaEdhNWlhaklTS1JBbHhRIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
  "signature": "VFcv7giF_bbBTqswGLCc4CnV70H5noXE9ijZajoJCb_KDHQ9cwgKZsXrXl-Oo2Td_NUGym_rJPlc5qZ4eG2_OZxPgBlzb0z9cDJYL0Fnr-79hLq5v4SZ3B8j46iSpOTPbFSJozVnfQet64RlST2CqBpWifd2pvL_8tQizSQ-R8iaaQ--KyhTAzMGuLMvccOq-fjm6o39YG3bph3F2-CzRVRTVHn9knrUwJf-psSUaKvqR8xOj6mpO0qpnY0c5S_L0re3-3xz0oxa2mmH-9zMyClc83QXG64U1VltB2siutj6iX1x5FQ8lmO876M_CiQcWmSE-pYu7H4k2sQJ8XbnLA",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImFwaS5lbWVyZ2VudHRlbC5jb20iCiAgICB9CiAgXQp9"
}
2021-07-27 04:33:45,057:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 342
2021-07-27 04:33:45,058:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Tue, 27 Jul 2021 00:33:44 GMT
Content-Type: application/json
Content-Length: 342
Connection: keep-alive
Boulder-Requester: 118980969
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/118980969/12456704560
Replay-Nonce: 00018XL4xyobPlffp_zOf2yJ7M15znQUAVHlnDzaTlfIk3s
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2021-08-03T00:33:44Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "api.emergenttel.com"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/16474886260"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/118980969/12456704560"
}
2021-07-27 04:33:45,058:DEBUG:acme.client:Storing nonce: 00018XL4xyobPlffp_zOf2yJ7M15znQUAVHlnDzaTlfIk3s
2021-07-27 04:33:45,058:DEBUG:acme.client:JWS payload:
b''
2021-07-27 04:33:45,062:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/16474886260:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTE4OTgwOTY5IiwgIm5vbmNlIjogIjAwMDE4WEw0eHlvYlBsZmZwX3pPZjJ5SjdNMTV6blFVQVZIbG5EemFUbGZJazNzIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xNjQ3NDg4NjI2MCJ9",
  "signature": "vX_aYDjWyTnKA29xDVYc8lH-s_xPfsvaPKA8moZh_iWtckdKJpNQgVA-CrkgiGLOPbBS9XKHDVHx-1AM9j-9gscawbP9v3BOWbTuk48zyb2ARD1o3rmOJW48Wxn-MICWBIhDGZFOofVybojef2bWgjIhJXjuq4D8sbOjnNALOjDzRbAxUr_pydU5WCqNWnMGqM92nUElhqURzCmsvifQgXflyBojZsvkHcTnIeDgX5zRPSPLK1oHRDm_BzgJK_kBy-QDcNMaPLVD49gTVVRbOG7qQ1W33WseMVUdtDgM3HyP0QqUnuW_DINfwnpl0sxdM8y524Mmybf12OiZH1QQwg",
  "payload": ""
}
2021-07-27 04:33:45,617:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/16474886260 HTTP/1.1" 200 800
2021-07-27 04:33:45,618:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 27 Jul 2021 00:33:45 GMT
Content-Type: application/json
Content-Length: 800
Connection: keep-alive
Boulder-Requester: 118980969
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 000168WZH4zCQB-QRNG_mkqKRRrvhF9NfHO5bX14VJFmEZ0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "api.emergenttel.com"
  },
  "status": "pending",
  "expires": "2021-08-03T00:33:44Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/16474886260/D-RmBA",
      "token": "0TFLuSwNJzQollO2XM4OstR5ry6YxJqQKKkojUcFPbw"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/16474886260/oRX_Zg",
      "token": "0TFLuSwNJzQollO2XM4OstR5ry6YxJqQKKkojUcFPbw"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/16474886260/l6Y9rQ",
      "token": "0TFLuSwNJzQollO2XM4OstR5ry6YxJqQKKkojUcFPbw"
    }
  ]
}
2021-07-27 04:33:45,618:DEBUG:acme.client:Storing nonce: 000168WZH4zCQB-QRNG_mkqKRRrvhF9NfHO5bX14VJFmEZ0
2021-07-27 04:33:45,619:INFO:certbot._internal.auth_handler:Performing the following challenges:
2021-07-27 04:33:45,619:INFO:certbot._internal.auth_handler:http-01 challenge for api.emergenttel.com
2021-07-27 04:33:45,620:DEBUG:acme.standalone:Failed to bind to :80 using IPv6
2021-07-27 04:33:45,620:DEBUG:acme.standalone:Failed to bind to :80 using IPv4
2021-07-27 04:33:45,622:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/plugins/standalone.py", line 70, in run
    servers = acme_standalone.HTTP01DualNetworkedServers(
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/acme/standalone.py", line 197, in __init__
    BaseDualNetworkedServers.__init__(self, HTTP01Server, *args, **kwargs)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/acme/standalone.py", line 110, in __init__
    raise last_socket_err
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/acme/standalone.py", line 85, in __init__
    server = ServerClass(*new_args, **kwargs)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/acme/standalone.py", line 187, in __init__
    HTTPServer.__init__(
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/acme/standalone.py", line 180, in __init__
    BaseHTTPServer.HTTPServer.__init__(self, *args, **kwargs)
  File "/var/lib/snapd/snap/certbot/1280/usr/lib/python3.8/socketserver.py", line 452, in __init__
    self.server_bind()
  File "/var/lib/snapd/snap/certbot/1280/usr/lib/python3.8/http/server.py", line 138, in server_bind
    socketserver.TCPServer.server_bind(self)
  File "/var/lib/snapd/snap/certbot/1280/usr/lib/python3.8/socketserver.py", line 466, in server_bind
    self.socket.bind(self.server_address)
OSError: [Errno 98] Address already in use

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/plugins/standalone.py", line 159, in _try_perform_single
    return self._perform_single(achall)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/plugins/standalone.py", line 164, in _perform_single
    servers, response = self._perform_http_01(achall)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/plugins/standalone.py", line 171, in _perform_http_01
    servers = self.servers.run(port, challenges.HTTP01, listenaddr=addr)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/plugins/standalone.py", line 73, in run
    raise errors.StandaloneBindError(error, port)
certbot.errors.StandaloneBindError: Problem binding to port 80: [Errno 98] Address already in use

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 73, in handle_authorizations
    resps = self.auth.perform(achalls)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/plugins/standalone.py", line 154, in perform
    return [self._try_perform_single(achall) for achall in achalls]
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/plugins/standalone.py", line 154, in <listcomp>
    return [self._try_perform_single(achall) for achall in achalls]
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/plugins/standalone.py", line 161, in _try_perform_single
    _handle_perform_error(error)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/plugins/standalone.py", line 214, in _handle_perform_error
    raise errors.PluginError(msg)
certbot.errors.PluginError: Could not bind TCP port 80 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.

2021-07-27 04:33:45,622:DEBUG:certbot._internal.error_handler:Calling registered functions
2021-07-27 04:33:45,622:INFO:certbot._internal.auth_handler:Cleaning up challenges
2021-07-27 04:33:45,623:ERROR:certbot._internal.renewal:Failed to renew certificate api.emergenttel.com with error: Could not bind TCP port 80 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.
2021-07-27 04:33:45,626:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/plugins/standalone.py", line 70, in run
    servers = acme_standalone.HTTP01DualNetworkedServers(
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/acme/standalone.py", line 197, in __init__
    BaseDualNetworkedServers.__init__(self, HTTP01Server, *args, **kwargs)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/acme/standalone.py", line 110, in __init__
    raise last_socket_err
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/acme/standalone.py", line 85, in __init__
    server = ServerClass(*new_args, **kwargs)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/acme/standalone.py", line 187, in __init__
    HTTPServer.__init__(
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/acme/standalone.py", line 180, in __init__
    BaseHTTPServer.HTTPServer.__init__(self, *args, **kwargs)
  File "/var/lib/snapd/snap/certbot/1280/usr/lib/python3.8/socketserver.py", line 452, in __init__
    self.server_bind()
  File "/var/lib/snapd/snap/certbot/1280/usr/lib/python3.8/http/server.py", line 138, in server_bind
    socketserver.TCPServer.server_bind(self)
  File "/var/lib/snapd/snap/certbot/1280/usr/lib/python3.8/socketserver.py", line 466, in server_bind
    self.socket.bind(self.server_address)
OSError: [Errno 98] Address already in use

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/plugins/standalone.py", line 159, in _try_perform_single
    return self._perform_single(achall)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/plugins/standalone.py", line 164, in _perform_single
    servers, response = self._perform_http_01(achall)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/plugins/standalone.py", line 171, in _perform_http_01
    servers = self.servers.run(port, challenges.HTTP01, listenaddr=addr)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/plugins/standalone.py", line 73, in run
    raise errors.StandaloneBindError(error, port)
certbot.errors.StandaloneBindError: Problem binding to port 80: [Errno 98] Address already in use

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 474, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/main.py", line 1387, in renew_cert
    renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/main.py", line 117, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 333, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/client.py", line 375, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/client.py", line 425, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 73, in handle_authorizations
    resps = self.auth.perform(achalls)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/plugins/standalone.py", line 154, in perform
    return [self._try_perform_single(achall) for achall in achalls]
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/plugins/standalone.py", line 154, in <listcomp>
    return [self._try_perform_single(achall) for achall in achalls]
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/plugins/standalone.py", line 161, in _try_perform_single
    _handle_perform_error(error)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/plugins/standalone.py", line 214, in _handle_perform_error
    raise errors.PluginError(msg)
certbot.errors.PluginError: Could not bind TCP port 80 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.

2021-07-27 04:33:45,626:DEBUG:certbot.display.util:Notifying user: Processing /etc/letsencrypt/renewal/billing.emergenttel.com.conf
2021-07-27 04:33:45,659:DEBUG:certbot._internal.storage:Should renew, less than 30 days before certificate expiry 2021-07-12 11:41:00 UTC.
2021-07-27 04:33:45,659:INFO:certbot._internal.renewal:Certificate is due for renewal, auto-renewing...
2021-07-27 04:33:45,659:DEBUG:certbot._internal.plugins.selection:Requested authenticator standalone and installer None
2021-07-27 04:33:45,663:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot._internal.plugins.standalone:Authenticator
Initialized: <certbot._internal.plugins.standalone.Authenticator object at 0x7fc29e1e6760>
Prep: True
2021-07-27 04:33:45,664:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.standalone.Authenticator object at 0x7fc29e1e6760> and installer None
2021-07-27 04:33:45,664:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator standalone, Installer None
2021-07-27 04:33:45,672:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/118980969', new_authzr_uri=None, terms_of_service=None), 3dd1ff49c5f782891ef570e681c05c1a, Meta(creation_dt=datetime.datetime(2021, 4, 12, 14, 21, 29, tzinfo=<UTC>), creation_host='imsapplication.localdomain', register_to_eff=None))>
2021-07-27 04:33:45,673:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-07-27 04:33:45,674:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2021-07-27 04:33:47,814:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2021-07-27 04:33:47,815:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 27 Jul 2021 00:33:47 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "f_uQy4pD2OM": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2021-07-27 04:33:47,818:DEBUG:certbot.display.util:Notifying user: Renewing an existing certificate for billing.emergenttel.com
2021-07-27 04:33:47,855:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): /etc/letsencrypt/keys/0094_key-certbot.pem
2021-07-27 04:33:47,863:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0094_csr-certbot.pem
2021-07-27 04:33:47,864:DEBUG:acme.client:Requesting fresh nonce
2021-07-27 04:33:47,864:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-07-27 04:33:48,397:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-07-27 04:33:48,397:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 27 Jul 2021 00:33:48 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002nqL98EucnFItIYUFgdORtHGpgJlGR_NM_U9l6kIBpPM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2021-07-27 04:33:48,398:DEBUG:acme.client:Storing nonce: 0002nqL98EucnFItIYUFgdORtHGpgJlGR_NM_U9l6kIBpPM
2021-07-27 04:33:48,398:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "billing.emergenttel.com"\n    }\n  ]\n}'
2021-07-27 04:33:48,400:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTE4OTgwOTY5IiwgIm5vbmNlIjogIjAwMDJucUw5OEV1Y25GSXRJWVVGZ2RPUnRIR3BnSmxHUl9OTV9VOWw2a0lCcFBNIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
  "signature": "M0k5BHb_uEjTHfx5TPprW7A-1X_BhCCgnaJ56NLu9UGCPxGYunas_RNSeyRq9pIVv9Hc1f9yf-a3i4W9Bh_n4xDG0C6cmnh6wwX6DxDeRhTWgwV5uME065GJaKCvlf-iKQqjUDmbsu_s9cTtLflk6uUNzfdChYwLIz8xI8EXCAdUvUHeuV4x7gE6xpm-WpbvnsYo1JNVm2973oLpvuqYjlZ19XGSmKxoIAJ51LL8By3vgWIBE86JvAHQ6ft1AmFu4Au_UwVqV52fJ2IDaUKjK4OLkTHoE4VqlicyRZl2iX8plb9CdeeYRGg6u9Z7O2xEfDwJHG4IZktFPMGZ1XiEMg",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImJpbGxpbmcuZW1lcmdlbnR0ZWwuY29tIgogICAgfQogIF0KfQ"
}
2021-07-27 04:33:48,976:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 346
2021-07-27 04:33:48,977:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Tue, 27 Jul 2021 00:33:48 GMT
Content-Type: application/json
Content-Length: 346
Connection: keep-alive
Boulder-Requester: 118980969
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/118980969/12456713680
Replay-Nonce: 0002WHA7ZqQh2kJr8SlVNAau71O8bmRwrFkTl63svBg3chI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2021-08-03T00:33:48Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "billing.emergenttel.com"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/16474898370"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/118980969/12456713680"
}
2021-07-27 04:33:48,977:DEBUG:acme.client:Storing nonce: 0002WHA7ZqQh2kJr8SlVNAau71O8bmRwrFkTl63svBg3chI
2021-07-27 04:33:48,978:DEBUG:acme.client:JWS payload:
b''
2021-07-27 04:33:48,981:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/16474898370:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTE4OTgwOTY5IiwgIm5vbmNlIjogIjAwMDJXSEE3WnFRaDJrSnI4U2xWTkFhdTcxTzhibVJ3ckZrVGw2M3N2QmczY2hJIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xNjQ3NDg5ODM3MCJ9",
  "signature": "HhDtMBscUwSaB9S7gFj_ZA1Mo-gEVSYIwzK3N2N5iiFU_E72YbhKohYPGxYBPiWkc-OeY7n9eg8oEFj7YSxWeL4KqML_hnqKr5X2cw2okyOXkd3LI4IrKhz9vFt-uDsO7BCYukSyqjEbBBRER5SgOOqVaPrAyRM1zYecG-naeq8VyryucKYkl344GxhlCTsjCZlbGoFR6RHnA4Cg-Mj4mGnqklIiUuApxXjg1tSsijN5rkQoQfCHALx3IuUYKDliOSnV3MlAAlqz6MlVP2G6N6zRJiHmlFm5XMXP3DLZUu6q7ZgrKOfSP70tPEC5WNIqiUe4LI20KAtkQa52F8KY_Q",
  "payload": ""
}
2021-07-27 04:33:49,526:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/16474898370 HTTP/1.1" 200 804
2021-07-27 04:33:49,527:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 27 Jul 2021 00:33:49 GMT
Content-Type: application/json
Content-Length: 804
Connection: keep-alive
Boulder-Requester: 118980969
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002h1tPs4eiudt4R2ybN7UKVaR-PF6njxnQ7NKf0j-8x-U
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "billing.emergenttel.com"
  },
  "status": "pending",
  "expires": "2021-08-03T00:33:48Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/16474898370/gvfIQA",
      "token": "xl46hKkOprni3l7b2Q8FzaSs3Ui9ZLcHpu-uPjO6TLc"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/16474898370/4G1KIQ",
      "token": "xl46hKkOprni3l7b2Q8FzaSs3Ui9ZLcHpu-uPjO6TLc"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/16474898370/2Haisg",
      "token": "xl46hKkOprni3l7b2Q8FzaSs3Ui9ZLcHpu-uPjO6TLc"
    }
  ]
}
2021-07-27 04:33:49,527:DEBUG:acme.client:Storing nonce: 0002h1tPs4eiudt4R2ybN7UKVaR-PF6njxnQ7NKf0j-8x-U
2021-07-27 04:33:49,528:INFO:certbot._internal.auth_handler:Performing the following challenges:
2021-07-27 04:33:49,528:INFO:certbot._internal.auth_handler:http-01 challenge for billing.emergenttel.com
2021-07-27 04:33:49,529:DEBUG:acme.standalone:Failed to bind to :80 using IPv6
2021-07-27 04:33:49,529:DEBUG:acme.standalone:Failed to bind to :80 using IPv4
2021-07-27 04:33:49,529:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/plugins/standalone.py", line 70, in run
    servers = acme_standalone.HTTP01DualNetworkedServers(
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/acme/standalone.py", line 197, in __init__
    BaseDualNetworkedServers.__init__(self, HTTP01Server, *args, **kwargs)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/acme/standalone.py", line 110, in __init__
    raise last_socket_err
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/acme/standalone.py", line 85, in __init__
    server = ServerClass(*new_args, **kwargs)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/acme/standalone.py", line 187, in __init__
    HTTPServer.__init__(
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/acme/standalone.py", line 180, in __init__
    BaseHTTPServer.HTTPServer.__init__(self, *args, **kwargs)
  File "/var/lib/snapd/snap/certbot/1280/usr/lib/python3.8/socketserver.py", line 452, in __init__
    self.server_bind()
  File "/var/lib/snapd/snap/certbot/1280/usr/lib/python3.8/http/server.py", line 138, in server_bind
    socketserver.TCPServer.server_bind(self)
  File "/var/lib/snapd/snap/certbot/1280/usr/lib/python3.8/socketserver.py", line 466, in server_bind
    self.socket.bind(self.server_address)
OSError: [Errno 98] Address already in use

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/plugins/standalone.py", line 159, in _try_perform_single
    return self._perform_single(achall)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/plugins/standalone.py", line 164, in _perform_single
    servers, response = self._perform_http_01(achall)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/plugins/standalone.py", line 171, in _perform_http_01
    servers = self.servers.run(port, challenges.HTTP01, listenaddr=addr)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/plugins/standalone.py", line 73, in run
    raise errors.StandaloneBindError(error, port)
certbot.errors.StandaloneBindError: Problem binding to port 80: [Errno 98] Address already in use

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 73, in handle_authorizations
    resps = self.auth.perform(achalls)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/plugins/standalone.py", line 154, in perform
    return [self._try_perform_single(achall) for achall in achalls]
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/plugins/standalone.py", line 154, in <listcomp>
    return [self._try_perform_single(achall) for achall in achalls]
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/plugins/standalone.py", line 161, in _try_perform_single
    _handle_perform_error(error)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/plugins/standalone.py", line 214, in _handle_perform_error
    raise errors.PluginError(msg)
certbot.errors.PluginError: Could not bind TCP port 80 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.

2021-07-27 04:33:49,530:DEBUG:certbot._internal.error_handler:Calling registered functions
2021-07-27 04:33:49,530:INFO:certbot._internal.auth_handler:Cleaning up challenges
2021-07-27 04:33:49,530:ERROR:certbot._internal.renewal:Failed to renew certificate billing.emergenttel.com with error: Could not bind TCP port 80 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.
2021-07-27 04:33:49,531:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/plugins/standalone.py", line 70, in run
    servers = acme_standalone.HTTP01DualNetworkedServers(
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/acme/standalone.py", line 197, in __init__
    BaseDualNetworkedServers.__init__(self, HTTP01Server, *args, **kwargs)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/acme/standalone.py", line 110, in __init__
    raise last_socket_err
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/acme/standalone.py", line 85, in __init__
    server = ServerClass(*new_args, **kwargs)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/acme/standalone.py", line 187, in __init__
    HTTPServer.__init__(
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/acme/standalone.py", line 180, in __init__
    BaseHTTPServer.HTTPServer.__init__(self, *args, **kwargs)
  File "/var/lib/snapd/snap/certbot/1280/usr/lib/python3.8/socketserver.py", line 452, in __init__
    self.server_bind()
  File "/var/lib/snapd/snap/certbot/1280/usr/lib/python3.8/http/server.py", line 138, in server_bind
    socketserver.TCPServer.server_bind(self)
  File "/var/lib/snapd/snap/certbot/1280/usr/lib/python3.8/socketserver.py", line 466, in server_bind
    self.socket.bind(self.server_address)
OSError: [Errno 98] Address already in use

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/plugins/standalone.py", line 159, in _try_perform_single
    return self._perform_single(achall)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/plugins/standalone.py", line 164, in _perform_single
    servers, response = self._perform_http_01(achall)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/plugins/standalone.py", line 171, in _perform_http_01
    servers = self.servers.run(port, challenges.HTTP01, listenaddr=addr)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/plugins/standalone.py", line 73, in run
    raise errors.StandaloneBindError(error, port)
certbot.errors.StandaloneBindError: Problem binding to port 80: [Errno 98] Address already in use

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 474, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/main.py", line 1387, in renew_cert
    renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/main.py", line 117, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 333, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/client.py", line 375, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/client.py", line 425, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 73, in handle_authorizations
    resps = self.auth.perform(achalls)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/plugins/standalone.py", line 154, in perform
    return [self._try_perform_single(achall) for achall in achalls]
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/plugins/standalone.py", line 154, in <listcomp>
    return [self._try_perform_single(achall) for achall in achalls]
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/plugins/standalone.py", line 161, in _try_perform_single
    _handle_perform_error(error)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/plugins/standalone.py", line 214, in _handle_perform_error
    raise errors.PluginError(msg)
certbot.errors.PluginError: Could not bind TCP port 80 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.

2021-07-27 04:33:49,531:DEBUG:certbot.display.util:Notifying user:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2021-07-27 04:33:49,531:ERROR:certbot._internal.renewal:All renewals failed. The following certificates could not be renewed:
2021-07-27 04:33:49,531:ERROR:certbot._internal.renewal:  /etc/letsencrypt/live/api.emergenttel.com/fullchain.pem (failure)
  /etc/letsencrypt/live/billing.emergenttel.com/fullchain.pem (failure)
2021-07-27 04:33:49,531:DEBUG:certbot.display.util:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2021-07-27 04:33:49,531:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/snap/certbot/1280/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/main.py", line 1574, in main
    return config.func(config, plugins)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/main.py", line 1461, in renew
    renewal.handle_renewal_request(config)
  File "/var/lib/snapd/snap/certbot/1280/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 499, in handle_renewal_request
    raise errors.Error("{0} renew failure(s), {1} parse failure(s)".format(
certbot.errors.Error: 2 renew failure(s), 0 parse failure(s)
2021-07-27 04:33:49,532:ERROR:certbot._internal.log:2 renew failure(s), 0 parse failure(s)
1 Like
4

[root@imsapplication ~]# apachectl -S
AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/httpd/conf/httpd.conf:46
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::216:3eff:fe87:8529. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
185.93.245.71:80 billing.emergenttel.com (/etc/httpd/conf/httpd.conf:359)
*:443 fe80::216:3eff:fe87:8529 (/etc/httpd/conf.d/ssl.conf:40)
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex lua-ivm-shm: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/etc/httpd/run/" mechanism=default
Mutex cache-socache: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex watchdog-callback: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex authdigest-client: using_defaults
PidFile: "/etc/httpd/run/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48

1 Like
5 
2021-07-27 04:33:41,629:DEBUG:certbot._internal.plugins.selection:Requested authenticator standalone and installer None
2021-07-27 04:33:41,637:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * standalone
2021-07-27 04:33:45,620:DEBUG:acme.standalone:Failed to bind to :80 using IPv6
2021-07-27 04:33:45,620:DEBUG:acme.standalone:Failed to bind to :80 using IPv4

When using --standalone, one must stop the current service on port 80.
As shown, Apache is using port 80:

But oddly enough the IP for the name being renewed doesn't match the IP being used by Apache:

Name:    api.emergenttel.com
Address: 185.93.245.67
1 Like
6

i am using certbot on the server only for licenses where as my web service is running on some other server. but still when i stop the apache on certbot server get the error

[root@imsapplication ~]# service httpd stop
Redirecting to /bin/systemctl stop httpd.service
^[[A[root@imsapplication ~]# certbot renew --standalone
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/api.emergenttel.com.conf

Renewing an existing certificate for api.emergenttel.com

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: api.emergenttel.com
Type: unauthorized
Detail: Invalid response from http://api.emergenttel.com/.well-known/acme-challenge/0TFLuSwNJzQollO2XM4OstR5ry6YxJqQKKkojUcFPbw [185.93.245.67]: "\n\n404 Not Found\n\n

Not Found

\n<p"

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Failed to renew certificate api.emergenttel.com with error: Some challenges have failed.

1 Like
7

The renewal will challenge the IP of the name being renewed:

Name:    api.emergenttel.com
Address: 185.93.245.67

You must run certbot at that other IP.
OR
Use another authentication method (Like: DNS-01).
OR
Forward the challenge requests from api.emergenttel.com to billing.emergenttel.com.
[assuming both have working HTTP configs]

1 Like
8

what is i install certbot on the same machine where my web service running will it renew the licenses

1 Like
9

Yes, that is how most people do it.
And you probably don't need to stop the web service to get/renew a cert - if you use --webroot authentication.

1 Like
10

on the other server where my web service running and after installing certbot there will it create a new license or renew the current license

1 Like
11

All new (FREE) certificate.

1 Like
12

what if i run below command where certbot already installed

certbot certonly --manual --preferred-challenges dns-01 -d api.emergenttel.com

will this also renew my license

1 Like
13

It is a very manual process and you have to update your DNS zone records, wait for them to propogate/synchronize, and then continue.
So yes, it can work that way.
But the best idea is to automate the renewals so you never have to worry about them again.

1 Like
14

OK. i got it.

Many Thanks for the support and help i will work on it.

Regards

2 Likes
15

Best of luck to you :slight_smile:
And cheers from Miami :beers:

#FreeCuba

1 Like
16

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.