Certbot renew not working 503. Skipping

Please help me
I use domain eco-gate.siblion.ru, eco-jenkins1.siblion.ru and some other
renew script in to working, stay 10 days

/usr/bin/certbot renew --renew-hook “/usr/local/bin/renew.sh”
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/eco-gate.siblion.ru.conf

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator standalone, Installer None
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for eco-gate.siblion.ru
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (eco-gate.siblion.ru) from /etc/letsencrypt/renewal/eco-gate.siblion.ru.conf produced an unexpected error: Failed authorization procedure. eco-gate.siblion.ru (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://eco-gate.siblion.ru/.well-known/acme-challenge/bDmOFWCyj3SXKfkEIN7S4ck2K4kTOHfolqlGKOGG7aQ [91.218.115.4]: 503. Skipping.

Processing /etc/letsencrypt/renewal/eco-jenkins1.siblion.ru.conf

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator standalone, Installer None
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for eco-jenkins1.siblion.ru
Cleaning up challenges
Attempting to renew cert (eco-jenkins1.siblion.ru) from /etc/letsencrypt/renewal/eco-jenkins1.siblion.ru.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6… Skipping.
…
…
…

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: eco-gate.siblion.ru
  Type: unauthorized
  Detail: Invalid response from
  http://eco-gate.siblion.ru/.well-known/acme-challenge/bDmOFWCyj3SXKfkEIN7S4ck2K4kTOHfolqlGKOGG7aQ
  [91.218.115.4]: 503

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address.

Hi @talker

calling (per browser)

http://eco-gate.siblion.ru/.well-known/acme-challenge/bDmOFWCyj3SXKfkEIN7S4ck2K4kTOHfolqlGKOGG7aQ

I've got the same error: http-status 503. This is a local error of your website eco-gate.siblion.ru.

Same error on http://eco-gate.siblion.ru/ - looks like there is no http service port 80.

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator standalone, Installer None
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for eco-bitbucket.siblion.ru
Cleaning up challenges
Attempting to renew cert (eco-bitbucket.siblion.ru) from /etc/letsencrypt/renewal/eco-bitbucket.siblion.ru.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6… Skipping.

it is also problem with my port?
telnet in localhost working correct, httpd service is up and running, try stop it - same error.

Thanks

When you use --standalone, it assumes that it can (temporarily) exclusively use port 80, which means that there's nothing else using the port at that time. This is normally meant for machines that don't have a web server at all, since port 80 will be free. You can also set --pre-hook and --post-hook options with commands to stop and restart the web server, if there is one.

You can check this with ss -plt to see if anything is still listening on port 80 after you stop your httpd.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.