Certbot standalone server failed to bind to port using IPv4

I’m using Debian 7 with certbot-auto. I have several domains set up to use standalone with http01_port = 555 and then proxy the requests with Apache to the standalone server. It was previously working fine as of about 3 weeks ago, however now when I try to renew all domains fail.

Checking the Apache log, I have:

proxy: HTTP: disabled connection for (localhost)

And checking the letsencrypt log file, I have lines containing:

DEBUG:acme.standalone:Failed to bind to :555 using IPv4

I thought that maybe there was something else bound to port 555 that was unclosed, however executing netstat -lnpt doesn’t show anything bound to port 555.

Certbot is also being executed as root, so privileges shouldn’t be a problem.

Any ideas what could be happening?


It appears that some of the domains are renewing, and then they start to fail for some reason. I have 9 certificates. The first 3 it tries to renew are all successful, however the last 6 all fail. For one of the last certificates that failed, I can successfully reissue a new cert using --force-renewal, but it doesn’t work when renewing all certificates.

Edit 2:

It appears that if there is a failure, all subsequent certificate renewals fail. The first 3 certificates were configured to use standalone, the 4th was configured with webroot, and the 5th - 9th were configured with standalone. The 4th one was failing, and therefore the 5th - 9th also failed. Fixing the 4th certificate now the 5th - 9th certificates also renew successfully.

Here is the renewal file for the one that was failing in case anyone wants to investigate this:

# renew_before_expiry = 30 days
version = 0.13.0
archive_dir = /etc/letsencrypt/archive/example.com
cert = /etc/letsencrypt/live/example.com/cert.pem
privkey = /etc/letsencrypt/live/example.com/privkey.pem
chain = /etc/letsencrypt/live/example.com/chain.pem
fullchain = /etc/letsencrypt/live/example.com/fullchain.pem

# Options and defaults used in the renewal process
installer = None
authenticator = webroot
account = 85eeb9ca5201ae8a53e96f5f24dbd765
post_hook = /usr/sbin/service apache2 reload
example.com = /home/example/public_html/

The server was giving a 503 response when accessing http://example.com/.well-known/

I’m seeing something similar, but feel it is environment related

There doesn’t seem to be enough information to solve this problem easily.
I would look into any HSTS use and also HTTPS redirection.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.