Certbot standalone server failed to bind to port using IPv4

multiwebinc · July 11, 2017, 1:57am

I’m using Debian 7 with certbot-auto. I have several domains set up to use standalone with http01_port = 555 and then proxy the requests with Apache to the standalone server. It was previously working fine as of about 3 weeks ago, however now when I try to renew all domains fail.

Checking the Apache log, I have:

proxy: HTTP: disabled connection for (localhost)

And checking the letsencrypt log file, I have lines containing:

DEBUG:acme.standalone:Failed to bind to :555 using IPv4

I thought that maybe there was something else bound to port 555 that was unclosed, however executing netstat -lnpt doesn’t show anything bound to port 555.

Certbot is also being executed as root, so privileges shouldn’t be a problem.

Any ideas what could be happening?

Edit:

It appears that some of the domains are renewing, and then they start to fail for some reason. I have 9 certificates. The first 3 it tries to renew are all successful, however the last 6 all fail. For one of the last certificates that failed, I can successfully reissue a new cert using --force-renewal, but it doesn’t work when renewing all certificates.

Edit 2:

It appears that if there is a failure, all subsequent certificate renewals fail. The first 3 certificates were configured to use standalone, the 4th was configured with webroot, and the 5th - 9th were configured with standalone. The 4th one was failing, and therefore the 5th - 9th also failed. Fixing the 4th certificate now the 5th - 9th certificates also renew successfully.

Here is the renewal file for the one that was failing in case anyone wants to investigate this:

# renew_before_expiry = 30 days
version = 0.13.0
archive_dir = /etc/letsencrypt/archive/example.com
cert = /etc/letsencrypt/live/example.com/cert.pem
privkey = /etc/letsencrypt/live/example.com/privkey.pem
chain = /etc/letsencrypt/live/example.com/chain.pem
fullchain = /etc/letsencrypt/live/example.com/fullchain.pem

# Options and defaults used in the renewal process
[renewalparams]
installer = None
authenticator = webroot
account = 85eeb9ca5201ae8a53e96f5f24dbd765
post_hook = /usr/sbin/service apache2 reload
[[webroot_map]]
example.com = /home/example/public_html/

The server was giving a 503 response when accessing http://example.com/.well-known/

basz · July 15, 2017, 10:09pm

I’m seeing something similar, but feel it is environment related

rg305 · July 15, 2017, 10:15pm

There doesn’t seem to be enough information to solve this problem easily.
I would look into any HSTS use and also HTTPS redirection.

system · August 14, 2017, 10:15pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certbot unable to bind to port 80 in IPv4 Help	6	7873	August 22, 2019
Failed to bind to :443 using IPv4 Help	20	5101	March 11, 2018
Failed to deploy cert standalone Help	20	2269	April 24, 2018
Problem binding to port 80: Could not bind to IPv4 or IPv6 Help	4	937	December 18, 2020
Moving certs to new server, certbot error Help	5	490	February 27, 2021

Certbot standalone server failed to bind to port using IPv4

Related topics