Certbot vs Windows

Details : Can confirm port 80 is open and accessible & A record for domain points to the correct IP.

My domain is: sub.domain.com

I ran this command: certbot -v certonly --nginx sub.domain.com

It produced this output:

My web server is (include version): Nginx

The operating system my web server runs on is (include version): Windows Server 2019

My hosting provider, if applicable, is: MS Azure

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): MS Azure

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.24.0

From the questionnaire you've clearly seen:

Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

Also, the command in the answer to the question "I ran this command" (using the --nginx plugin) is not resembled in the screenshot of the output you've shown (standalone authenticator plugin).

12 Likes

If you're running nginx and running certbot standalone mode then nginx will likely be comsuming port 80, so certbot won't be able to host it's own http listener on port 80 as well. Try stopping nginx if you want to use the standalone certbot mode.

10 Likes

Thanks @webprofusion, it was late and I didn't think of that, I stopped Nginx and it ran sucessfully. Thanks for your help :smiley:

3 Likes

Thanks for your reply @Osiris, apologies for redacting the details, I will not do it again when I ask future questions, but I'm sorted now. Thanks :smile:

2 Likes

I understand the conflict but on linux systems we see an error about standalone not binding to port 80 if in use. We saw no error in post #1 yet stopping nginx succeeded.
Is the lack of error message due to Windows port sharing or is something else happening here? Thanks

Such as:

Plugins selected: Authenticator standalone, Installer None
Requesting a certificate for test4.example.com
Performing the following challenges:
http-01 challenge for test4.example.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Could not bind TCP port 80 because it is already in use by another process on
this system (such as a web server). Please stop the program in question and then
try again.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(R)etry/(C)ancel:
10 Likes

Good question, with IIS running (so http.sys is using port 80), running as administrator on Win 11 I get
Problem binding to port 80: [WinError 10013] An attempt was made to access a socket in a way forbidden by its access permissions - perhaps this is different (or not detected) when using apache or nginx on windows.

5 Likes

Yes I can confirm that running nginx on port 80 on windows uses the port but certbot doesn't recognise that it can't allocate the port for itself. If you run IIS on port 80 however, you get the expected Problem binding to port 80 error.

6 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.