my domain : ecouteancienne.fr
My web server is (include version): Gninx
The operating system my web server runs on is (include version): Debian 12 Bookworm
My hosting provider, if applicable, is: myself
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): the last version
Hello at all,
This morning I installed Certbot for my certificate. After restarting my nginx server I got this error message:
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xeu nginx.service" for details.
the results after first command :
mand@debian:~$ systemctl status nginx.service
Γ nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; preset: enabled)
Active: failed (Result: exit-code) since Tue 2024-05-28 13:23:44 CEST; 11s ago
Duration: 46min 19.493s
Docs: man:nginx(8)
Process: 54508 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited>
Process: 54509 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=>
CPU: 37ms
and the results after second command:
mand@debian:~$ journalctl -xeu nginx.service
Hint: You are currently not seeing messages from other users and the system.
Users in groups 'adm', 'systemd-journal' can see all messages.
Pass -q to turn off this notice.
I looked at NGINX (8) but what should I do?
I have the impression that there is a port conflict with Azuracast. Azuracast uses ports 80, 8080 and 443 for information.
I'm hesitant to do something radical: delete everything (nginx) and reinstall, because I'm afraid that at the SSL certificate level it will cause me problems afterwards.
Indeed, you are right for the results with "sudo":
sudo systemctl status nginx.service
Γ nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; preset: enabled)
Active: failed (Result: exit-code) since Tue 2024-05-28 13:23:44 CEST; 50min ago
Duration: 46min 19.493s
Docs: man:nginx(8)
Process: 54508 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 54509 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=1/FAILURE)
CPU: 37ms
mai 28 13:23:43 debian nginx[54509]: nginx: [emerg] bind() to [::]:443 failed (98: Address already in use)
mai 28 13:23:43 debian nginx[54509]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
mai 28 13:23:43 debian nginx[54509]: nginx: [emerg] bind() to [::]:443 failed (98: Address already in use)
mai 28 13:23:43 debian nginx[54509]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
mai 28 13:23:44 debian nginx[54509]: nginx: [emerg] bind() to [::]:443 failed (98: Address already in use)
mai 28 13:23:44 debian nginx[54509]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
mai 28 13:23:44 debian nginx[54509]: nginx: [emerg] still could not bind()
mai 28 13:23:44 debian systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
mai 28 13:23:44 debian systemd[1]: nginx.service: Failed with result 'exit-code'.
mai 28 13:23:44 debian systemd[1]: Failed to start nginx.service - A high performance web server and a reverse proxy server.
mand@debian:~$
There is no real connection between Azuracast (which is audio streaming software) and Nginx. Nginx is an http server. I use it because I host my site with this server. Azuracast also has an nginx server but I don't use it. One is independent of the other.
I don't know which feed to use. In fact, I think I don't really understand your question (it seems to me).
I explain: Nginx is the server for my website, Azuracast is the broadcaster of the stream. Both need SSL. I would not have needed to install an nginx server to host my site if I had not initially had a problem with the SSL connection, because if I did it it was after having thought that by grouping all (domain name, website and stream) the browser security alert would stop.
I don't know if my answers will answer your question. If this is not the case, I am at your disposal to clarify your misunderstanding.
Then I think you should probably uninstall nginx. I just read the Azuracast docs and it should handle getting a cert for you. It needs access to ports 80 and 443 directly. It doesn't describe using Certbot. It says the support is built-in.
You should just follow their instructions. And you may get better answers on their support forum. Streaming services sometimes need special configuration and they will know best how to guide you.
I don't know what decision to make. I think I will remove azuracast from the server and install it elsewhere. Maybe that will allow me to keep this SSL certificate on my current server where my domain name is also installed.
You might be able to use nginx as a proxy to Azuracast. But, this is advanced and you'd need to ask Azuracast how that could work. Streaming services often need special proxy statements. You wouldn't need a cert in Azuracast then if nginx and it were on same local network. You also want a strategy that is easy for you to maintain. So, using standard Azuracast setup might be best anyway.
Sounds like you have some design decisions to make. Let us know if you need help with something specific.
What would be the purpose of the SSL certificate without Azuracast? Is the main purpose of that server running nginx?
You probably can make Docker listen on a different port than 443 for Azuracast, so it can be used by nginx. But Docker configuration is not the scope of this Community.
nginx can be used as a reverse proxy, in general. Proxy for streaming services is a little different than typical HTTP(S) traffic though. Or, at least it might be. And, nginx could probably even work for that. But it is an advanced topic (and a bit outside our scope here).
Many of us on this forum do not like the Nginx Proxy Manager (NPM) system. That is a management system on top of nginx itself. It can be very difficult to debug. I do not recommend it.
Using nginx is pretty easy and it is commonly used.
But can't Docker do some mapping? From something else externally to 443 internally? I'm personally not very familiar with Docker, but I thought it could do something like that.
Finally I decided to remove nginx. Now, I want to delete my certificate (I think I need to do this since my domain name is currently associated with my public IP and then I'm going to re-point my domain name to my host).
I wanted to proceed with the command indicated above by MikeMcQ but I got the following feedback:
No certificate found with name ecouteancienne.fr (expected /etc/letsencrypt/renewal/ecouteancienne.fr.conf)
Very curious response because previously I had positive feedback after doing
I'm not sure what you mean by this, but just to be sure: certificates are not connected to any IP address, only to the hostnames. So if the hostname stays the same, you could re-use an existing certificate.
You can run the command again to see what Certbot currently finds.
I didn't believe this at all about the IP. Thank you for your clarification.
Well, I have to redo everything on my current PC, so is there anything special I need to do with fullchain.pem and privkey.pem currently on my system
?
