How to automatically renew certificate without stopping server

This is not a new topic, but somehow I could not find an answer to my problem. When I first got a certificate, following some instructions I typed this command:

sudo certbot certonly --standalone

At the time my server was not running. But now that I want to renew my certificate the server is running and I don’t want it to stop. But when I try this command

sudo certbot renew --dry-run

there is a conflict my my server already using port 80. Also I don’t know what to do. Does anyone has a solution ?

Hi @archimondain

you have to use one of the other options.




if you want to use http validation and your running webserver.


Thanks, I’m not using either nginx nor apache. I want to use --webroot (together with --webroot-path), but I do not understand how things are suppose to work. In particular, it seems that the whole process is trying to access some file in https://domain/.well-known/acme-challenge/, which it can’t so far cause my server do not serve files in this directory yet.

What I do not understand is that the directory “.well-known/acme-challenge/” has not been created in the webroot directory that I specified. So even if my server serves the files inside “.well-known/acme-challenge/”, I don’t understand how it can work.

Do you know what are the different steps of the process and what are the things I need to do to make it work ?

Addition : now that I think about it, maybe the process removes the file before I can see it. I will check that…

Then share your environment:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Please read some basics about challenges:

Every webserver is able to send static content. If you don’t want that, use dns validation.

If a Letsencrypt client has an option like --webroot, typically the two subdirectories are created.

Read some basics:

Certbot will create this directory for you inside your webroot. You don’t have to create it yourself.

Still another option is to use --pre-hook and --post-hook options to tell Certbot how to temporarily stop and restart your web server, in case you want to continue using --standalone with a web server application.

Thanks to all of you for your help. Sorry for haven’t put more effort in reading the doc. As expected, I just needed to serve my files properly and everything worked using --webroot together with --webroot-path.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.