Initial setup problem

Some help would be greatly appreciated

My domain is: bobscloud.ddns.net

I ran this command:
sudo certbot --apache certonly

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter ‘c’ to cancel): bobscloud.ddns.net
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for bobscloud.ddns.net
Enabled Apache rewrite module
Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down

AH00015: Unable to open logs
Unable to restart apache using [‘apache2ctl’, ‘graceful’]
Cleaning up challenges
Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down

AH00015: Unable to open logs
Unable to restart apache using [‘apache2ctl’, ‘graceful’]
Encountered exception during recovery:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2023, in _reload
util.run_script(self.constant(“restart_cmd”))
File “/usr/lib/python3/dist-packages/certbot/util.py”, line 86, in run_script
raise errors.SubprocessError(msg)
certbot.errors.SubprocessError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down

AH00015: Unable to open logs
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 75, in handle_authorizations
resp = self._solve_challenges(aauthzrs)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 126, in _solve_challenges
resp = self.auth.perform(all_achalls)
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2125, in perform
self.restart()
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2013, in restart
self._reload()
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2041, in _reload
raise errors.MisconfigurationError(error)
certbot.errors.MisconfigurationError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down

AH00015: Unable to open logs
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2023, in _reload
util.run_script(self.constant(“restart_cmd”))
File “/usr/lib/python3/dist-packages/certbot/util.py”, line 86, in run_script
raise errors.SubprocessError(msg)
certbot.errors.SubprocessError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down

AH00015: Unable to open logs
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot/error_handler.py”, line 108, in _call_registered
self.funcs-1
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 310, in _cleanup_challenges
self.auth.cleanup(achalls)
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2150, in cleanup
self.restart()
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2013, in restart
self._reload()
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2041, in _reload
raise errors.MisconfigurationError(error)
certbot.errors.MisconfigurationError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down

AH00015: Unable to open logs
Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

The operating system my web server runs on is (include version): Ubuntu Server 16.04

I can login to a root shell on my machine (yes or no, or I don’t know): yes

Welcome to the community @gmgiadinh176

It looks like you have many problems setting up your server. You should get an HTTP website working first before trying to get a cert.

A few items you should:

Setup your DNS A record (and/or AAAA if using IPv6)

Make a VirtualHost for port 80 for this domain name in Apache

Find out what else is listening on port 80 which is blocking Apache from starting

Ensure sudo apachectl -t -D DUMP_VHOSTS reports no errors

Use the Let's Debug test site to check your HTTP connection. Once Let's Debug reports success you can try using certbot again (it still may have problems but this helps debug problems with new sites).

In short, you must have a working HTTP site before you can get a cert using the HTTP Challenge

Here is what I see

$ ping  bobscloud.ddns.net
ping: no address associated with name
$ nslookup
>  bobscloud.ddns.net
Server:         127.0.0.1
Address:        127.0.0.1#53

** server can't find bobscloud.ddns.net: NXDOMAIN
> set q=soa
>  bobscloud.ddns.net
Server:         127.0.0.1
Address:        127.0.0.1#53

** server can't find bobscloud.ddns.net: NXDOMAIN
> ddns.net
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
ddns.net
        origin = nf1.no-ip.com
        mail addr = hostmaster.no-ip.com
        serial = 2468962758
        refresh = 10800
        retry = 1800
        expire = 604800
        minimum = 1800

Authoritative answers can be found from:
> set q=ns
> ddns.net
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
ddns.net        nameserver = nf4.no-ip.com.
ddns.net        nameserver = nf5.no-ip.com.
ddns.net        nameserver = nf1.no-ip.com.
ddns.net        nameserver = nf2.no-ip.com.
ddns.net        nameserver = nf3.no-ip.com.

Authoritative answers can be found from:
nf1.no-ip.com   internet address = 194.62.182.53
nf1.no-ip.com   has AAAA address 2a07:dc00:1820::53
nf2.no-ip.com   internet address = 45.54.64.53
nf2.no-ip.com   has AAAA address 2607:f740:e626::53
nf3.no-ip.com   internet address = 204.16.253.53
nf3.no-ip.com   has AAAA address 2620:0:2e61::53
nf4.no-ip.com   internet address = 194.62.183.53
nf4.no-ip.com   has AAAA address 2a07:dc00:1830::53
nf5.no-ip.com   internet address = 204.16.253.53
nf5.no-ip.com   has AAAA address 2620:0:2e61::53
> server nf1.no-ip.com
Default server: nf1.no-ip.com
Address: 194.62.182.53#53
> bobscloud.ddns.net
Server:         nf1.no-ip.com
Address:        194.62.182.53#53

** server can't find bobscloud.ddns.net: NXDOMAIN
> ddns.net
Server:         nf1.no-ip.com
Address:        194.62.182.53#53

ddns.net        nameserver = nf1.no-ip.com.
ddns.net        nameserver = nf2.no-ip.com.
ddns.net        nameserver = nf3.no-ip.com.
ddns.net        nameserver = nf4.no-ip.com.
ddns.net        nameserver = nf5.no-ip.com.
>
$ nslookup
> server nf1.no-ip.com.
Default server: nf1.no-ip.com.
Address: 194.62.182.53#53
> bobscloud.ddns.net
Server:         nf1.no-ip.com.
Address:        194.62.182.53#53

** server can't find bobscloud.ddns.net: NXDOMAIN
>

Let’s Encrypt offers Domain Validation (DV) certificates.

Thus you need to own and have control over the Domain Name you wish to obtain a certificate for,
from an ICANN Accredited Registrar.

In this case there does not exist a public facing and accessible Domain Name bobscloud.ddns.net, thus no Domain Validation (DV) and cannot issue a cerrtificate.

Since these are Domain Validation (DV) certificates the Domain Name System (DNS) is used extensively in the validation process as well a allowing us to assist here on Let's Encrypt community.
DNS Queries need to give consistent results from any location on the Internet, all your authoritative DNS Servers for the Domain need to also give consistent results as well.

Testing and debugging are best done using the Staging Environment as the Rate Limits are much higher. Rate Limits are per week (rolling).

And to assist with debugging there is a great place to start is Let's Debug.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.