Letsencrypt-auto fails on Ubuntu 14.04.4 x64


#1

Hi guys,

I’ve followed series of steps in order to get things working with my VPS. I continually run into problems which I’m not sure how to resolve.

After running: ./letsencrypt-auto --apache -d mydomain.co.uk I get:

Error while running apache2ctl graceful.                             x
x httpd not running, trying to start                                   x
x Action 'graceful' failed.                                            x
x The Apache error log may have more information.                      x
x AH00112: Warning: DocumentRoot                                       x
x [/var/lib/letsencrypt/tls_sni_01_page/] does not exist               x
x AH00558: apache2: Could not reliably determine the server's fully    x
x qualified domain name, using visualdecree.co.uk. Set the             x
x 'ServerName' directive globally to suppress this message             x
x (98)Address already in use: AH00072: make_sock: could not bind to    x
x address [::]:443                                                     x
x (98)Address already in use: AH00072: make_sock: could not bind to    x
x address 0.0.0.0:443                                                  x
x no listening sockets available, shutting down                        x
x AH00015: Unable to open logs      

Help would be appreciated. If you need anymore information, please let me know.


#2

Looks like Apache isn’t running, and you have something else listening on port 443. Do you have another web server installed?


#3

Hi @danb35, in order to get this far I have to shut down Apache. If I try and run the command with Apache running I get:

The following errors were reported by the server:

Domain: mydomain.co.uk
Type:   connection
Detail: Failed to connect to xxx.xx.xxx.xxx:443 for TLS-SNI-01
challenge

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.

Relevant or not, I don’t know but I am running webmin and virtualmin on the server.


#4

That shouldn’t be an issue, since they don’t use ports 80 or 443 by default. They can be set to use those ports, though. Just to make sure, try shutting them down and trying again. It’s possible your site is being served over port 80 but usermin is being served over port 443.

The only time you need to shut down Apache to obtain or renew a certificate is when using “standalone” mode. That mode runs it’s own mini-webserver to catch ports 80 and 443, and it will conflict with errors (kinda like what you’re getting) if there’s another webserver running.

If you’re able to configure Apache manually and you’re willing to use a different authentication method, you could try using webroot authentication. That method drops a small, hidden, temporary file on your site so the ACME server knows you have control of the domain. Like Apache authentication, it requires that Apache is running.

The command would be something like letsencrypt-auto certonly --webroot -w /home/user/www -d mydomain.co.uk

That won’t automatically configure Apache, but should provide you with the certificate. (This is what I did - I wasn’t comfortable with my config files being altered!)


#5

Hi Steve,

Thank you for the reply. I was not using the standlone flag, which is odd. It is now working although I can’t be 100% what fixed it as I literally spent all day trying things.

One thing I did note was that my ports.conf was originally set out like:

Listen *:443```

And I found a thread somewhere out in the ether where someone suggested using:

```Listen 80 443```

I was then able to run `./letsencrypt-auto -d example.co.uk -d www.example.co.uk -d` without any problems at all. I originally was using the apache flag `--apache` but it only seemed to work without it.

After which the installer started to work.. I think. Could it be that it was this line that helped? I can't see it myself, though I'll be darned if I know what else I did to fix it. It would be useful to know in case myself or others ever get this again lol.

#6

Don’t look a gift horse in the mouth :grin:

I’m really glad you got it working!


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.