Need help with certbot behind nginx

I need help with setting up certbot to run behind my nginx setup!

My domain is:

I ran this command:
sudo cerbot renew --dry-run

It produced this output:

Processing /etc/letsencrypt/renewal/

Simulating renewal of an existing certificate for and
Failed to renew certificate with error: Could not bind TCP port 80 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.

All simulated renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/ (failure)

1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version):
The operating system my web server runs on is (include version):
Ubuntu 20.04.4 LTS (GNU/Linux 5.13.0-1029-aws x86_64)

I can login to a root shell on my machine (yes or no, or I don't know):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot1.30.0

Did you by any chance use the standalone plugin earlier and are now Certbot running on a system where nginx is also running and using port 80?


I did not perform the install. Is there a way that I could verify this? (besides asking the person that did the install lol). They said they just followed some tutorials to get it to work but do not recall using the standalone plugin

You could check (and/or post the contents of) the file /etc/letsencrypt/renewal/

Alternatively, you could just try the following command:

certbot renew --nginx --dry-run

This would tell Certbot to use the nginx plugin instead of the standalone plugin (which is most likely configured now) so it will use nginx itself to perform the challenge.

Note that using --nginx configures Certbot to use the nginx plugin as authenticator as well as the installer. Now, your nginx is already configured for the certificate, so Certbot won't additionally modify your nginx configuration permanently (which it would if it was the first time you'd get a cert), but it does have the additional benefit of reloading your nginx automatically.

5 Likes contains:

and the command:
certbot renew --nginx --dry-run


--standalone was previously used.
As mentioned, since you have a working web server, you can use that instead.


That's looking good, if you want and need to renew, you can remove the --dry-run option now.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.