Need to stop server to renew?

My domain is:justbuildit.ddns.net
i am using apache on window, i know most people use linux but i dont want to relearn all the cmd commands. (yet ill probably have to later)

certbot certonly --standalone
after stopping apache i ran this command ^ and it worked (using cmd as admin)
i started apache to test renew with this command
certbot renew --dry-run

it failed the first time with this output
C:\Windows\system32>certbot renew --dry-run
Saving debug log to C:\Certbot\log\letsencrypt.log


Processing C:\Certbot\renewal\justbuildit.ddns.net.conf


Simulating renewal of an existing certificate for justbuildit.ddns.net

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: justbuildit.ddns.net
Type: unauthorized
Detail: 97.130.139.4: Invalid response from https://justbuildit.ddns.net/.well-known/acme-challenge/7rlu5XoL8FkC5LeFwyTSTJSv_L1k0m-dh3vBykp8sKw: 404

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Failed to renew certificate justbuildit.ddns.net with error: Some challenges have failed.


All simulated renewals failed. The following certificates could not be renewed:
C:\Certbot\live\justbuildit.ddns.net\fullchain.pem (failure)


1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile C:\Certbot\log\letsencrypt.log or re-run Certbot with -v for more details.

i tried again after stopping apache and it worked without errors
so i guess my question is how is this going to auto-renew if apache needs to be stopped before?

running apache from XAMPP control panel v3.3.0
windows 10 pro version 22H2 OS Build 19045.4170

Yes, the --standalone method you chose requires exclusive use of port 80.

You could use pre- and post- hooks to stop and start Apache.

But, far better would be to change to use the --webroot method or --apache plugin instead of --standalone.

3 Likes

If you have tried the --apache plugin and it somehow failed, you should review the output for the command below for "name:port" overlaps:

sudo apachectl -t -D DUMP_VHOSTS

3 Likes

This looks a job for Apache mod_md.

3 Likes