Nginx problem binding to port 80

osdtech · January 29, 2019, 10:59pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.registrationcenter.net

I ran this command: sudo certbot renew --dry-run

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/www.registrationcenter.net.conf

Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.registrationcenter.net
Cleaning up challenges
Attempting to renew cert (www.registrationcenter.net) from /etc/letsencrypt/renewal/www.registrationcenter.net.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6… Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.registrationcenter.net/fullchain.pem (failure)

** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.registrationcenter.net/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)

1 renew failure(s), 0 parse failure(s)

My web server is (include version): nginx/1.4.6 (Ubuntu)

The operating system my web server runs on is (include version):
Ubuntu 14.04.5 LTS (GNU/Linux 3.13.0-147-generic x86_64)

My hosting provider, if applicable, is: myself

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.28.0

Additional info: nmap shows an open port 80
nmap www.registrationcenter.net

Starting Nmap 6.47 ( http://nmap.org ) at 2019-01-29 16:59 CST
Nmap scan report for www.registrationcenter.net (10.28.1.92)
Host is up (0.0033s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
8443/tcp open https-alt

Nmap done: 1 IP address (1 host up) scanned in 0.28 seconds

stevenzhu · January 29, 2019, 11:18pm

Hi,

The problem is you are now using Nginx (as your web server) and the previously selected plugin is standalone, which means you’ll need to stop Nginx and run the renew.

However, I do think the best way to resolve this is not stop Nginx before renew, is to switch authenticator plugin to Nginx (hence reduce downtime and other issues)

If you are willing to switch to Nginx plugin, please execute the following command:
sudo certbot renew --cert-name www.registrationcenter.net -a nginx --force-renewal
(Please use force renewal, in case certbot does not change / save the new auth to this config file)

Thank you

osdtech · January 30, 2019, 2:58pm

Thank you! That appears to have worked.

system · March 1, 2019, 2:58pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.