Whtn I’m trying to execute ‘certbot renew --dry-run’ for ALL domains the following happens:
- nginx stoppes via pre_hook
- the certificate renews successfully
- somehow nginx starts
- the next domain says ‘Pre-hook command already run, skipping: service nginx stop’
- the error occures: ‘an unexpected error: Problem binding to port 443: Could not bind to IPv4 or IPv6… Skipping.’
The file ‘/var/run/nginx.pid’ exists when nginx is running.
I tried:
- removing pre- and post- hooks.
- stopping nginx manually
So, I beleive, something goes wrong: nginx either should not start during the renewal of the first certificate,
or it should stop after that renewal, or the second pre-hook should stop it again.
Here are my config files (currently there are 2 of them):
# renew_before_expiry = 30 days
version = 0.21.1
archive_dir = /etc/letsencrypt/archive/***.***
cert = /etc/letsencrypt/live/***.***/cert.pem
privkey = /etc/letsencrypt/live/***.***/privkey.pem
chain = /etc/letsencrypt/live/***.***/chain.pem
fullchain = /etc/letsencrypt/live/***.***/fullchain.pem
# Options used in the renewal process
[renewalparams]
authenticator = standalone
installer = nginx
pre_hook = service nginx stop
post_hook = service nginx start
account = ***
Here is complete console output:
#certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/DOMAIN1.COM.conf
-------------------------------------------------------------------------------
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator standalone, Installer nginx
Running pre-hook command: service nginx stop
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for DOMAIN1.COM
Waiting for verification...
Cleaning up challenges
nginx: [error] open() "/var/run/nginx.pid" failed (2: No such file or directory)
-------------------------------------------------------------------------------
new certificate deployed with reload of nginx server; fullchain is
/etc/letsencrypt/live/DOMAIN1.COM/fullchain.pem
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/DOMAIN2.COM.conf
-------------------------------------------------------------------------------
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator standalone, Installer nginx
Pre-hook command already run, skipping: service nginx stop
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for DOMAIN2.COM
Cleaning up challenges
Attempting to renew cert (DOMAIN2.COM) from /etc/letsencrypt/renewal/DOMAIN2.COM.conf produced an unexpected error: Problem binding to port 443: Could not bind to IPv4 or IPv6.. Skipping.
The following certs could not be renewed:
/etc/letsencrypt/live/DOMAIN2.COM/fullchain.pem (failure)
-------------------------------------------------------------------------------
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
The following certs were successfully renewed:
/etc/letsencrypt/live/DOMAIN1.COM/fullchain.pem (success)
The following certs could not be renewed:
/etc/letsencrypt/live/DOMAIN2.COM/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
-------------------------------------------------------------------------------
Running post-hook command: service nginx start
Hook command "service nginx start" returned error code 1
1 renew failure(s), 0 parse failure(s)