Not able to renew SSL certificates without stopping the Webservers (nginx or apache)


#1

Hi I’ve a hosted a webapp in AWS Ec2 instance. I created the SSL certificates using the DNS challenge. I’m not able to renew the ssl certificates without stopping my webserver. I renewed my certificates using the following command.

/opt/letsencrypt/letsencrypt-auto renew

Is there any way to renew them without stopping nginx webserver.


#2

If you used the DNS challenge, you wouldn’t have to stop any webserver (just a reload to use the new certificates).

What is the output of the renew command? If it doesn’t say much, you might want to add -v.


#3

I’m getting the following error message when i try to renew the SSL certificates without stopping the nginx webserver

Attempting to renew cert from /etc/letsencrypt/renewal/example.conf produced an unexpected error: Could not bind TCP port 443 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.. Skipping.


#4

It seems certbot thinks or expects it should use the standalone plugin and not the manual plugin for the DNS challenge.

Is there a change you might have used the standalone plugin too?


#5

I’didnt use standalone when creating or renewing the certifiactes

so /opt/letsencrypt/letsencrypt-auto certonly --manual -d domain will work without stopping the server right


#6

Could you upload and/or paste the contents of the relevant .conf file in /etc/letsencrypt/renewal/?

Yes it will.


#7

renew_before_expiry = 30 days

version = 0.12.0
cert = /etc/letsencrypt/live/test.com/cert.pem
privkey = /etc/letsencrypt/live/test.com/privkey.pem
chain = /etc/letsencrypt/live/test.com/chain.pem
fullchain = /etc/letsencrypt/live/test.com/fullchain.pem
archive_dir = /etc/letsencrypt/archive/test.com

Options used in the renewal process

[renewalparams]
authenticator = standalone
installer = None
account = 21dd3e5dfdsg45343wd230bb3017091829631d3


#8

That tells me you actually did use the standalone plugin at some point.

This renewal file sould be overwritten when you use letsencrypt-auto again, but this time with the manual plugin.


#9

This time i updated with manual plugin. but the file is not overwritten. Is there any thing else to be done other than this command:

/opt/letsencrypt/letsencrypt-auto certonly --manual -d domain


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.