Not able to renew SSL certificates without stopping the Webservers (nginx or apache)

nijo · March 14, 2017, 9:02am

Hi I've a hosted a webapp in AWS Ec2 instance. I created the SSL certificates using the DNS challenge. I'm not able to renew the ssl certificates without stopping my webserver. I renewed my certificates using the following command.

/opt/letsencrypt/letsencrypt-auto renew

Is there any way to renew them without stopping nginx webserver.

Osiris · March 14, 2017, 10:02am

If you used the DNS challenge, you wouldn’t have to stop any webserver (just a reload to use the new certificates).

What is the output of the renew command? If it doesn’t say much, you might want to add -v.

nijo · March 14, 2017, 10:16am

I’m getting the following error message when i try to renew the SSL certificates without stopping the nginx webserver

Attempting to renew cert from /etc/letsencrypt/renewal/example.conf produced an unexpected error: Could not bind TCP port 443 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.. Skipping.

Osiris · March 14, 2017, 10:39am

It seems certbot thinks or expects it should use the standalone plugin and not the manual plugin for the DNS challenge.

Is there a change you might have used the standalone plugin too?

nijo · March 14, 2017, 11:40am

I’didnt use standalone when creating or renewing the certifiactes

so /opt/letsencrypt/letsencrypt-auto certonly --manual -d domain will work without stopping the server right

Osiris · March 14, 2017, 3:56pm

Could you upload and/or paste the contents of the relevant .conf file in /etc/letsencrypt/renewal/?

Yes it will.

nijo · March 15, 2017, 4:45am

renew_before_expiry = 30 days

version = 0.12.0
cert = /etc/letsencrypt/live/test.com/cert.pem
privkey = /etc/letsencrypt/live/test.com/privkey.pem
chain = /etc/letsencrypt/live/test.com/chain.pem
fullchain = /etc/letsencrypt/live/test.com/fullchain.pem
archive_dir = /etc/letsencrypt/archive/test.com

Options used in the renewal process

[renewalparams]
authenticator = standalone
installer = None
account = 21dd3e5dfdsg45343wd230bb3017091829631d3

Osiris · March 15, 2017, 5:34am

That tells me you actually did use the standalone plugin at some point.

This renewal file sould be overwritten when you use letsencrypt-auto again, but this time with the manual plugin.

nijo · March 15, 2017, 7:10am

This time i updated with manual plugin. but the file is not overwritten. Is there any thing else to be done other than this command:

/opt/letsencrypt/letsencrypt-auto certonly --manual -d domain

system · April 14, 2017, 7:10am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unable to renew SSL certificate using certbot Help	19	4130	August 4, 2022
Renew letsencrypt SSL Certificates generated by DNS Challenge Help	15	4480	November 29, 2022
I cant renew certificates without stopping nginx on docker Help	5	3192	November 26, 2021
How to automatically renew certificate without stopping server Help	7	5908	January 2, 2020
Certificate renewal not possible Help	5	869	July 10, 2022

Not able to renew SSL certificates without stopping the Webservers (nginx or apache)

renew_before_expiry = 30 days

Options used in the renewal process

Related topics