Not able to renew SSL certificates without stopping the Webservers (nginx or apache)

Hi I've a hosted a webapp in AWS Ec2 instance. I created the SSL certificates using the DNS challenge. I'm not able to renew the ssl certificates without stopping my webserver. I renewed my certificates using the following command.

/opt/letsencrypt/letsencrypt-auto renew

Is there any way to renew them without stopping nginx webserver.

If you used the DNS challenge, you wouldn’t have to stop any webserver (just a reload to use the new certificates).

What is the output of the renew command? If it doesn’t say much, you might want to add -v.

I’m getting the following error message when i try to renew the SSL certificates without stopping the nginx webserver

Attempting to renew cert from /etc/letsencrypt/renewal/example.conf produced an unexpected error: Could not bind TCP port 443 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.. Skipping.

It seems certbot thinks or expects it should use the standalone plugin and not the manual plugin for the DNS challenge.

Is there a change you might have used the standalone plugin too?

I’didnt use standalone when creating or renewing the certifiactes

so /opt/letsencrypt/letsencrypt-auto certonly --manual -d domain will work without stopping the server right

Could you upload and/or paste the contents of the relevant .conf file in /etc/letsencrypt/renewal/?

Yes it will.

renew_before_expiry = 30 days

version = 0.12.0
cert = /etc/letsencrypt/live/test.com/cert.pem
privkey = /etc/letsencrypt/live/test.com/privkey.pem
chain = /etc/letsencrypt/live/test.com/chain.pem
fullchain = /etc/letsencrypt/live/test.com/fullchain.pem
archive_dir = /etc/letsencrypt/archive/test.com

Options used in the renewal process

[renewalparams]
authenticator = standalone
installer = None
account = 21dd3e5dfdsg45343wd230bb3017091829631d3

That tells me you actually did use the standalone plugin at some point.

This renewal file sould be overwritten when you use letsencrypt-auto again, but this time with the manual plugin.

This time i updated with manual plugin. but the file is not overwritten. Is there any thing else to be done other than this command:

/opt/letsencrypt/letsencrypt-auto certonly --manual -d domain

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.