I ran this command: ./letsencrypt-auto certonly --standalone
It produced this output:x Port 443 is already in use by another x
x process. This will prevent us from x
x binding to that port. Please stop the x
x process that is populating the port in x
x question and try again.
My operating system is (include version): Windows 7 64 bit
My web server is (include version):bitnami-wordpress-4.6.1-5-linux-ubuntu-14.04.3-x86_64-hvm-ebs-mp-7d426cb7-9522-4dd7-a56b-55dd8cc1c8d0-ami-49075b5e.3 (ami-d62870c1)
My hosting provider, if applicable, is: AWS
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): using SSH
If you’re using Apache try option 1 otherwise you can temporarily stop Apache and use option 3 or try the webroot option … keep using --dry-run so you can see the outcome of each one before you actually generate a cert
I think I’m running Apache but I hate to admit that I honestly don’t know. How can I check? I’m pretty new to SSH…
Here are the results when I tried all 3 options:
Option 1
Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.
AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
Option 3
Is giving me the original Port 443 is already in use by another process error.
I have ensured that my A record is pointed to my server’s IP address (34.192.177.21) from GoDaddy.
Need to try and stop whatever web server is using port 443 and then run with option 3, this uses a standalone web server to generate the cert and straight afterwards you can fire up your web server again and then manually install the certificate into your host config
Otherwise you can go with option 2 as you can see in your errors, you just need to get you permissions correct for the /.well-known/acme-challenge/
It looks like httpd is running and taking port 443 for itself.
The failure message from using the Apache plugin "Option 1" in your reply to @MitchellK also suggests httpd is using port 80 and Certbot's apache startup is failing as a result.
Trying to stop the httpd service and then running Certbot might work - alternatively someone else with more Apache/Certbot/Bitnami experience might have a better fix for you!
The command seemed to work. Not sure if it’s actually stopped now because it still gave me the same errors when running sudo ./certbot-auto certonly --agree-tos --rsa-key-size 4096 -m hello@lovlei.com -d www.lovlei.com --renew-by-default --dry-run
bitnami@ip-172-31-42-150:~$ sudo service apache2 stop
Stopping web server apache2 *
I think I’ll explore the bitnami forum a bit. Thanks for the help guys. Maybe I’ll find a solution I can share.
Let us know what you discover, could help future readers of this topic. Just a question when you did sudo service apache2 stop it responded saying “stopping web server apache2” … did it actually stop ???
bitnami@ip-172-31-42-150:~$ ps -A | grep apache
bitnami@ip-172-31-42-150:~$ sudo apache2ctl stop
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1. Set the ‘ServerName’ directive globally to suppress this message
httpd (no pid file) not running
I almost wonder if it’s an issue with Godaddy. I set my A record but it says: “Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1. Set the ‘ServerName’ directive globally to suppress this message” Not 100% sure what that means.
Your ISP who owns the IP range needs to configure a reverse DNS (PTR) record, you can’t do that on GoDaddy as they don’t own the IP. Do you have a control panel of sorts ??? If so look in there and you will probably find somewhere to add a reverse DNS / FQDN / PTR record