Port 443 is already in use by another process error Amazon AWS instance

Help
1

Hello,
I’m getting the following error. I’m not sure how to stop port 443 if that is the issue.

443.jpg524×504 92.5 KB

Please fill out the fields below so we can help you better.

My domain is: www.lovlei.com

I ran this command: ./letsencrypt-auto certonly --standalone

It produced this output:x Port 443 is already in use by another x
x process. This will prevent us from x
x binding to that port. Please stop the x
x process that is populating the port in x
x question and try again.

My operating system is (include version): Windows 7 64 bit

My web server is (include version):bitnami-wordpress-4.6.1-5-linux-ubuntu-14.04.3-x86_64-hvm-ebs-mp-7d426cb7-9522-4dd7-a56b-55dd8cc1c8d0-ami-49075b5e.3 (ami-d62870c1)

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): using SSH

2

Try running

sudo ./certbot-auto certonly --agree-tos --rsa-key-size 4096 -m youremail@wherever.com -d www.lovlei.com --renew-by-default --dry-run

See what the output is … if it looks good then remove --dry-run and you will get your cert

1 Like
3

What do you see when you run sudo netstat -t -l -n -p | grep 443 ? Do you have nginx or apache or another webserver running on port 443?

4

Thanks Mitchell I just tried that and it presented me with these options. Which would I want to do?

5

If you’re using Apache try option 1 otherwise you can temporarily stop Apache and use option 3 or try the webroot option … keep using --dry-run so you can see the outcome of each one before you actually generate a cert

6

Hi CPU,
This is what I get. I have a total of 3 instances running on AWS. Would the other instances cause any issues?

443-2.jpg800×534 136 KB

7

I think I’m running Apache but I hate to admit that I honestly don’t know. How can I check? I’m pretty new to SSH…

Here are the results when I tried all 3 options:

Option 1

Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Option 2
Failed authorization procedure. www.lovlei.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.lovlei.com/.well-known/acme-challenge/WKdmxoDAx7flGspU8stIFfEX_Mv5_c6ur53sNbbO7YE: "

<meta http-equiv="Content-Type" content="te"

IMPORTANT NOTES:

Option 3
Is giving me the original Port 443 is already in use by another process error.

I have ensured that my A record is pointed to my server’s IP address (34.192.177.21) from GoDaddy.

8

Need to try and stop whatever web server is using port 443 and then run with option 3, this uses a standalone web server to generate the cert and straight afterwards you can fire up your web server again and then manually install the certificate into your host config

Otherwise you can go with option 2 as you can see in your errors, you just need to get you permissions correct for the /.well-known/acme-challenge/

9

It looks like httpd is running and taking port 443 for itself.

The failure message from using the Apache plugin "Option 1" in your reply to @MitchellK also suggests httpd is using port 80 and Certbot's apache startup is failing as a result.

Trying to stop the httpd service and then running Certbot might work - alternatively someone else with more Apache/Certbot/Bitnami experience might have a better fix for you!

10

What is the command to stop it?

If I can’t figure it out, I think I’ll install a new version of WP without using Bitnami. I have a suspicion that’s causing the primary issue here.

11

Have you tried

sudo service apache2 stop

I am not familiar with AWS but it sounds like it has Apache running there

1 Like
12

I’m also not at all familiar with Bitnami - I would add:

sudo /etc/init.d/httpd stop
sudo service httpd stop

to @MitchellK’s guesses

13

The command seemed to work. Not sure if it’s actually stopped now because it still gave me the same errors when running sudo ./certbot-auto certonly --agree-tos --rsa-key-size 4096 -m hello@lovlei.com -d www.lovlei.com --renew-by-default --dry-run

bitnami@ip-172-31-42-150:~$ sudo service apache2 stop

  • Stopping web server apache2 *

I think I’ll explore the bitnami forum a bit. Thanks for the help guys. Maybe I’ll find a solution I can share.

2 Likes
14

Let us know what you discover, could help future readers of this topic. Just a question when you did sudo service apache2 stop it responded saying “stopping web server apache2” … did it actually stop ???

15

Not sure honestly. How would I check?

16

Try

ps -A | grep apache

otherwise try sudo apache2ctl stop

17

Below is what I get.

bitnami@ip-172-31-42-150:~$ ps -A | grep apache
bitnami@ip-172-31-42-150:~$ sudo apache2ctl stop
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1. Set the ‘ServerName’ directive globally to suppress this message
httpd (no pid file) not running

I almost wonder if it’s an issue with Godaddy. I set my A record but it says: “Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1. Set the ‘ServerName’ directive globally to suppress this message” Not 100% sure what that means.

18

Did you create a reverse DNS entry ??? the ps -A shows apache is not running.

19

I changed my A (host) to point to point to the server if that’s what you mean. Here is a snapshot of Godaddy.

godaddy.jpg872×916 234 KB

20

Your ISP who owns the IP range needs to configure a reverse DNS (PTR) record, you can’t do that on GoDaddy as they don’t own the IP. Do you have a control panel of sorts ??? If so look in there and you will probably find somewhere to add a reverse DNS / FQDN / PTR record