Problem binding to port 80 winerror 10013

Good morning everyone, I am having issues with certbot, I understand I need to turn off the web services momentarily so that certbot has access to port 80. My issue is that I am not sure what I need to turn off.

I went to IIS and Stopped it there. I also stopped all the Services it was running.
image

If I can get an idea of what else I need to turn off, I would appreciate it.

My domain is:
berkeleycitizens.org

I ran this command:
certbot certonly --standalone

It produced this output:
Problem binding to port 80: [WinError 10013] An attempt was made to access a socket in a way
forbidden by its access permissions.

My web server is (include version):
Not sure.

The operating system my web server runs on is (include version):
Windows Server 2019 Standard, Version 1809.

My hosting provider, if applicable, is:
N/A

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No, IIS/Wordpress

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Certbot 1.24.0

Thank you for your help.

1 Like

I have no experience with certbot for Windows...
But, have you tried running is as admin?

And do you really need to turn of IIS to get a cert?
[there are other ways, like using --webroot]

3 Likes

If you're using IIS, and particularly if you're trying to get a certificate to use with IIS, you probably want to use one of the Windows-specific clients that's more designed for that use case. Certbot integrates with Apache/Nginx much easier than it integrates with IIS.

6 Likes

Hello Peter, thank you for your suggestion, I used win-acme and it was simple enough to generate it, now I have an issue where it says I have a valid cert but it is still not secure. Do you have any idea what this could be? I don't know if I need to do an extra step after generating the cert.

image

Thank you,

1 Like

It looks like your site doesn't automatically redirect from http://berkeleycitizens.org to https://berkeleycitizens.org, so many browsers won't use the secure connection if you just type in the name.

Your site also has "mixed content", where even when your site loads over https:// it has embedded images and scripts and such which still load over http://.

I'm not familiar enough with IIS/win-acme or your site software (is it Wordpress?) to be able to give you specifics on how to fix those, but other people here might be.

5 Likes

Thank you, actually this was very helpful, you gave me an idea on what to do and I got it working.

2 Likes