Problem issuing SSL Certificate for ERPNext instance

Help
1

My domain is:
Im using a subdomain
http://bsd-erp.phonevillemobile.com/

I ran this command:

It produced this output:

My web server is (include version):
Server version: Apache/2.4.58 (Ubuntu)
Server built: 2024-10-02T12:40:51

The operating system my web server runs on is (include version):
Ubuntu 24.04.2 LTS

My hosting provider, if applicable, is:
Hostinger
I can login to a root shell on my machine (yes or no, or I don't know):
Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
Ubuntu server
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.9.0

Steps to reproduce issue
cd to erpnext frappe-bench
sudo certbot

Result:

Encountered exception during recovery: certbot.errors.MisconfigurationError: nginx restart failed:
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] still could not bind()
nginx restart failed:
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] still could not bind()

How can I resolve this?

2

If your web server is Apache, why is nginx trying (and failing) to restart? What was the rest of the certbot command, or the other options you chose?

4 Likes
3

Okay sorry I forgot to add it's supposed to be:

sudo certbot --nginx

I followed this steps from tutorial:

4

So why did you run certbot --nginx if your web server is Apache, as you said in your first post?

Your use of the --nginx flag explains what you're seeing: you're already running a web server (presumably Apache, as you mentioned in the first post), so trying to start another web server (nginx) isn't going to work, as they can't both listen on the same ports.

3 Likes
5

I've setup nginx to issue the SSL

sudo systemctl status nginx

● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; preset: enabled)
Active: active (running) since Tue 2025-03-25 01:38:00 UTC; 18min ago
Docs: man:nginx(8)
Process: 16353 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process o>
Process: 16354 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=>
Main PID: 16356 (nginx)
Tasks: 3 (limit: 9486)
Memory: 2.6M (peak: 4.6M)
CPU: 85ms
CGroup: /system.slice/nginx.service
β”œβ”€16356 "nginx: master process /usr/sbin/nginx -g daemon on; master_pro>
β”œβ”€16475 "nginx: worker process"
└─16476 "nginx: worker process"

6

Now I'm facing this error:

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: <>
Type: unauthorized
Detail: <>: Invalid response from <>/.well-known/acme-challenge/mFuRUSR0Ak0hwAjc_JAybmEaNueYhgZqUtEno-bt7wQ: "\n\n\n <link rel="stylesheet" type="text/css" class="meteor-css" href="/36408fc8183fca0a5d551568692"

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

7

How is Traefik involved? Because HTTPS connections to your domain using port 443 use a default cert from Traefik

openssl s_client -connect bsd-erp.phonevillemobile.com:443

Certificate:
subject=CN = TRAEFIK DEFAULT CERT
issuer=CN = TRAEFIK DEFAULT CERT
notBefore=Mar 24 03:25:17 2025 GMT
notAfter=Mar 24 03:25:17 2026 GMT
1 Like
9

We have another application, Rocket.Chat , running on ports 80 and 443 , using Traefik for SSL. However, I don’t want to use Traefik for ERPNext SSL Is there a way to configure Nginx separately to handle SSL for ERPNext ?

10

That' s a better question for ERPNext support: Introduction

For at least the cert part, you may need to use a DNS Challenge rather than the HTTP Challenge you have been trying. Or, reconfigure Traefik to act as reverse-proxy for ERPNext.

2 Likes
11

Alright thanks.

1 Like
12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.