Removed nginx - now I have apache, certbot fails to see my open ports

Help
1

My domain is:
provision.domains

I ran this command:
su certbot -v

It produced this output:

Account registered.
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): provision.domains
Requesting a certificate for provision.domains
Encountered exception during recovery: certbot.errors.MisconfigurationError: nginx restart
failed:
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] still could not bind()
nginx restart failed:
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] still could not bind()

My web server is AWS

The operating system my web server runs on is (include version):
Amazon Linux 2023

My hosting provider, if applicable, is: me on AWS

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
N

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

2

Please show us the log file:
cat /var/log/letsencrypt/letsencrypt.log

Please show us what is using port 80:
netstat -pant | grep -i listen | grep 80

3 Likes
3

Log:
Last login: Tue Feb 6 01:42:54 2024 from 52.94.123.175
[ec2-user@ip-172-26-10-144 ~]$ cat /var/log/letsencrypt/letsencrypt.log
cat: /var/log/letsencrypt/letsencrypt.log: Permission denied
[ec2-user@ip-172-26-10-144 ~]$ su
Password:
[root@ip-172-26-10-144 ec2-user]# cat /var/log/letsencrypt/letsencrypt.log
2024-02-06 01:43:57,853:DEBUG:certbot._internal.main:certbot version: 2.8.0
2024-02-06 01:43:57,853:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/
bin/certbot
2024-02-06 01:43:57,853:DEBUG:certbot._internal.main:Arguments: ['-v']
2024-02-06 01:43:57,853:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(Pl
uginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standal
one,PluginEntryPoint#webroot)
2024-02-06 01:43:57,865:DEBUG:certbot._internal.log:Root logging level set at 20
2024-02-06 01:43:57,866:DEBUG:certbot._internal.plugins.selection:Requested authenticator N
one and installer None
2024-02-06 01:43:58,924:DEBUG:certbot._internal.plugins.selection:Single candidate plugin:

  • nginx
    Description: Nginx Web Server plugin
    Interfaces: Authenticator, Installer, Plugin
    Entry point: EntryPoint(name='nginx', value='certbot_nginx._internal.configurator:NginxConf
    igurator', group='certbot.plugins')
    Initialized: <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f83a4ee9e
    80>
    Prep: True
    2024-02-06 01:43:58,925:DEBUG:certbot._internal.plugins.selection:Selected authenticator <c
    ertbot_nginx._internal.configurator.NginxConfigurator object at 0x7f83a4ee9e80> and install
    er <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f83a4ee9e80>
    2024-02-06 01:43:58,925:INFO:certbot._internal.plugins.selection:Plugins selected: Authenti
    cator nginx, Installer nginx
    2024-02-06 01:43:58,981:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationR
    esource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_servi
    ce_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acm
    e-v02.api.letsencrypt.org/acme/acct/1555661937', new_authzr_uri=None, terms_of_service=None
    ), b4fc032fe618309ad8ff2331d551ac57, Meta(creation_dt=datetime.datetime(2024, 2, 6, 1, 16,
    16, tzinfo=), creation_host='ip-172-26-10-144.us-west-2.compute.internal', register_to
    _eff='gerry.kirkpatrick@gmail.com'))>
    2024-02-06 01:43:58,982:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letse
    ncrypt.org/directory.
    2024-02-06 01:43:58,984:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acm
    e-v02.api.letsencrypt.org:443
    2024-02-06 01:43:59,153:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:4
    43 "GET /directory HTTP/1.1" 200 752
    2024-02-06 01:43:59,154:DEBUG:acme.client:Received response:
    HTTP 200
    Server: nginx
    Date: Tue, 06 Feb 2024 01:43:59 GMT
    Content-Type: application/json
    Content-Length: 752
    Connection: keep-alive
    Cache-Control: public, max-age=0, no-cache
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800

{
"9J1AA1He-qg": "https://community.letsencrypt.org/t/adding-random-entries-to-the-director
y/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-02/renewalInfo/"
,
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2024-02-06 01:43:59,159:DEBUG:certbot.util:Not suggesting name "_"
Traceback (most recent call last):
File "/opt/certbot/lib64/python3.9/site-packages/certbot/util.py", line 389, in get_filte
red_names
filtered_names.add(enforce_le_validity(name))
File "/opt/certbot/lib64/python3.9/site-packages/certbot/util.py", line 575, in enforce_l
e_validity
raise errors.ConfigurationError(
certbot.errors.ConfigurationError: _ contains an invalid character. Valid characters are A-
Z, a-z, 0-9, ., and -.

4

netstat -pant | grep -i listen | grep 80
tcp6 0 0 :::80 :::* LISTEN 27845/httpd

5

Perhaps the issue is here?
This is my .repo file
I had to create it

[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/amzn/2023/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/amzn/2023/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

I got it from here for amonzon Linux 2023
:



[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/amzn/2023/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/amzn/2023/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
6

The above shows an Apache server (httpd) running.

But, you requested the -nginx server plugin. This plugin needs a working nginx server but yours cannot start because it conflicts with this Apache.

You need to disable Apache if you want to use nginx for this.

4 Likes
7

I do not want to disable Apache. I want it to work with Apache.
i did see an error for an improper character. I had left out a bracket.
i fixed it and reran certbot

this is the results

Cleaning up challenges
Encountered exception during recovery: certbot.errors.MisconfigurationError: nginx restart
failed:
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] still could not bind()
nginx restart failed:
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] still could not bind()

8

How do I run certbot with Apache?

12

Try:
certbot --apache

3 Likes
13

Thank you. I will give that a go

1 Like
14

You used the --nginx option with Certbot. For Apache use --apache instead

4 Likes
15

@TheBruce, do you need both Apache and nginx?
[if not, I would uninstall what is not needed]

4 Likes
16

As you can see by calling uo a browser for provision.domains that I have apache running fine. But when I use the command certbot --apache I get a this message :slight_smile:
The requested apache plugin does not appear to be installed

17

I want Apache. Not sure how to uninstall nginx

18

How did you install nginx?

With Apache running, you can also use --webroot and just point certbot to where it should save the challenge file(s).

As with everything Apache related [in this forum], I'd start with the output of:
sudo apachectl -t -D DUMP_VHOSTS

3 Likes
19

I forget how i INSTALLED Apache. but it works. I refer to the old saying, if it works don't fix it.

I installed nginx from this link: Installing NGINX Open Source | NGINX Documentation

no matter now, I just want to remove it

20

How did you install Certbot? Which instructions did you follow or what commands did you use?

4 Likes
21

I used this command
sudo certbot certonly --nginx

22

That word DUMP scares me. Especially when its on the apachectl .
Again, I want to keep Apache

23

I just removed using this command
sudo yum remove nginx
It worked I think