Renew command fails

My domain is:

Actually it doesn’t matter.

I ran this command:

certbot certonly --standalone --http-01-port 50080 --http-01-address 192.168.1.101 --preferred-challenges “http-01” --agree-tos --register-unsafely-without-email -d “mydomainname”

and it worked great. But then I tried to renew my new certificate with the next command

certbot renew --dry-run

It produced this output:

Problem binding to port 50080: Could not bind to IPv4 or IPv6… Skipping.

I don’t have any apps listening on this port. Removing existing certificate and running first command again works great.

The operating system my web server runs on is (include version):

I use Windows Subsystem for Linux (Debian GNU/Linux 10)

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

certbot 0.31.0

The renewal should have spun up a temporary web server to satisfy this request.
[as it did when you originally obtained the cert]

Something must NOT have been written down/remembered correctly about all those initial issuance parameters.

You can try to manually edit the corresponding renewal.conf file [not recommended at this point]
OR
rerun the renewal request and feed it all those “missing” parameters.

Basically something like:

certbot renew --http-01-port 50080 --http-01-address 192.168.1.101 -d “mydomainname” --dry-run

Presuming the firewall is still set as it was then, this renewal should work just as the issuance did.

I appologize in advance for not having the exact syntax and options for you; as even to me

renew
--standalone
--dry-run

Seem to overlap/contratict/negate each other.
So I’m not exactly sure how to state your desired request so that certbot can understand what to do.
[I mean I do understand you but cerbot is real picky about options/orders/etc.]

1 Like

Try also:

certbot --standalone --http-01-port 50080 --http-01-address 192.168.1.101 -d “mydomainname” --dry-run

Thank you for fast reply.

Running this command:

certbot renew --http-01-port 50080 --http-01-address 192.168.1.101 --dry-run

results with the same error message. If I add

-d rageful.me

then it shows me the next message

Currently, the renew verb is capable of either renewing all installed certificates that are due to be renewed or renewing a single certificate specified by its name. If you would like to renew specific certificates by their domains, use the certonly command instead. The renew verb may provide other options for selecting certificates to renew in the future.

Also I forgot to add some more details - originally I didn’t specify an external interface to use and cert bot showed me some other error. Verbose mode showed that certbot skipped IPv4 cause of the same error and used IPv6 insteed.

I have only one domain so -d option can be skipped (I think so). Adding --standalone didn’t change anything.

Thanks again for your help.

I never get this combination right.
I know that even recently it was in another thread but I can’t wrap my head around it.
Do both of these fail:

certbot renew --http-01-port 50080 --http-01-address 192.168.1.101 -d “mydomainname” --dry-run
certbot --standalone --http-01-port 50080 --http-01-address 192.168.1.101 -d “mydomainname” --dry-run

Not unless you use --cert-name {your.certs.name}

You can also try certonly since you won’t need it installed.
as:

certbot certonly --standalone --http-01-port 50080 --http-01-address 192.168.1.101 -d rageful.me --dry-run

This gives me the same error.

Also I tried first command once more (without removing the existing certificate):

certbot certonly --standalone --preferred-challenges “http-01” --http-01-port 50080 --http-01-address 192.168.1.101 --agree-tos --register-unsafely-without-email -d “mydomainname”

Asked me what to do (to keep the existing one or to renew). I selected option number 2 and it worked fine. Just added --dry-run at the end and got the same error with port 50080.

Will wait several weeks and try renew command without --dry-run option. Thank you.

1 Like

So I’m not the only one…
It seems counterintuitive that you take a “perfectly good running command” and just add “–dry-run” to it (just for testing), and it then returns some “you can’t do that because…” err msg.

Again I do apologize for not knowing this, I mean, not knowing how to get around this.
But there is a way - of that I am sure.
Let me search through some recent topics for similar “problems”…

You’re still getting this error, right?

Problem binding to port 50080: Could not bind to IPv4 or IPv6… Skipping.

Does your host actually have the IP 192.168.1.101? I.e., could we see the output of ifconfig or ip addr list?

Or is perhaps something else listening on port 50080?

Actually host machine indeed has this IP address. Several days ago I updated wsl up to the second version. Looks like microsoft changed networking part for it (https://github.com/microsoft/WSL/issues/4150) and wsl doesn’t see this interface.

I checked with netcat:

nc -l -s 192.168.1.101 -p 50080
Can’t grab 192.168.1.101:50080 with bind : Cannot assign requested address

This doesn’t answer how certbot managed to receive request without --dry-run option. Will dig into networking direction.

Thank you.

1 Like

Have you tried running certbot explicitly with sudo ?
sudo certbot ...

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.