Renew Error cert

Hello will expire in the next view days..... certboot renew, letsencrypt renew also not running fine.

if check the Log
2020-11-07 16:24:06,960:WARNING:certbot.renewal:Attempting to renew cert ( from
/etc/letsencrypt/renewal/ produced an unexpected error: Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.. Skipping.

2020-11-07 16:24:06,962:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/", line 430, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/usr/lib/python3/dist-packages/certbot/", line 1168, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
File "/usr/lib/python3/dist-packages/certbot/", line 116, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/usr/lib/python3/dist-packages/certbot/", line 305, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File "/usr/lib/python3/dist-packages/certbot/", line 335, in obtain_certificate
orderr = self._get_order_and_authorizations(, self.config.allow_subset_of_names)
File "/usr/lib/python3/dist-packages/certbot/", line 371, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python3/dist-packages/certbot/", line 75, in handle_authorizations
resp = self._solve_challenges(aauthzrs)
File "/usr/lib/python3/dist-packages/certbot/", line 132, in _solve_challenges
resp = self.auth.perform(all_achalls)
File "/usr/lib/python3/dist-packages/certbot_apache/", line 2280, in perform
http_response = http_doer.perform()
File "/usr/lib/python3/dist-packages/certbot_apache/", line 72, in perform
File "/usr/lib/python3/dist-packages/certbot_apache/", line 99, in _mod_config
for vh in self._relevant_vhosts():
File "/usr/lib/python3/dist-packages/certbot_apache/", line 136, in _relevant_vhosts
" {0}.".format(http01_port))
certbot.errors.PluginError: Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.

2020-11-07 16:24:06,967:INFO:certbot.renewal:Cert not yet due for renewal
2020-11-07 16:24:06,968:DEBUG:certbot.plugins.selection:Requested authenticator standalone and installer None
2020-11-07 16:24:06,968:ERROR:certbot.renewal:All renewal attempts failed. The following certs could not be renewed:
2020-11-07 16:24:06,969:ERROR:certbot.renewal: /etc/letsencrypt/live/ (failure)
2020-11-07 16:24:06,969:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/letsencrypt", line 11, in
load_entry_point('certbot==0.28.0', 'console_scripts', 'certbot')()
File "/usr/lib/python3/dist-packages/certbot/", line 1340, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/", line 1247, in renew
File "/usr/lib/python3/dist-packages/certbot/", line 455, in handle_renewal_request
len(renew_failures), len(parse_failures)))
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)

--But i have only 443 running.
apachectl -t -D DUMP_VHOSTS
VirtualHost configuration:
*:443 is a NameVirtualHost
default server mta-sts. (/etc/apache2/sites-enabled/mta-sts-ssl.conf:3)
port 443 namevhost mta-sts. (/etc/apache2/sites-enabled/mta-sts-ssl.conf:3)
port 443 namevhost (/etc/apache2/sites-enabled/webalizer-ssl.conf:3)
port 443 namevhost (/etc/apache2/sites-enabled/wordpress-ssl.conf:3)

Please how can i update this Cerrt!!

Ok i need only to enable the 000-default.conf, than certbot renew will run without problem.

But if running only with port 443, why the 80 i need? this only for recertify?
Thanks for possible help!

Yes, if using HTTP challenges (which is the typical case it seems), you need to keep port 80 open.


Port 80 only needs to do that one thing: Complete the LE challenge.
And it can do it in several secure ways:

  1. redirect ALL connections to HTTPS
  2. handle the acme-challenge requests in HTTP and redirect ALL other connections to HTTPS
  3. handle the acme-challenge requests in HTTP and return 404 for all other requests
  4. use a completely different web server service to provide this HTTP function only
  5. use a completely separate server to provide this dedicated web server service
  6. use a reverse proxy to reach the real (HTTPS) web server (only for acme-challenge requests)

I could go on, but I think you should have a good idea of options that can be run all the time and yet be secure enough to let you sleep at night. :slight_smile:

READERS: Get involved and participate: If you read something you like, then click to like it :heart:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.