I obtained the certificate using sudo letsencrypt certonly --standalone --standalone-supported-challenges http-01 -d www.gaohuazuo.ml -d gaohuazuo.ml
, and verified that standalone_supported_challenges = http-01
is present in /etc/letsencrypt/renewal/www.gaohuazuo.ml.conf
. However, letsencrypt renew
still tried to authenticate with tls-sni-01
.
P.S I am using Cloudflare so tls-sni-01 challenge won’t work. I do not run apache-like web server, so webroot won’t work either.
My domain is: www.gaohuazuo.ml
I ran this command: sudo letsencrypt renew --dry-run -v
It produced this output:
Processing /etc/letsencrypt/renewal/www.gaohuazuo.ml.conf
2017-02-11 11:33:03,827:INFO:letsencrypt.cli:Cert not due for renewal, but simulating renewal for dry run
2017-02-11 11:33:04,497:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
2017-02-11 11:33:05,569:INFO:letsencrypt.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0010_key-letsencrypt.pem
2017-02-11 11:33:05,580:INFO:letsencrypt.crypto_util:Creating CSR: /etc/letsencrypt/csr/0010_csr-letsencrypt.pem
2017-02-11 11:33:05,583:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
2017-02-11 11:33:05,705:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
2017-02-11 11:33:05,840:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
2017-02-11 11:33:05,976:INFO:letsencrypt.auth_handler:Performing the following challenges:
2017-02-11 11:33:05,977:INFO:letsencrypt.auth_handler:tls-sni-01 challenge for gaohuazuo.ml
2017-02-11 11:33:05,977:INFO:letsencrypt.auth_handler:tls-sni-01 challenge for www.gaohuazuo.ml
-------------------------------------------------------------------------------
The program *** (process ID 21102) is already listening on TCP port 443.
This will prevent us from binding to that port. Please stop the *** program
temporarily and then try again. For automated renewal, you may want to use a
script that stops and starts your webserver. You can find an example at
https://letsencrypt.org/howitworks/#writing-your-own-renewal-script.
Alternatively you can use the webroot plugin to renew without needing to stop
and start your webserver.
-------------------------------------------------------------------------------
My operating system is (include version): Ubuntu 16.04 LTS
My web server is (include version): None
My hosting provider, if applicable, is: None
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No