Renew problem - renew seem to ignore the `standalone supported challenges` option


#1

I obtained the certificate using sudo letsencrypt certonly --standalone --standalone-supported-challenges http-01 -d www.gaohuazuo.ml -d gaohuazuo.ml, and verified that standalone_supported_challenges = http-01 is present in /etc/letsencrypt/renewal/www.gaohuazuo.ml.conf. However, letsencrypt renew still tried to authenticate with tls-sni-01.

P.S I am using Cloudflare so tls-sni-01 challenge won’t work. I do not run apache-like web server, so webroot won’t work either.

My domain is: www.gaohuazuo.ml

I ran this command: sudo letsencrypt renew --dry-run -v

It produced this output:

Processing /etc/letsencrypt/renewal/www.gaohuazuo.ml.conf
2017-02-11 11:33:03,827:INFO:letsencrypt.cli:Cert not due for renewal, but simulating renewal for dry run
2017-02-11 11:33:04,497:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
2017-02-11 11:33:05,569:INFO:letsencrypt.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0010_key-letsencrypt.pem
2017-02-11 11:33:05,580:INFO:letsencrypt.crypto_util:Creating CSR: /etc/letsencrypt/csr/0010_csr-letsencrypt.pem
2017-02-11 11:33:05,583:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
2017-02-11 11:33:05,705:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
2017-02-11 11:33:05,840:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
2017-02-11 11:33:05,976:INFO:letsencrypt.auth_handler:Performing the following challenges:
2017-02-11 11:33:05,977:INFO:letsencrypt.auth_handler:tls-sni-01 challenge for gaohuazuo.ml
2017-02-11 11:33:05,977:INFO:letsencrypt.auth_handler:tls-sni-01 challenge for www.gaohuazuo.ml

-------------------------------------------------------------------------------
The program *** (process ID 21102) is already listening on TCP port 443.
This will prevent us from binding to that port. Please stop the *** program
temporarily and then try again. For automated renewal, you may want to use a
script that stops and starts your webserver. You can find an example at
https://letsencrypt.org/howitworks/#writing-your-own-renewal-script.
Alternatively you can use the webroot plugin to renew without needing to stop
and start your webserver.
-------------------------------------------------------------------------------

My operating system is (include version): Ubuntu 16.04 LTS

My web server is (include version): None

My hosting provider, if applicable, is: None

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No


#2

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.