Renew SSL of my website

Two files are being included into your nginx configuration:

# configuration file /etc/nginx/sites-enabled/default:
# configuration file /etc/nginx/sites-enabled/default.bak:

But one is clearly a backup of the other - both should not be used.
You can delete the .bak file or move it to another location (where it won't be used).

3 Likes

root@ip-172-31-47-28:~# sudo systemctl restart nginx
Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.
root@ip-172-31-47-28:~#

can you help me to fixed this issue

@seraj Maybe we can see enough with just this. Run:

sudo systemctl status nginx.service

and paste the results here. Only paste recent lines if there are many.

1 Like

root@ip-172-31-47-28:~# sudo systemctl status nginx.service
● nginx.service - nginx - high performance web server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: en
Active: failed (Result: exit-code) since Mon 2021-10-25 20:37:28 UTC; 27min a
Docs: nginx documentation
Process: 12356 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited
Main PID: 5908 (code=exited, status=0/SUCCESS)

Oct 25 20:37:27 ip-172-31-47-28 nginx[12356]: nginx: [emerg] bind() to [::]:443
Oct 25 20:37:28 ip-172-31-47-28 nginx[12356]: nginx: [emerg] bind() to 0.0.0.0:8
Oct 25 20:37:28 ip-172-31-47-28 nginx[12356]: nginx: [emerg] bind() to [::]:80 f
Oct 25 20:37:28 ip-172-31-47-28 nginx[12356]: nginx: [emerg] bind() to 0.0.0.0:4
Oct 25 20:37:28 ip-172-31-47-28 nginx[12356]: nginx: [emerg] bind() to [::]:443
Oct 25 20:37:28 ip-172-31-47-28 nginx[12356]: nginx: [emerg] still could not bin
Oct 25 20:37:28 ip-172-31-47-28 systemd[1]: nginx.service: Control process exite
Oct 25 20:37:28 ip-172-31-47-28 systemd[1]: Failed to start nginx - high perform
Oct 25 20:37:28 ip-172-31-47-28 systemd[1]: nginx.service: Unit entered failed s
Oct 25 20:37:28 ip-172-31-47-28 systemd[1]: nginx.service: Failed with result 'e
lines 1-17/17 (END)

@seraj I have watched this whole thread it is very strange. Can you try this:

sudo systemctl stop nginx
netstat -pant | grep -Ei ':80|listen'

I know you tried the netstat earlier and it showed nginx was listening. But, when you tried to restart it the message says it could not start due to bind failures to those ports.

The stop nginx I suggest should not do anything. But please post results anyway.

3 Likes

root@ip-172-31-47-28:~# sudo systemctl stop nginx
root@ip-172-31-47-28:~# netstat -pant | grep -Ei ':80|listen'
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 6063/nginx: master
tcp 0 0 0.0.0.0:27017 0.0.0.0:* LISTEN 1282/mongod
tcp 0 0 172.31.47.28:8080 0.0.0.0:* LISTEN 2475/server.js
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 6063/nginx: master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1314/sshd
tcp6 0 0 :::3000 :::* LISTEN 1550/server-api.js
tcp6 0 0 :::443 :::* LISTEN 6063/nginx: master
tcp6 0 0 :::80 :::* LISTEN 6063/nginx: master
tcp6 0 0 :::22 :::* LISTEN 1314/sshd
root@ip-172-31-47-28:~#

Ok, well, that is interesting. The nginx master listening on those ports has a PID of 6063 which is the same PID that showed when you used that command earlier. It appears to be stuck. Yet, it did not respond to the stop command you just tried.

I am not sure how to clear that up. Maybe restart the server. If you are using EC2 you could use its console to Restart or even Stop/Start the Instance.

At least I think we have identified why the bind errors occur. Now it is a matter of getting your system back in a good state.

2 Likes

ok i try to restart the instance

1 Like

root@ip-172-31-47-28:~# sudo systemctl start nginx
root@ip-172-31-47-28:~# sudo systemctl status nginx.service
● nginx.service - nginx - high performance web server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: en
Active: active (running) since Mon 2021-10-25 21:32:43 UTC; 1min 22s ago
Docs: nginx documentation
Main PID: 1428 (nginx)
Tasks: 3
Memory: 31.9M
CPU: 53ms
CGroup: /system.slice/nginx.service
├─1428 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.con
└─1429 nginx: worker process

Oct 25 21:32:43 ip-172-31-47-28 systemd[1]: Starting nginx - high performance we
Oct 25 21:32:43 ip-172-31-47-28 systemd[1]: Started nginx - high performance web
Oct 25 21:33:49 ip-172-31-47-28 systemd[1]: Started nginx - high performance web
lines 1-15/15 (END)

Now please how can i renew the SSL for my website

Now nginx seems better so same as you first tried:

sudo certbot renew --dry-run

Try the --dry-run first and if that works do this

sudo certbot renew
3 Likes

root@ip-172-31-47-28:~# sudo certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/library.mominoun.com.conf


Simulating renewal of an existing certificate for library.mominoun.com


Congratulations, all simulated renewals succeeded:
/etc/letsencrypt/live/library.mominoun.com/fullchain.pem (success)


root@ip-172-31-47-28:~# sudo certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/library.mominoun.com.conf


Renewing an existing certificate for library.mominoun.com
Reloading nginx server after certificate renewal


Congratulations, all renewals succeeded:
/etc/letsencrypt/live/library.mominoun.com/fullchain.pem (success)


root@ip-172-31-47-28:~#

2 Likes

Woo hoo !!

2 Likes

thank you very much

2 Likes

Note that the --dry-run is just a test of whether the renewal would succeed; it doesn't actually complete the renewal.

If you actually want to complete the renewal, you should now do

sudo certbot renew

which is like sudo certbot renew --dry-run, except that you will receive publicly trusted certificates and they will be saved on your server's disk!

3 Likes

Yes @schoen she did that and I see the server responding with a fresh chain :slight_smile:

Note the two commands were mixed in their response if you read carefully.

4 Likes

Whoops, sure enough, I just didn't look far enough down in the output to see that command mixed in.

Awesome!

3 Likes

hello

after I activate the Certificat the website downtime i don't know why?
please can you help me


502 Bad Gateway

nginx/1.15.5

That is bad news. Did it ever work after you restarted and got new cert?

Your DNS now points to 3.83.15.189 which is different than the IP you had yesterday. Was there anything else you changed since then?

If you could run sudo nginx -T and post the results we might be able to help identify the problem. I do not think the 502 is related to the new cert.

2 Likes