Renew SSL of my website

@rg305 Rudy, won't that exclude this file too which has her main domain in it?

# configuration file /etc/nginx/sites-enabled/default:
server {
    listen 80;
    listen [::]:80 default_server ipv6only=on;
    return 301 https://$host$request_uri;
}

server {
    # Enable HTTP/2
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name library.mominoun.com;
(more)

root@ip-172-31-47-28:~# cd /etc/nginx
root@ip-172-31-47-28:/etc/nginx# ls
conf.d mime.types scgi_params.default
fastcgi.conf mime.types.default sites-available
fastcgi.conf.default modules sites-enabled
fastcgi_params modules-available snippets
fastcgi_params.default modules-enabled uwsgi_params
html nginx.conf uwsgi_params.default
koi-utf nginx.conf.default win-utf
koi-win scgi_params
root@ip-172-31-47-28:/etc/nginx# nano nginx.conf
root@ip-172-31-47-28:/etc/nginx# restart nginx
restart: Unable to connect to Upstart: Failed to connect to socket /com/ubuntu/upstart: Connection refused
root@ip-172-31-47-28:/etc/nginx# cd
root@ip-172-31-47-28:~# restart nginx
restart: Unable to connect to Upstart: Failed to connect to socket /com/ubuntu/upstart: Connection refused
root@ip-172-31-47-28:~#

I guess you will have to put that setting back and manually pick and choose which files to keep enabled or disable.
OR move them to another path if they are not enabled links.

please i don't understand can explain a pre than that

Two files are being included into your nginx configuration:

# configuration file /etc/nginx/sites-enabled/default:
# configuration file /etc/nginx/sites-enabled/default.bak:

But one is clearly a backup of the other - both should not be used.
You can delete the .bak file or move it to another location (where it won't be used).

root@ip-172-31-47-28:~# sudo systemctl restart nginx
Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.
root@ip-172-31-47-28:~#

can you help me to fixed this issue

@seraj Maybe we can see enough with just this. Run:

sudo systemctl status nginx.service

and paste the results here. Only paste recent lines if there are many.

root@ip-172-31-47-28:~# sudo systemctl status nginx.service
● nginx.service - nginx - high performance web server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: en
Active: failed (Result: exit-code) since Mon 2021-10-25 20:37:28 UTC; 27min a
Docs: nginx documentation
Process: 12356 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited
Main PID: 5908 (code=exited, status=0/SUCCESS)

Oct 25 20:37:27 ip-172-31-47-28 nginx[12356]: nginx: [emerg] bind() to [::]:443
Oct 25 20:37:28 ip-172-31-47-28 nginx[12356]: nginx: [emerg] bind() to 0.0.0.0:8
Oct 25 20:37:28 ip-172-31-47-28 nginx[12356]: nginx: [emerg] bind() to [::]:80 f
Oct 25 20:37:28 ip-172-31-47-28 nginx[12356]: nginx: [emerg] bind() to 0.0.0.0:4
Oct 25 20:37:28 ip-172-31-47-28 nginx[12356]: nginx: [emerg] bind() to [::]:443
Oct 25 20:37:28 ip-172-31-47-28 nginx[12356]: nginx: [emerg] still could not bin
Oct 25 20:37:28 ip-172-31-47-28 systemd[1]: nginx.service: Control process exite
Oct 25 20:37:28 ip-172-31-47-28 systemd[1]: Failed to start nginx - high perform
Oct 25 20:37:28 ip-172-31-47-28 systemd[1]: nginx.service: Unit entered failed s
Oct 25 20:37:28 ip-172-31-47-28 systemd[1]: nginx.service: Failed with result 'e
lines 1-17/17 (END)

@seraj I have watched this whole thread it is very strange. Can you try this:

sudo systemctl stop nginx
netstat -pant | grep -Ei ':80|listen'

I know you tried the netstat earlier and it showed nginx was listening. But, when you tried to restart it the message says it could not start due to bind failures to those ports.

The stop nginx I suggest should not do anything. But please post results anyway.

root@ip-172-31-47-28:~# sudo systemctl stop nginx
root@ip-172-31-47-28:~# netstat -pant | grep -Ei ':80|listen'
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 6063/nginx: master
tcp 0 0 0.0.0.0:27017 0.0.0.0:* LISTEN 1282/mongod
tcp 0 0 172.31.47.28:8080 0.0.0.0:* LISTEN 2475/server.js
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 6063/nginx: master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1314/sshd
tcp6 0 0 :::3000 :::* LISTEN 1550/server-api.js
tcp6 0 0 :::443 :::* LISTEN 6063/nginx: master
tcp6 0 0 :::80 :::* LISTEN 6063/nginx: master
tcp6 0 0 :::22 :::* LISTEN 1314/sshd
root@ip-172-31-47-28:~#

Ok, well, that is interesting. The nginx master listening on those ports has a PID of 6063 which is the same PID that showed when you used that command earlier. It appears to be stuck. Yet, it did not respond to the stop command you just tried.

I am not sure how to clear that up. Maybe restart the server. If you are using EC2 you could use its console to Restart or even Stop/Start the Instance.

At least I think we have identified why the bind errors occur. Now it is a matter of getting your system back in a good state.

ok i try to restart the instance

root@ip-172-31-47-28:~# sudo systemctl start nginx
root@ip-172-31-47-28:~# sudo systemctl status nginx.service
● nginx.service - nginx - high performance web server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: en
Active: active (running) since Mon 2021-10-25 21:32:43 UTC; 1min 22s ago
Docs: nginx documentation
Main PID: 1428 (nginx)
Tasks: 3
Memory: 31.9M
CPU: 53ms
CGroup: /system.slice/nginx.service
├─1428 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.con
└─1429 nginx: worker process

Oct 25 21:32:43 ip-172-31-47-28 systemd[1]: Starting nginx - high performance we
Oct 25 21:32:43 ip-172-31-47-28 systemd[1]: Started nginx - high performance web
Oct 25 21:33:49 ip-172-31-47-28 systemd[1]: Started nginx - high performance web
lines 1-15/15 (END)

Now please how can i renew the SSL for my website

Now nginx seems better so same as you first tried:

sudo certbot renew --dry-run

Try the --dry-run first and if that works do this

sudo certbot renew

root@ip-172-31-47-28:~# sudo certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/library.mominoun.com.conf

Simulating renewal of an existing certificate for library.mominoun.com

Congratulations, all simulated renewals succeeded:
/etc/letsencrypt/live/library.mominoun.com/fullchain.pem (success)

root@ip-172-31-47-28:~# sudo certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/library.mominoun.com.conf

Renewing an existing certificate for library.mominoun.com
Reloading nginx server after certificate renewal

Congratulations, all renewals succeeded:
/etc/letsencrypt/live/library.mominoun.com/fullchain.pem (success)

root@ip-172-31-47-28:~#

Woo hoo !!

thank you very much

Note that the --dry-run is just a test of whether the renewal would succeed; it doesn't actually complete the renewal.

If you actually want to complete the renewal, you should now do

sudo certbot renew

which is like sudo certbot renew --dry-run, except that you will receive publicly trusted certificates and they will be saved on your server's disk!