Renewal fail when renewing multiple domains


#1

When I’m trying to renew 30 or so domains each third/fourth/fifth renewal fails because certbot claims port 443 is already in use. Is there any way to pause the script between renewals or does anyone know why this error occurs?

Thanks!

Melvin


#2

Which plugin are you using (standalone, apache, etc.)? You can see that information in your renewal configuration files in /etc/letsencrypt/renewal.

Do you use any hooks with your renew command, e.g. to stop and start your regular web server? Can you share those?


#3

I’m using the standalone plugin. We’re using letsencrypt for our mailservers which run Kerio Connect. I’m using a simple script to stop Kerio then renew the certificates and start Kerio again.

Which worked pretty well for a couple of weeks (renewal once per week via cron).

#!/bin/bash

#Stop Kerio Connect
service kerio-connect stop

#Renew Letsencrypt (was /opt/letsencrypt/letsencrypt auto renew)
/opt/letsencrypt/certbot-auto renew

#Start Kerio Connect
service kerio-connect start

Renewal configs look like:

# Options used in the renewal process
[renewalparams]
authenticator = standalone
installer = None
account = ###########

#4

Looks fine to me. I’d be curious about the logs from /var/log/letsencrypt, would you mind posting those?


#5

Quite a list :yum:, tried to get only the lines for one renewal.

DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2016-11-10 07:32:00 UTC.
INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
DEBUG:certbot.plugins.selection:Requested authenticator standalone and installer None
DEBUG:certbot.plugins.selection:Single candidate plugin: * standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot.plugins.standalone:Authenticator
Initialized: <certbot.plugins.standalone.Authenticator object at 0x7ff91bcc6f10>
Prep: True
DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.standalone.Authenticator object at 0x7ff91bcc6f10> and installer None
DEBUG:certbot.main:Picked account: <Account(498032dc9ff96876ace8c1f29e2de632)>
DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 280
DEBUG:root:Received <Response [200]>. Headers: {'Content-Length': '280', 'Expires': 'Wed, 12 Oct 2016 07:07:03 GMT', 'Boulder-Request-Id': 'mqmBcvRN88YzlpHGBetfmiiFQ_b14ypAgwcqCHtQHa0', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Wed, 12 Oct 2016 07:07:03 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'sKUO1OX37AOATNX9-D3K7EWzdwmOESsLwgZHKjgpY_4'}. Content: '{\n  "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",\n  "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",\n  "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",\n  "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"\n}'
DEBUG:acme.client:Received response <Response [200]> (headers: {'Content-Length': '280', 'Expires': 'Wed, 12 Oct 2016 07:07:03 GMT', 'Boulder-Request-Id': 'mqmBcvRN88YzlpHGBetfmiiFQ_b14ypAgwcqCHtQHa0', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Wed, 12 Oct 2016 07:07:03 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'sKUO1OX37AOATNX9-D3K7EWzdwmOESsLwgZHKjgpY_4'}): '{\n  "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",\n  "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",\n  "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",\n  "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"\n}'
INFO:certbot.main:Renewing an existing certificate
DEBUG:root:Requesting fresh nonce
DEBUG:root:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {}
DEBUG:requests.packages.urllib3.connectionpool:"HEAD /acme/new-authz HTTP/1.1" 405 0
DEBUG:root:Received <Response [405]>. Headers: {'Content-Length': '91', 'Pragma': 'no-cache', 'Boulder-Request-Id': 'G4hmsf9dkFHGWkOEExhBpObhXtPS69AOUTB1ctfnfL0', 'Expires': 'Wed, 12 Oct 2016 07:07:03 GMT', 'Server': 'nginx', 'Connection': 'keep-alive', 'Allow': 'POST', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Wed, 12 Oct 2016 07:07:03 GMT', 'Content-Type': 'application/problem+json', 'Replay-Nonce': '9kL073MjyCYUSrfKuTVda2DXC0c0nfB_NQI85UeHIXU'}. Content: ''
DEBUG:acme.client:Storing nonce: '\xf6B\xf4\xefs#\xc8&\x14J\xb7\xca\xb95]k`\xd7\x0bG4\x9d\xf0\x7f5\x02<\xe5G\x87!u'
DEBUG:acme.jose.json_util:Omitted empty fields: expires=None, challenges=None, status=None, combinations=None
DEBUG:acme.client:Serialized JSON: {"identifier": {"type": "dns", "value": "mx.privacy.nl"}, "resource": "new-authz"}
DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), kid=None, jwk=None, x5t=None, x5tS256=None, cty=None, x5u=None, typ=None, alg=None, jku=None
DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), kid=None, nonce=None, x5tS256=None, cty=None, x5t=None, x5u=None, typ=None, jku=None
DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "4Dhf9SXlYEINBZYIsmkHLyBLYZ34RlmWHGqYoovJ1rtNix-4pUNkmoUFtaRQ5KX-EnOsWbHpZVTfMMIoQ4y88Stv_SqHITLEbPz15QFBDJHEii-yc2A4Xfkp77auC8OnP0Qc0XKk4G99CaTIjTaFTe0iWe68bBMs_AzJhOgFmOVpD0Xpl0yFv2Edbgt3etDuBp94iFlvQhct41Vt5JF3d2jvGM-CeVETIFBG-aVqfoLzHsPWpboAxOGFY50jdqTwx06y3WAk7wZonz7_F_8TcWJdnz7LmuEbvoHikAGPlBazYErF2pknLYSxa-j1rtoO7G0ZT0jbCP6LjMwWMiLWYw"}}, "protected": "eyJub25jZSI6ICI5a0wwNzNNanlDWVVTcmZLdVRWZGEyRFhDMGMwbmZCX05RSTg1VWVISVhVIn0", "payload": "eyJpZGVudGlmaWVyIjogeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICJteC50cnVkaWV2YW5ha2VuLm5sIn0sICJyZXNvdXJjZSI6ICJuZXctYXV0aHoifQ", "signature": "pBA2E1hVYOWHQlozIBjtk_194EgqVUpLDYwaS0FcVXvudRt7jFjLx04PpnNxaAusz5upWJIeLSNCQ2Oj9ok9zJBX4fqG_obHZoMSTMXbn3eR1t8ZDIeKnUIfI4kFo4F7oRNWZKSX_wHt87d5-GRc2CcjfR9N-Q0aSpe0uWRXlQAWf77Fa9Sr5CKoYfsYDh48JS-eDS1cN7S-b28EBcjFXbYnZiPC8z3AjjyfQQfyIzjzbRSlrb_jEvk8cmP5-kdSLFuU-xOwrUOlysO7vHx_U1U_tMt0vk_FAL81vDUFwxX08VC1GL7e8ggDZKMFt4VtKYoGNjoFh_V3Fhq2zn5CbA"}'}
DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-authz HTTP/1.1" 201 1353
DEBUG:root:Received <Response [201]>. Headers: {'Content-Length': '1353', 'Expires': 'Wed, 12 Oct 2016 07:07:03 GMT', 'Boulder-Request-Id': 'LddB_ZoOM4HeZk4LQHSjYBOOApFXYs9-SksWSVvsZY8', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/authz/yAx7tEtb3pibeXjs8onI-SSfgwWSYM2EeX_bBT0RSOg', 'Pragma': 'no-cache', 'Boulder-Requester': '1188629', 'Date': 'Wed, 12 Oct 2016 07:07:03 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'QS59Ci7ka7vdhSHBKjtSyhGifSCrFpEvCPWL-YMkPdg'}. Content: '{\n  "identifier": {\n    "type": "dns",\n    "value": "mx.privacy.nl"\n  },\n  "status": "valid",\n  "expires": "2016-11-10T08:31:29Z",\n  "challenges": [\n    {\n      "type": "http-01",\n      "status": "pending",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/yAx7tEtb3pibeXjs8onI-SSfgwWSYM2EeX_bBT0RSOg/232276170",\n      "token": "6zRnTrs9gCZMXEryKdy24A4RxuAhAxnFGce1qfmoc_A"\n    },\n    {\n      "type": "dns-01",\n      "status": "pending",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/yAx7tEtb3pibeXjs8onI-SSfgwWSYM2EeX_bBT0RSOg/232276171",\n      "token": "l2D9HlltymxMF2OoDy7L1Dy-9btTRCeOtpjovpzRXLk"\n    },\n    {\n      "type": "tls-sni-01",\n      "status": "valid",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/yAx7tEtb3pibeXjs8onI-SSfgwWSYM2EeX_bBT0RSOg/232276172",\n      "token": "LndZYXhIdAz1rkLRUzEAJAeVCi6dTOhRwXK8VqIu1Is",\n      "keyAuthorization": "LndZYXhIdAz1rkLRUzEAJAeVCi6dTOhRwXK8VqIu1Is.9Z-n3oZLGBHg3nTqIY5_3yHLypzipjiTMIg-FTp7pVg",\n      "validationRecord": [\n        {\n          "hostname": "mx.privacy.nl",\n          "port": "443",\n          "addressesResolved": [\n            "149.210.239.199"\n          ],\n          "addressUsed": "149.210.239.199"\n        }\n      ]\n    }\n  ],\n  "combinations": [\n    [\n      1\n    ],\n    [\n      0\n    ],\n    [\n      2\n    ]\n  ]\n}'
DEBUG:acme.client:Storing nonce: 'A.}\n.\xe4k\xbb\xdd\x85!\xc1*;R\xca\x11\xa2} \xab\x16\x91/\x08\xf5\x8b\xf9\x83$=\xd8'
DEBUG:acme.client:Received response <Response [201]> (headers: {'Content-Length': '1353', 'Expires': 'Wed, 12 Oct 2016 07:07:03 GMT', 'Boulder-Request-Id': 'LddB_ZoOM4HeZk4LQHSjYBOOApFXYs9-SksWSVvsZY8', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/authz/yAx7tEtb3pibeXjs8onI-SSfgwWSYM2EeX_bBT0RSOg', 'Pragma': 'no-cache', 'Boulder-Requester': '1188629', 'Date': 'Wed, 12 Oct 2016 07:07:03 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'QS59Ci7ka7vdhSHBKjtSyhGifSCrFpEvCPWL-YMkPdg'}): '{\n  "identifier": {\n    "type": "dns",\n    "value": "mx.privacy.nl"\n  },\n  "status": "valid",\n  "expires": "2016-11-10T08:31:29Z",\n  "challenges": [\n    {\n      "type": "http-01",\n      "status": "pending",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/yAx7tEtb3pibeXjs8onI-SSfgwWSYM2EeX_bBT0RSOg/232276170",\n      "token": "6zRnTrs9gCZMXEryKdy24A4RxuAhAxnFGce1qfmoc_A"\n    },\n    {\n      "type": "dns-01",\n      "status": "pending",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/yAx7tEtb3pibeXjs8onI-SSfgwWSYM2EeX_bBT0RSOg/232276171",\n      "token": "l2D9HlltymxMF2OoDy7L1Dy-9btTRCeOtpjovpzRXLk"\n    },\n    {\n      "type": "tls-sni-01",\n      "status": "valid",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/yAx7tEtb3pibeXjs8onI-SSfgwWSYM2EeX_bBT0RSOg/232276172",\n      "token": "LndZYXhIdAz1rkLRUzEAJAeVCi6dTOhRwXK8VqIu1Is",\n      "keyAuthorization": "LndZYXhIdAz1rkLRUzEAJAeVCi6dTOhRwXK8VqIu1Is.9Z-n3oZLGBHg3nTqIY5_3yHLypzipjiTMIg-FTp7pVg",\n      "validationRecord": [\n        {\n          "hostname": "mx.privacy.nl",\n          "port": "443",\n          "addressesResolved": [\n            "149.210.239.199"\n          ],\n          "addressUsed": "149.210.239.199"\n        }\n      ]\n    }\n  ],\n  "combinations": [\n    [\n      1\n    ],\n    [\n      0\n    ],\n    [\n      2\n    ]\n  ]\n}'
DEBUG:acme.jose.json_util:Omitted empty fields: expires=None, challenges=None, status=None, combinations=None
DEBUG:acme.client:Serialized JSON: {"identifier": {"type": "dns", "value": "autodiscover.privacy.nl"}, "resource": "new-authz"}
DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), kid=None, jwk=None, x5t=None, x5tS256=None, cty=None, x5u=None, typ=None, alg=None, jku=None
DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), kid=None, nonce=None, x5tS256=None, cty=None, x5t=None, x5u=None, typ=None, jku=None
DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "4Dhf9SXlYEINBZYIsmkHLyBLYZ34RlmWHGqYoovJ1rtNix-4pUNkmoUFtaRQ5KX-EnOsWbHpZVTfMMIoQ4y88Stv_SqHITLEbPz15QFBDJHEii-yc2A4Xfkp77auC8OnP0Qc0XKk4G99CaTIjTaFTe0iWe68bBMs_AzJhOgFmOVpD0Xpl0yFv2Edbgt3etDuBp94iFlvQhct41Vt5JF3d2jvGM-CeVETIFBG-aVqfoLzHsPWpboAxOGFY50jdqTwx06y3WAk7wZonz7_F_8TcWJdnz7LmuEbvoHikAGPlBazYErF2pknLYSxa-j1rtoO7G0ZT0jbCP6LjMwWMiLWYw"}}, "protected": "eyJub25jZSI6ICJRUzU5Q2k3a2E3dmRoU0hCS2p0U3loR2lmU0NyRnBFdkNQV0wtWU1rUGRnIn0", "payload": "eyJpZGVudGlmaWVyIjogeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICJhdXRvZGlzY292ZXIudHJ1ZGlldmFuYWtlbi5ubCJ9LCAicmVzb3VyY2UiOiAibmV3LWF1dGh6In0", "signature": "bS0C5WD4QmFYezuPGkGdVkysAt6XF7AupvTxorLsBefMe7My27avfVjJnqRWiCoO4wEe9zKYUZzyr7lOD8xlwKn-R-l012eCGA7q72p0s_HJxcvmnBrdQqKFbmvhWZdKIULCYr-_m0LLRZ1g1vDZty34X1KZ4KSMvM2hAkSHNJrU7yejf4DF83l-jrHdaLSeGZwwCkXiuxnqNI-yBFdH4t8h2Xg9tDUGe1beZIeL8CYSonQiYDIEMwo83FeM08h6EVY7B2gtyzctGgFj6WyZ8zbEBrpwt9LhsKjISfC1W7nY6gNyaFmAar_v6ffyBEP7u6WRdcNCKjs9HwRSFQvnVg"}'}
DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-authz HTTP/1.1" 201 1373
DEBUG:root:Received <Response [201]>. Headers: {'Content-Length': '1373', 'Expires': 'Wed, 12 Oct 2016 07:07:03 GMT', 'Boulder-Request-Id': 'cXASoMEwg09XaZ21_eVEM_hAQCOloRDmBq-zt4P5R0k', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/authz/079cblc_SemNI9JW7RIAfqG9OFfUg2O-gtqbQsuK0RQ', 'Pragma': 'no-cache', 'Boulder-Requester': '1188629', 'Date': 'Wed, 12 Oct 2016 07:07:03 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': '2YmrXYZS_eE_bwwBZ9mhXDjYziGQEiq5pXf-4AwOOJI'}. Content: '{\n  "identifier": {\n    "type": "dns",\n    "value": "autodiscover.privacy.nl"\n  },\n  "status": "valid",\n  "expires": "2016-11-10T08:31:29Z",\n  "challenges": [\n    {\n      "type": "http-01",\n      "status": "pending",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/079cblc_SemNI9JW7RIAfqG9OFfUg2O-gtqbQsuK0RQ/232276179",\n      "token": "r2O198CRQ_AgSsiUTbhyrJSvXOW7RdfsALNPYsxT0CA"\n    },\n    {\n      "type": "tls-sni-01",\n      "status": "valid",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/079cblc_SemNI9JW7RIAfqG9OFfUg2O-gtqbQsuK0RQ/232276180",\n      "token": "IIEc64Ee2bdk31q86NiohyFnxSaVHeufiqlGA2eABJc",\n      "keyAuthorization": "IIEc64Ee2bdk31q86NiohyFnxSaVHeufiqlGA2eABJc.9Z-n3oZLGBHg3nTqIY5_3yHLypzipjiTMIg-FTp7pVg",\n      "validationRecord": [\n        {\n          "hostname": "autodiscover.privacy.nl",\n          "port": "443",\n          "addressesResolved": [\n            "149.210.239.199"\n          ],\n          "addressUsed": "149.210.239.199"\n        }\n      ]\n    },\n    {\n      "type": "dns-01",\n      "status": "pending",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/079cblc_SemNI9JW7RIAfqG9OFfUg2O-gtqbQsuK0RQ/232276181",\n      "token": "R5nSnM_w--D9in1_bWPGbLCivIXkqtUYwK1vXJKoAQs"\n    }\n  ],\n  "combinations": [\n    [\n      0\n    ],\n    [\n      1\n    ],\n    [\n      2\n    ]\n  ]\n}'
DEBUG:acme.client:Storing nonce: '\xd9\x89\xab]\x86R\xfd\xe1?o\x0c\x01g\xd9\xa1\\8\xd8\xce!\x90\x12*\xb9\xa5w\xfe\xe0\x0c\x0e8\x92'
DEBUG:acme.client:Received response <Response [201]> (headers: {'Content-Length': '1373', 'Expires': 'Wed, 12 Oct 2016 07:07:03 GMT', 'Boulder-Request-Id': 'cXASoMEwg09XaZ21_eVEM_hAQCOloRDmBq-zt4P5R0k', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/authz/079cblc_SemNI9JW7RIAfqG9OFfUg2O-gtqbQsuK0RQ', 'Pragma': 'no-cache', 'Boulder-Requester': '1188629', 'Date': 'Wed, 12 Oct 2016 07:07:03 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': '2YmrXYZS_eE_bwwBZ9mhXDjYziGQEiq5pXf-4AwOOJI'}): '{\n  "identifier": {\n    "type": "dns",\n    "value": "autodiscover.privacy.nl"\n  },\n  "status": "valid",\n  "expires": "2016-11-10T08:31:29Z",\n  "challenges": [\n    {\n      "type": "http-01",\n      "status": "pending",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/079cblc_SemNI9JW7RIAfqG9OFfUg2O-gtqbQsuK0RQ/232276179",\n      "token": "r2O198CRQ_AgSsiUTbhyrJSvXOW7RdfsALNPYsxT0CA"\n    },\n    {\n      "type": "tls-sni-01",\n      "status": "valid",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/079cblc_SemNI9JW7RIAfqG9OFfUg2O-gtqbQsuK0RQ/232276180",\n      "token": "IIEc64Ee2bdk31q86NiohyFnxSaVHeufiqlGA2eABJc",\n      "keyAuthorization": "IIEc64Ee2bdk31q86NiohyFnxSaVHeufiqlGA2eABJc.9Z-n3oZLGBHg3nTqIY5_3yHLypzipjiTMIg-FTp7pVg",\n      "validationRecord": [\n        {\n          "hostname": "autodiscover.privacy.nl",\n          "port": "443",\n          "addressesResolved": [\n            "149.210.239.199"\n          ],\n          "addressUsed": "149.210.239.199"\n        }\n      ]\n    },\n    {\n      "type": "dns-01",\n      "status": "pending",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/079cblc_SemNI9JW7RIAfqG9OFfUg2O-gtqbQsuK0RQ/232276181",\n      "token": "R5nSnM_w--D9in1_bWPGbLCivIXkqtUYwK1vXJKoAQs"\n    }\n  ],\n  "combinations": [\n    [\n      0\n    ],\n    [\n      1\n    ],\n    [\n      2\n    ]\n  ]\n}'
DEBUG:acme.jose.json_util:Omitted empty fields: expires=None, challenges=None, status=None, combinations=None
DEBUG:acme.client:Serialized JSON: {"identifier": {"type": "dns", "value": "mail.privacy.nl"}, "resource": "new-authz"}
DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), kid=None, jwk=None, x5t=None, x5tS256=None, cty=None, x5u=None, typ=None, alg=None, jku=None
DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), kid=None, nonce=None, x5tS256=None, cty=None, x5t=None, x5u=None, typ=None, jku=None
DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "4Dhf9SXlYEINBZYIsmkHLyBLYZ34RlmWHGqYoovJ1rtNix-4pUNkmoUFtaRQ5KX-EnOsWbHpZVTfMMIoQ4y88Stv_SqHITLEbPz15QFBDJHEii-yc2A4Xfkp77auC8OnP0Qc0XKk4G99CaTIjTaFTe0iWe68bBMs_AzJhOgFmOVpD0Xpl0yFv2Edbgt3etDuBp94iFlvQhct41Vt5JF3d2jvGM-CeVETIFBG-aVqfoLzHsPWpboAxOGFY50jdqTwx06y3WAk7wZonz7_F_8TcWJdnz7LmuEbvoHikAGPlBazYErF2pknLYSxa-j1rtoO7G0ZT0jbCP6LjMwWMiLWYw"}}, "protected": "eyJub25jZSI6ICIyWW1yWFlaU19lRV9id3dCWjltaFhEall6aUdRRWlxNXBYZi00QXdPT0pJIn0", "payload": "eyJpZGVudGlmaWVyIjogeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICJtYWlsLnRydWRpZXZhbmFrZW4ubmwifSwgInJlc291cmNlIjogIm5ldy1hdXRoeiJ9", "signature": "umZYE2kOgbKeQo9MhF7fC8lWqFZ1C5YGRjsKADPZqSNbETdJHrbKylXcjfkIPuyLSyy5pmZR1cGGf9O529g1qmA38p7dJvAi4AgCaB72E3XY2KgkJwXTHvGLqK9Sw2fFv45SJgLqCnuliZy-C7Qmm2xJLuLDyTxAo3TW4YtvTQ9hdd8A68qhPJ-ExB7oi9jgwVnrcKbGXrfKdvICnYTw6HF3WzHxAFaCYeIvEhrPu_rsbZ-5JlMJ4ISsc0o-0xm-tixH_BsKiLrzYD0H84s0ejC1lGU2VOQELXg2DghTUT60951oLnReHt2u9S5H1Byh-G4XQS4sEwSJ25B_7HgBmQ"}'}
DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-authz HTTP/1.1" 201 1357
DEBUG:root:Received <Response [201]>. Headers: {'Content-Length': '1357', 'Expires': 'Wed, 12 Oct 2016 07:07:04 GMT', 'Boulder-Request-Id': 'q1LEiMwh9-EmbHlnPbNW0mz-CdgyU3_TQe77e2-o3Qo', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/authz/UPleq7dGq9mPib4bJ7VIz7RU4FCGL-bpb2Ups2OkVFk', 'Pragma': 'no-cache', 'Boulder-Requester': '1188629', 'Date': 'Wed, 12 Oct 2016 07:07:04 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'M2a0sWi5iVju5lYVN6K_Bg-nzr7Q_V49_oNDaNm_SaY'}. Content: '{\n  "identifier": {\n    "type": "dns",\n    "value": "mail.privacy.nl"\n  },\n  "status": "valid",\n  "expires": "2016-11-10T08:31:29Z",\n  "challenges": [\n    {\n      "type": "http-01",\n      "status": "pending",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/UPleq7dGq9mPib4bJ7VIz7RU4FCGL-bpb2Ups2OkVFk/232276176",\n      "token": "Uqk8vWwTpyne0q0GjesprNgnrmDsk2QzOXO8qSIi_Ec"\n    },\n    {\n      "type": "dns-01",\n      "status": "pending",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/UPleq7dGq9mPib4bJ7VIz7RU4FCGL-bpb2Ups2OkVFk/232276177",\n      "token": "ezYa8wrQz_I30IuASCWwGW_9ZiXxIoD597Mft-vQZ-U"\n    },\n    {\n      "type": "tls-sni-01",\n      "status": "valid",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/UPleq7dGq9mPib4bJ7VIz7RU4FCGL-bpb2Ups2OkVFk/232276178",\n      "token": "loXiH31A-CGoGUdD8dj3e6Dp-m4V_dcfeEc5fmjhgyA",\n      "keyAuthorization": "loXiH31A-CGoGUdD8dj3e6Dp-m4V_dcfeEc5fmjhgyA.9Z-n3oZLGBHg3nTqIY5_3yHLypzipjiTMIg-FTp7pVg",\n      "validationRecord": [\n        {\n          "hostname": "mail.privacy.nl",\n          "port": "443",\n          "addressesResolved": [\n            "149.210.239.199"\n          ],\n          "addressUsed": "149.210.239.199"\n        }\n      ]\n    }\n  ],\n  "combinations": [\n    [\n      0\n    ],\n    [\n      2\n    ],\n    [\n      1\n    ]\n  ]\n}'
DEBUG:acme.client:Storing nonce: '3f\xb4\xb1h\xb9\x89X\xee\xe6V\x157\xa2\xbf\x06\x0f\xa7\xce\xbe\xd0\xfd^=\xfe\x83Ch\xd9\xbfI\xa6'
DEBUG:acme.client:Received response <Response [201]> (headers: {'Content-Length': '1357', 'Expires': 'Wed, 12 Oct 2016 07:07:04 GMT', 'Boulder-Request-Id': 'q1LEiMwh9-EmbHlnPbNW0mz-CdgyU3_TQe77e2-o3Qo', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/authz/UPleq7dGq9mPib4bJ7VIz7RU4FCGL-bpb2Ups2OkVFk', 'Pragma': 'no-cache', 'Boulder-Requester': '1188629', 'Date': 'Wed, 12 Oct 2016 07:07:04 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'M2a0sWi5iVju5lYVN6K_Bg-nzr7Q_V49_oNDaNm_SaY'}): '{\n  "identifier": {\n    "type": "dns",\n    "value": "mail.privacy.nl"\n  },\n  "status": "valid",\n  "expires": "2016-11-10T08:31:29Z",\n  "challenges": [\n    {\n      "type": "http-01",\n      "status": "pending",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/UPleq7dGq9mPib4bJ7VIz7RU4FCGL-bpb2Ups2OkVFk/232276176",\n      "token": "Uqk8vWwTpyne0q0GjesprNgnrmDsk2QzOXO8qSIi_Ec"\n    },\n    {\n      "type": "dns-01",\n      "status": "pending",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/UPleq7dGq9mPib4bJ7VIz7RU4FCGL-bpb2Ups2OkVFk/232276177",\n      "token": "ezYa8wrQz_I30IuASCWwGW_9ZiXxIoD597Mft-vQZ-U"\n    },\n    {\n      "type": "tls-sni-01",\n      "status": "valid",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/UPleq7dGq9mPib4bJ7VIz7RU4FCGL-bpb2Ups2OkVFk/232276178",\n      "token": "loXiH31A-CGoGUdD8dj3e6Dp-m4V_dcfeEc5fmjhgyA",\n      "keyAuthorization": "loXiH31A-CGoGUdD8dj3e6Dp-m4V_dcfeEc5fmjhgyA.9Z-n3oZLGBHg3nTqIY5_3yHLypzipjiTMIg-FTp7pVg",\n      "validationRecord": [\n        {\n          "hostname": "mail.privacy.nl",\n          "port": "443",\n          "addressesResolved": [\n            "149.210.239.199"\n          ],\n          "addressUsed": "149.210.239.199"\n        }\n      ]\n    }\n  ],\n  "combinations": [\n    [\n      0\n    ],\n    [\n      2\n    ],\n    [\n      1\n    ]\n  ]\n}'
DEBUG:acme.jose.json_util:Omitted empty fields: expires=None, challenges=None, status=None, combinations=None
DEBUG:acme.client:Serialized JSON: {"identifier": {"type": "dns", "value": "webmail.privacy.nl"}, "resource": "new-authz"}
DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), kid=None, jwk=None, x5t=None, x5tS256=None, cty=None, x5u=None, typ=None, alg=None, jku=None
DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), kid=None, nonce=None, x5tS256=None, cty=None, x5t=None, x5u=None, typ=None, jku=None
DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "4Dhf9SXlYEINBZYIsmkHLyBLYZ34RlmWHGqYoovJ1rtNix-4pUNkmoUFtaRQ5KX-EnOsWbHpZVTfMMIoQ4y88Stv_SqHITLEbPz15QFBDJHEii-yc2A4Xfkp77auC8OnP0Qc0XKk4G99CaTIjTaFTe0iWe68bBMs_AzJhOgFmOVpD0Xpl0yFv2Edbgt3etDuBp94iFlvQhct41Vt5JF3d2jvGM-CeVETIFBG-aVqfoLzHsPWpboAxOGFY50jdqTwx06y3WAk7wZonz7_F_8TcWJdnz7LmuEbvoHikAGPlBazYErF2pknLYSxa-j1rtoO7G0ZT0jbCP6LjMwWMiLWYw"}}, "protected": "eyJub25jZSI6ICJNMmEwc1dpNWlWanU1bFlWTjZLX0JnLW56cjdRX1Y0OV9vTkRhTm1fU2FZIn0", "payload": "eyJpZGVudGlmaWVyIjogeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICJ3ZWJtYWlsLnRydWRpZXZhbmFrZW4ubmwifSwgInJlc291cmNlIjogIm5ldy1hdXRoeiJ9", "signature": "ZarGo8DRk8PH3iclBDbG51dNfbmw3KBObu_xz9VCQiikVWikI0oMB6GE3jk6Tm1QB-mwvIONdZ4nCjZtwZY3Y0_KT4jrwff25Je59KugZwyRFh4ovPYGGJJ4gKQtfOeZi7FAkndCfiCvIIWYcT-TlmLFP_SRiyLg8eOiUqn0HDI7rXOP81OjqfqiXy6zj3UhA3pV6y_h7tkaHDno7q7_f_ygEMamE49svwC09UEn6vL7hudUKCB12nkSHqn8Q39fqmUvDcgh6tkB11JAx3Wh1jbKlpG2MQtGUq0aRPoWtNrgZItd_OubpHatau3g9PZsssbBm-iquW1KDOMiJvdu6Q"}'}
DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-authz HTTP/1.1" 201 1363
DEBUG:root:Received <Response [201]>. Headers: {'Content-Length': '1363', 'Expires': 'Wed, 12 Oct 2016 07:07:04 GMT', 'Boulder-Request-Id': '6FlwNdHRQZLzUj_jPXvkdJFePw9DFnCyKKCopiSARsQ', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/authz/SLdYebu7HPf4qR7UOa22SW67uyenFl4KrNq0dpeHipk', 'Pragma': 'no-cache', 'Boulder-Requester': '1188629', 'Date': 'Wed, 12 Oct 2016 07:07:04 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'yK8fF6dKMtnTmpTXk282qg4AvZXIQ0fdk8G-mbMDiG8'}. Content: '{\n  "identifier": {\n    "type": "dns",\n    "value": "webmail.privacy.nl"\n  },\n  "status": "valid",\n  "expires": "2016-11-10T08:31:28Z",\n  "challenges": [\n    {\n      "type": "tls-sni-01",\n      "status": "valid",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/SLdYebu7HPf4qR7UOa22SW67uyenFl4KrNq0dpeHipk/232276173",\n      "token": "jTM-MB5xLEayZ34SpcJNjq5CSNF56tr_wV6uPOSySlE",\n      "keyAuthorization": "jTM-MB5xLEayZ34SpcJNjq5CSNF56tr_wV6uPOSySlE.9Z-n3oZLGBHg3nTqIY5_3yHLypzipjiTMIg-FTp7pVg",\n      "validationRecord": [\n        {\n          "hostname": "webmail.privacy.nl",\n          "port": "443",\n          "addressesResolved": [\n            "149.210.239.199"\n          ],\n          "addressUsed": "149.210.239.199"\n        }\n      ]\n    },\n    {\n      "type": "http-01",\n      "status": "pending",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/SLdYebu7HPf4qR7UOa22SW67uyenFl4KrNq0dpeHipk/232276174",\n      "token": "imD--Z-1e3yWATZqswvPHaex1DunZhKUo_ZzRG84z-A"\n    },\n    {\n      "type": "dns-01",\n      "status": "pending",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/SLdYebu7HPf4qR7UOa22SW67uyenFl4KrNq0dpeHipk/232276175",\n      "token": "4wJY0az-evfSrZUArx7Pfa2bxQ83SLohpu8bUeFzHOc"\n    }\n  ],\n  "combinations": [\n    [\n      2\n    ],\n    [\n      0\n    ],\n    [\n      1\n    ]\n  ]\n}'
DEBUG:acme.client:Storing nonce: '\xc8\xaf\x1f\x17\xa7J2\xd9\xd3\x9a\x94\xd7\x93o6\xaa\x0e\x00\xbd\x95\xc8CG\xdd\x93\xc1\xbe\x99\xb3\x03\x88o'
DEBUG:acme.client:Received response <Response [201]> (headers: {'Content-Length': '1363', 'Expires': 'Wed, 12 Oct 2016 07:07:04 GMT', 'Boulder-Request-Id': '6FlwNdHRQZLzUj_jPXvkdJFePw9DFnCyKKCopiSARsQ', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/authz/SLdYebu7HPf4qR7UOa22SW67uyenFl4KrNq0dpeHipk', 'Pragma': 'no-cache', 'Boulder-Requester': '1188629', 'Date': 'Wed, 12 Oct 2016 07:07:04 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'yK8fF6dKMtnTmpTXk282qg4AvZXIQ0fdk8G-mbMDiG8'}): '{\n  "identifier": {\n    "type": "dns",\n    "value": "webmail.privacy.nl"\n  },\n  "status": "valid",\n  "expires": "2016-11-10T08:31:28Z",\n  "challenges": [\n    {\n      "type": "tls-sni-01",\n      "status": "valid",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/SLdYebu7HPf4qR7UOa22SW67uyenFl4KrNq0dpeHipk/232276173",\n      "token": "jTM-MB5xLEayZ34SpcJNjq5CSNF56tr_wV6uPOSySlE",\n      "keyAuthorization": "jTM-MB5xLEayZ34SpcJNjq5CSNF56tr_wV6uPOSySlE.9Z-n3oZLGBHg3nTqIY5_3yHLypzipjiTMIg-FTp7pVg",\n      "validationRecord": [\n        {\n          "hostname": "webmail.privacy.nl",\n          "port": "443",\n          "addressesResolved": [\n            "149.210.239.199"\n          ],\n          "addressUsed": "149.210.239.199"\n        }\n      ]\n    },\n    {\n      "type": "http-01",\n      "status": "pending",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/SLdYebu7HPf4qR7UOa22SW67uyenFl4KrNq0dpeHipk/232276174",\n      "token": "imD--Z-1e3yWATZqswvPHaex1DunZhKUo_ZzRG84z-A"\n    },\n    {\n      "type": "dns-01",\n      "status": "pending",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/SLdYebu7HPf4qR7UOa22SW67uyenFl4KrNq0dpeHipk/232276175",\n      "token": "4wJY0az-evfSrZUArx7Pfa2bxQ83SLohpu8bUeFzHOc"\n    }\n  ],\n  "combinations": [\n    [\n      2\n    ],\n    [\n      0\n    ],\n    [\n      1\n    ]\n  ]\n}'
INFO:certbot.auth_handler:Performing the following challenges:
INFO:certbot.auth_handler:tls-sni-01 challenge for mx.privacy.nl
INFO:certbot.auth_handler:tls-sni-01 challenge for autodiscover.privacy.nl
INFO:certbot.auth_handler:tls-sni-01 challenge for mail.privacy.nl
INFO:certbot.auth_handler:tls-sni-01 challenge for webmail.privacy.nl
DEBUG:certbot.plugins.util:Psutil not found, using simple socket check.
DEBUG:certbot.plugins.util:Psutil not found, using simple socket check.
DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 112, in _solve_challenges
    resp = self.auth.perform(self.achalls)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/plugins/standalone.py", line 224, in perform
    "At least one of the (possibly) required ports is "
MisconfigurationError: At least one of the (possibly) required ports is already taken.

DEBUG:certbot.error_handler:Calling registered functions
INFO:certbot.auth_handler:Cleaning up challenges
WARNING:certbot.renewal:Attempting to renew cert from /etc/letsencrypt/renewal/mx.privacy.nl.conf produced an unexpected error: At least one of the (possibly) required ports is already taken.. Skipping.
DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/renewal.py", line 348, in renew_all_lineages
    main.obtain_cert(lineage_config, plugins, renewal_candidate)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 563, in obtain_cert
    action, _ = _auth_from_domains(le_client, config, domains, lineage)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 96, in _auth_from_domains
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/renewal.py", line 238, in renew_cert
    new_certr, new_chain, new_key, _ = le_client.obtain_certificate(domains)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/client.py", line 253, in obtain_certificate
    self.config.allow_subset_of_names)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 74, in get_authorizations
    resp = self._solve_challenges()
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 112, in _solve_challenges
    resp = self.auth.perform(self.achalls)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/plugins/standalone.py", line 224, in perform
    "At least one of the (possibly) required ports is "
MisconfigurationError: At least one of the (possibly) required ports is already taken.

#6

You can get certbot to include the PID and process name of whatever’s listening on port 443 by adding the psutil package like this:

/root/.local/share/letsencrypt/bin/pip install psutil==3.3.0

Afterwards, re-run your renew command and the error message should include something like “The program foobar (process ID 1234) is already listening …”.


#7

Strange enough after installing the psutil the error seems to be gone. I’ll have to wait until next week to check it for sure.


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.