Renewal failure - cannot bind to port

Help
#1

Hello everyone, I would like to renew my SSL certificate I am a beginner in the domain my certificate has expired so I would like to make it work again however I am a tutorial and when I do this command I have this error

My domain is: https://ohward.com/

I ran this command: certbot renew -n -q

It produced this output:

Attempting to renew cert (ohward.com-0001) from /etc/letsencrypt/renewal/ohward.com-0001.conf produced an unexpected error: Proble m binding to port 80: Could not bind to IPv4 or IPv6.. Skipping. Attempting to renew cert (ohward.com) from /etc/letsencrypt/renewal/ohward.com.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6.. Skipping. All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/ohward.com-0001/fullchain.pem (failure) /etc/letsencrypt/live/ohward.com/fullchain.pem (failure)

My web server is (include version): NGNIX

1 Like
#2

Hi and welcome to the LE community forum :slight_smile:

Please show the renewal configuration files.
/etc/letsencrypt/renewal/ohward.com-0001.conf
/etc/letsencrypt/renewal/ohward.com.conf

1 Like
#3

This may also need some cleaning up.
Please show the output of:
certbot certificates

1 Like
#5 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Attempting to parse the version 1.9.0 renewal configuration file found at /etc/letsencrypt/renewal/ohward.com-0001.conf with version 0.31.0 of Certbot. This might not work.
Attempting to parse the version 1.9.0 renewal configuration file found at /etc/letsencrypt/renewal/ohward.com.conf with version 0.31.0 of Certbot. This might not work.
OCSP check failed for /etc/letsencrypt/live/ohward.com-0001/cert.pem (are we offline?)
OCSP check failed for /etc/letsencrypt/live/ohward.com/cert.pem (are we offline?)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: ohward.com-0001
    Domains: ohward.com www.ohward.com
    Expiry Date: 2021-01-13 19:31:46+00:00 (INVALID: EXPIRED)
    Certificate Path: /etc/letsencrypt/live/ohward.com-0001/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/ohward.com-0001/privkey.pem
  Certificate Name: ohward.com
    Domains: ohward.com
    Expiry Date: 2021-01-13 18:59:16+00:00 (INVALID: EXPIRED)
    Certificate Path: /etc/letsencrypt/live/ohward.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/ohward.com/privkey.pem
#6

These configs show that you ran certbot in --standalone mode.
In order to do that now, you would need to stop nginx first.

As for the certs, they are both expired.
But the first has two names - where the second only has one.
You should probably just delete them both and reissue one with both names.

#7

Thank you rg305 !! here is the 2 config files :

# renew_before_expiry = 30 days
version = 1.9.0
archive_dir = /etc/letsencrypt/archive/ohward.com-0001
cert = /etc/letsencrypt/live/ohward.com-0001/cert.pem
privkey = /etc/letsencrypt/live/ohward.com-0001/privkey.pem
chain = /etc/letsencrypt/live/ohward.com-0001/chain.pem
fullchain = /etc/letsencrypt/live/ohward.com-0001/fullchain.pem

# Options used in the renewal process
[renewalparams]
authenticator = standalone
account = 166ca9ede148c3b9dbea2d94ba0f320e
server = https://acme-v02.api.letsencrypt.org/directory

# renew_before_expiry = 30 days
version = 1.9.0
archive_dir = /etc/letsencrypt/archive/ohward.com
cert = /etc/letsencrypt/live/ohward.com/cert.pem
privkey = /etc/letsencrypt/live/ohward.com/privkey.pem
chain = /etc/letsencrypt/live/ohward.com/chain.pem
fullchain = /etc/letsencrypt/live/ohward.com/fullchain.pem


# Options used in the renewal process
[renewalparams]
authenticator = standalone
account = 166ca9ede148c3b9dbea2d94ba0f320e
server = https://acme-v02.api.letsencrypt.org/directory
1 Like
#8

what is --santdalone mode ?

#9

That is where certbot acts as the web server to satisfy the HTTP challenge.
You must have done that to get the certs you have now.

See: User Guide — Certbot 1.11.0.dev0 documentation (eff.org)

#10

I see ! haha can you give me the steps to do to solve this problem ? step by step
I'm a beginner so I have to understand ^^

#11

That depends.
If you want to repeat what you did before:

  1. systemctl stop nginx
  2. certbot renew
  3. systemctl start nginx

If you want to "better" it a bit, then try:

  1. certbot renew --nginx
#12

i did it but nothing new append to my website ^^ I still don't have a ssl who work

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Attempting to parse the version 1.9.0 renewal configuration file found at /etc/letsencrypt/renewal/ohward.com-0001.conf with version 0.31.0 of Certbot. This might not work.
Attempting to parse the version 1.9.0 renewal configuration file found at /etc/letsencrypt/renewal/ohward.com.conf with version 0.31.0 of Certbot. This might not work.
OCSP check failed for /etc/letsencrypt/live/ohward.com-0001/cert.pem (are we offline?)
OCSP check failed for /etc/letsencrypt/live/ohward.com/cert.pem (are we offline?)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: ohward.com-0001
    Domains: ohward.com www.ohward.com
    Expiry Date: 2021-01-13 19:31:46+00:00 (INVALID: EXPIRED)
    Certificate Path: /etc/letsencrypt/live/ohward.com-0001/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/ohward.com-0001/privkey.pem
  Certificate Name: ohward.com
    Domains: ohward.com
    Expiry Date: 2021-01-13 18:59:16+00:00 (INVALID: EXPIRED)
    Certificate Path: /etc/letsencrypt/live/ohward.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/ohward.com/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
root@ip-172-31-22-65:/etc/apache2# ^C
root@ip-172-31-22-65:/etc/apache2# systemctl stop nginx
root@ip-172-31-22-65:/etc/apache2# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/ohward.com-0001.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attempting to parse the version 1.9.0 renewal configuration file found at /etc/letsencrypt/renewal/ohward.com-0001.conf with version 0.31.0 of Certbot. This might not work.
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for ohward.com
http-01 challenge for www.ohward.com
Waiting for verification...
Cleaning up challenges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/ohward.com-0001/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/ohward.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attempting to parse the version 1.9.0 renewal configuration file found at /etc/letsencrypt/renewal/ohward.com.conf with version 0.31.0 of Certbot. This might not work.
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/ohward.com/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/ohward.com-0001/fullchain.pem (success)
  /etc/letsencrypt/live/ohward.com/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
#13

Show again:
certbot certificates

#14 
Found the following certs:
  Certificate Name: ohward.com-0001
    Domains: ohward.com www.ohward.com
    Expiry Date: 2021-04-15 15:05:39+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/ohward.com-0001/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/ohward.com-0001/privkey.pem
  Certificate Name: ohward.com
    Domains: ohward.com
    Expiry Date: 2021-04-15 15:05:42+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/ohward.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/ohward.com/privkey.pem
#15

There you go.
Both certs have been renewed.

You may need to restart nginx to use them.

#16

But if you go to my website nothing happens ^^
I restarted it but nothing happens

e277d7d507a650d4ea8ccbf0f8b999d1
e277d7d507a650d4ea8ccbf0f8b999d11721×829 155 KB

#17

HTTP is served by NGINX.
HTTPS is being served by EXPRESS.

curl -Iki http://ohward.com
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Fri, 15 Jan 2021 16:15:10 GMT
Content-Type: text/html
Content-Length: 10918
Last-Modified: Fri, 10 Jul 2020 15:19:40 GMT
Connection: keep-alive
ETag: "5f08870c-2aa6"
Accept-Ranges: bytes

curl -Iki https://ohward.com
HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 1090
ETag: W/"442-gXyFsrNjgezfUO/8XClPKwDBwPI"
Date: Fri, 15 Jan 2021 16:15:34 GMT
Connection: keep-alive
#18

Can you restart EXPRESS?

#19

what is that ^^ ! explain me how

#20

I don't know.
It is your server.
I'm only showing you what it is showing me.

#21

Can you find your original instructions (from a few months ago) ?
Can you reboot the entire server?