Renewal Failure on Debian/NGINX

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: pizza1.mennens.org

I ran this command: certbot nenew

It produced this output:
root@pizza1:/etc/letsencrypt/archive/pizza1.mennens.org-0001# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/pizza1.mennens.org-0001.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for pizza1.mennens.org
Cleaning up challenges
Attempting to renew cert (pizza1.mennens.org-0001) from /etc/letsencrypt/renewal/pizza1.mennens.org-0001.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/pizza1.mennens.org-0001/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/pizza1.mennens.org-0001/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

My web server is (include version): nginx version: nginx/1.14.2

The operating system my web server runs on is (include version):
cat /etc/debian_version
10.0

My hosting provider, if applicable, is: Google DNS / Registrar

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

Looks like you use the standalone authenticator, so Certbot starts a new webserver and attempts issuance. To renew you'll have to shut down the currently running webserver (nginx). You could set up Certbot to use the nginx plugin and renew your certs in an automated fashion. These directions should work for your version of Debian.

Thank you.

I selected “standalone” because the certificates were initially created for my database server so I just pointed the config at the standalone certificates. I then later installed NGINX for a new project.

Is there a way I should be integrating my certificates between NGINX and POSTGRESQL or should the stand alone creation method be fine?

Hi @cmennens

you can create one certificate (with your webserver), then copy it, so your database is able to use that certificate.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.