Should I release port 80 when renew?

My nginx process occupy port 80 an 443, and I use http challenge.
When I want certbot renew, if I must stop nginx to release port 80 for certbot?

1 Like

Welcome to the Let's Encrypt Community :slightly_smiling_face:

You can keep nginx active on ports 80 and 443 and just use this to get a new certificate:

certbot --nginx

2 Likes

Thanks for your reply. My problems have always been complicated. :grin:

I have tried this command(certbot --nginx) last night. I saw it edit my nginx.conf. But I do not want it to do that.
In addition, I have three domian, 1 parent domain, 2 subdomain, total 3 standalone certificate.
After I run this command, I saw 3 certificates expand to 1 certificate. I want to know how does it do that.

Finally, can I expand 3 certificates to 1 certificate by my self without edit nginx.conf automatic, and keep nginx active on ports 80? Is this complicated?

3 Likes

You can have certbot use nginx only for acquiring the certificate (for multiple (sub)domain names) then gracefully reload nginx after acquiring a new certificate by using:

certbot certonly --nginx -d "example.com,www.example.com,mail.example.com" --deploy-hook "nginx -s reload"

3 Likes

Excellent! I really appreciate your help. :grinning:

3 Likes

And if you really don't want certbot to mess with nginx (it temporarily modifies nginx for the challenge with --nginx), you could always use the webroot authenticator.

In any case, not any reason to have to stop your nginx to get a certificate.

4 Likes

Thanks, I understand it better. :+1:

3 Likes