My nginx process occupy port 80 an 443, and I use http challenge.
When I want certbot renew, if I must stop nginx to release port 80 for certbot?

Welcome to the Let's Encrypt Community

You can keep nginx active on ports 80 and 443 and just use this to get a new certificate:

certbot --nginx

Thanks for your reply. My problems have always been complicated.

I have tried this command(certbot --nginx) last night. I saw it edit my nginx.conf. But I do not want it to do that.
In addition, I have three domian, 1 parent domain, 2 subdomain, total 3 standalone certificate.
After I run this command, I saw 3 certificates expand to 1 certificate. I want to know how does it do that.

Finally, can I expand 3 certificates to 1 certificate by my self without edit nginx.conf automatic, and keep nginx active on ports 80? Is this complicated?

You can have certbot use nginx only for acquiring the certificate (for multiple (sub)domain names) then gracefully reload nginx after acquiring a new certificate by using:

certbot certonly --nginx -d "example.com,www.example.com,mail.example.com" --deploy-hook "nginx -s reload"

Excellent! I really appreciate your help.

And if you really don't want certbot to mess with nginx (it temporarily modifies nginx for the challenge with --nginx), you could always use the webroot authenticator.

In any case, not any reason to have to stop your nginx to get a certificate.

Thanks, I understand it better.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.