[solved] Can't renew this is a massive problem!

ooko0 · October 23, 2017, 3:01am

I have no idea how to fix this. But I have to fix it.

ubuntu@ip-172-31-26-151:~$ sudo certbot renew --force-renewal
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/leadit.tech.conf

Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for leadit.tech
tls-sni-01 challenge for www.leadit.tech
Waiting for verification…
Cleaning up challenges

new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/leadit.tech/fullchain.pem

Processing /etc/letsencrypt/renewal/press.visionwholesaleclub.com.conf

Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for app.cgusa.tech
tls-sni-01 challenge for dash.cgusa.tech
tls-sni-01 challenge for leadit.tech
tls-sni-01 challenge for press.visionwholesaleclub.com
tls-sni-01 challenge for www.pvpguild.com
Cleaning up challenges
nginx: [error] invalid PID number “” in "/run/nginx.pid"
Attempting to renew cert (press.visionwholesaleclub.com) from /etc/letsencrypt/renewal/press.visionwholesaleclub.com.conf produced an unexpected error: Cannot find a VirtualHost matching domain app.cgusa.tech… Skipping.

Processing /etc/letsencrypt/renewal/api.myfitnesspoints.com.conf

Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for api.myfitnesspoints.com
tls-sni-01 challenge for docs.myfitnesspoints.com
Cleaning up challenges
Attempting to renew cert (api.myfitnesspoints.com) from /etc/letsencrypt/renewal/api.myfitnesspoints.com.conf produced an unexpected error: Problem binding to port 443: Could not bind to IPv4 or IPv6… Skipping.

Processing /etc/letsencrypt/renewal/www.bossnerds.com.conf

Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for www.bossnerds.com
tls-sni-01 challenge for api.bossnerds.com
tls-sni-01 challenge for app.bossnerds.com
tls-sni-01 challenge for bossnerds.com
Cleaning up challenges
Attempting to renew cert (www.bossnerds.com) from /etc/letsencrypt/renewal/www.bossnerds.com.conf produced an unexpected error: Problem binding to port 443: Could not bind to IPv4 or IPv6… Skipping.

Processing /etc/letsencrypt/renewal/dash.cgusa.tech.conf

Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for dash.cgusa.tech
Cleaning up challenges
Attempting to renew cert (dash.cgusa.tech) from /etc/letsencrypt/renewal/dash.cgusa.tech.conf produced an unexpected error: Problem binding to port 443: Could not bind to IPv4 or IPv6… Skipping.

Processing /etc/letsencrypt/renewal/app.cgusa.tech.conf

Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for app.cgusa.tech
Cleaning up challenges
Attempting to renew cert (app.cgusa.tech) from /etc/letsencrypt/renewal/app.cgusa.tech.conf produced an unexpected error: Problem binding to port 443: Could not bind to IPv4 or IPv6… Skipping.

Processing /etc/letsencrypt/renewal/pvpguild.com.conf

Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for pvpguild.com
tls-sni-01 challenge for www.pvpguild.com
Cleaning up challenges
Attempting to renew cert (pvpguild.com) from /etc/letsencrypt/renewal/pvpguild.com.conf produced an unexpected error: Problem binding to port 443: Could not bind to IPv4 or IPv6… Skipping.

The following certs were successfully renewed:
/etc/letsencrypt/live/leadit.tech/fullchain.pem (success)

The following certs could not be renewed:
/etc/letsencrypt/live/press.visionwholesaleclub.com/fullchain.pem (failure)
/etc/letsencrypt/live/api.myfitnesspoints.com/fullchain.pem (failure)
/etc/letsencrypt/live/www.bossnerds.com/fullchain.pem (failure)
/etc/letsencrypt/live/dash.cgusa.tech/fullchain.pem (failure)
/etc/letsencrypt/live/app.cgusa.tech/fullchain.pem (failure)
/etc/letsencrypt/live/pvpguild.com/fullchain.pem (failure)
6 renew failure(s), 0 parse failure(s)

pfg · October 23, 2017, 3:57am

It looks like you might be using the nginx plugin for some of your vhosts, and the standalone plugin for others. The standalone plugin cannot be used while a web server is occupying port 443, hence the “Could not bind …” error.

Could you share the contents of /etc/letsencrypt/renewal/press.visionwholesaleclub.com.conf and /etc/letsencrypt/renewal/api.myfitnesspoints.com.conf so we can confirm this?

The solution would likely be to switch to a challenge type that can be used while the web server is running, such as the nginx or the webroot plugin. As an example, this is the command you would have to run to get the renewal configuration in /etc/letsencrypt/renewal/www.bossnerds.com.conf to use the nginx plugin in the future:

sudo certbot --nginx --force-renewal -d www.bossnerds.com -d api.bossnerds.com -d app.bossnerds.com -d bossnerds.com

You would need to run this command once for every renewal configuration file in /etc/letsencrypt/renewal/ that is currently using the standalone plugin, including the exact same list of domains currently appearing on the corresponding certificate as the -d arguments as shown in the example.

ooko0 · October 23, 2017, 4:09am

I just killed that and issue resolved.

system · November 22, 2017, 4:09am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.