Subdomains set up 'Problem binding to port 80'

Help
#1

I have successfully set up certbot for mpark.uk. This address points to a self-hosted URL shortener (YOURLS) that is hosted on Google Cloud Platform with the following configuration:

  • Ubuntu: 20.04.2 LTS
  • Nginx: 1.18.0
  • Certbot: 1.13.0
  • Snap: 2.49.1

Cloud DNS configuration on GCP

DNS name Type TTL Data
mpark.uk. A 300 Static IP of server
mpark.uk. SOA 21600 ns-cloud-a1.googledomains.com. cloud-dns-hostmaster.google.com. 1 21600 3600 259200 300
mpark.uk. NS 21600 ns-cloud-a1.googledomains.com. ns-cloud-a2.googledomains.com. ns-cloud-a3.googledomains.com. ns-cloud-a4.googledomains.com.
wiki.mpark.uk. CNAME 300 mrmpark.github.io.
www.mpark.uk. CNAME 300 mpark.uk.

Nginx configuration for YOURLS

$ cat /etc/nginx/sites-enabled/yourls.conf 
server {
  server_name mpark.uk;
  root /var/www/html/YOURLS;
  index index.php index.html index.htm;
  location / {
    try_files $uri $uri/ /yourls-loader.php$is_args$args;
  }
 
  location ~ \.php$ {
    try_files $uri =404;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_index index.php;
    fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
    include fastcgi_params;
  }
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/mpark.uk/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mpark.uk/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
    if ($host = mpark.uk) {
        return 301 https://$host$request_uri;
    } # managed by Certbot
  listen 80;
  server_name mpark.uk;
    return 404; # managed by Certbot

I made the assumption that the subdomains would be secured as part of the set up process for the main domain, but when I checked whether the subdomains were secured, I realised that this is not the case. I then attempted to add the wiki & www subdomains as follows:

$ sudo certbot certonly –standalone -d mpark.uk -d www.mpark.uk -d wiki.mpark.uk`
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/mpark.uk.conf)
It contains these names: mpark.uk
You requested these names for the new certificate: mpark.uk, www.mpark.uk,
wiki.mpark.uk.
Do you want to expand and replace this existing certificate with the new
certificate?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(E)xpand/(C)ancel: e
Renewing an existing certificate for mpark.uk and 2 more domains
Performing the following challenges:
http-01 challenge for wiki.mpark.uk
http-01 challenge for www.mpark.uk
Cleaning up challenges
Problem binding to port 80: Could not bind to IPv4 or IPv6.

I then tried to stop Nginx, run the above command again and then restart, which produced the same result. I am not sure if the problem is caused by an incorrect Nginx / certbot configuration or something else. Any assistance to help get this working would be much appreciated.

Kind regards,

Mike

#2

Why are you using the standalone plugin in combination with certonly? The fact your nginx configuration mentions comments with # managed by Certbot suggests you've used certbot --nginx (without standalone too) to set up your certificate the first time. You should be perfectly able to use that the second time too, but now with the extra -d options.

I do see however that your nginx configuration only includes server_name mpark.uk; and not the www subdomain, nor the wiki subdomain. You probably want to configure nginx properly before requesting a certificate for those hostnames.

#3

Yes indeed - I set up the certificate for the first time using certbot --nginx. When I realised that the subdomains were not protected by default, I searched for a solution online which led me to incorrectly use the standalone command, which obviously wasn't what I should have done. Here are the commands that were used for the initial setup:

$ sudo snap install --classic certbot
$ sudo ln -s /snap/bin/certbot /usr/bin/certbot
$ sudo certbot --nginx
$ sudo certbot renew --dry-run

What is the correct way to set this up? Thanks for your help with this.

Edit: Also, what steps / command(s) do I need to execute to undo the standalone command? Thanks.

#4

The command sudo certbot --nginx should detect all the hostnames configured in your nginx, so if your www and wiki subdomains don't show up, please configure your nginx properly to include those subdomains. Afterwards, run the sudo certbot --nginx command again and select the (sub)domains from the list presented.

None, as it didn't do anything as far as I can tell. It only errored out with the binding to port 80 issue, but that wouldn't permanently change anything in the certbot configuration.

1 Like
#5

Thanks Osiris. I will figure out how to add the subdomains to nginx conf and then try again.

1 Like
#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.