Trouble setting up Nginx and Certbot for Jellyfin

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: n00bserver.duckdns.org

I ran this command: sudo certbot

It produced this output: Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Deploying certificate
Successfully deployed certificate for n00bserver.duckdns.org to /etc/nginx/conf.d/default.conf
An error occurred and we failed to restore your config and restart your server. Please post to https://communit y.letsencrypt.org/c/help with details about your configuration and this error you received.
Encountered exception during recovery: certbot.errors.MisconfigurationError: nginx restart failed:
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] still could not bind()

NEXT STEPS:

  • The certificate was saved, but could not be installed (installer: nginx). After fixing the error shown below, try installing it again by running:
    certbot install --cert-name n00bserver.duckdns.org

nginx restart failed:
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] still could not bind()

Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt /letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): Jellyfin.Server 10.10.0.0? I'm not sure if this is what you mean.

The operating system my web server runs on is (include version): Ubuntu 24.04.1 LTS

My hosting provider, if applicable, is: DuckDNS

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.11.0

Something else is already listening on ports 80 and 443. What is it? Until you find out what it is and stop it, nginx won't be able to start.

2 Likes

sudo lsof -i -P -n | grep LISTEN
systemd 1 root 201u IPv6 10360 0t0 TCP *:42068 (LISTEN)
systemd-r 654 systemd-resolve 15u IPv4 9296 0t0 TCP 127.0.0.53:53 (L ISTEN)
systemd-r 654 systemd-resolve 17u IPv4 9298 0t0 TCP 127.0.0.54:53 (L ISTEN)
jellyfin 1091 jellyfin 466u IPv4 11332 0t0 TCP *:8096 (LISTEN)
nginx 1101 root 6u IPv4 10711 0t0 TCP *:443 (LISTEN)
nginx 1101 root 7u IPv4 10712 0t0 TCP *:80 (LISTEN)
nginx 1102 nginx 6u IPv4 10711 0t0 TCP *:443 (LISTEN)
nginx 1102 nginx 7u IPv4 10712 0t0 TCP *:80 (LISTEN)
nginx 1103 nginx 6u IPv4 10711 0t0 TCP *:443 (LISTEN)
nginx 1103 nginx 7u IPv4 10712 0t0 TCP *:80 (LISTEN)
nginx 1104 nginx 6u IPv4 10711 0t0 TCP *:443 (LISTEN)
nginx 1104 nginx 7u IPv4 10712 0t0 TCP *:80 (LISTEN)
nginx 1105 nginx 6u IPv4 10711 0t0 TCP *:443 (LISTEN)
nginx 1105 nginx 7u IPv4 10712 0t0 TCP *:80 (LISTEN)
sshd 1122 root 3u IPv6 10360 0t0 TCP *:42068 (LISTEN)

The only thing on those ports is nginx itself for like 4 times in a row

Was nginx running before you ran Certbot using --nginx

Because if it was not then Certbot starts nginx but not using systemd. That can cause duplicate nginx to run (or try to) resulting in the port-in-use error.

If so, the easiest way to clear it is to restart the server. If you can't suffer that outage you can kill off each nginx task manually and be sure to start it before running Certbot --nginx

One way to check this is to match the pids from ps -eF (or your lsof) to the ones shown by systemd:

sudo systemctl status nginx
3 Likes

Sorry for the late reply, I closed all the nginx entries and now it says its working but I still cant connect to https://n00bserver.duckdns.org or http://n00bserver.duckdns.org while I was able to connect to at least http before I set up certbot.
Not sure if that is the cause but that's what I remember.

Hmmm. I can connect using HTTP but that redirects me to HTTPS which then times out.

Do you have port 443 configured and open? Is this a residential setup? Have you setup the required NAT or port forwarding like you did for port 80?

curl -I http://n00bserver.duckdns.org/
HTTP/1.1 301 Moved Permanently
Server: nginx/1.26.2
Location: https://n00bserver.duckdns.org/

curl -I -m7 https://n00bserver.duckdns.org/
curl: (7) Failed to connect to n00bserver.duckdns.org port 443 after 91 ms: 
No route to host
2 Likes

Aha, I completely forgot to open port 443 lmao
Thank you!
Now the only issue is that it still sends me to nginx instead of Jellyfin but thats a different issue so I'll close this one.
Thank you again for your help and fast replies!

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.