My domain is:
I ran this command:
sudo certbot certonly --standalone --preferred-challenges http -d fridtjuv.se
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for fridtjuv.se
Cleaning up challenges
Problem binding to port 80: Could not bind to IPv4 or IPv6.
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot):
you have a lot of older Letsencrypt certificates, first from 2017-03-27 05:39:00, last from 2019-02-27 10:28:15 (
Looks like you have used tls-sni-01 validation, that’s not longer supported, ended ~ 2019-03-15. So now it’s your first certificate with another validation method.
--standalone is from tls-sni-01, that starts a new webserver. But you have a running webserver -> that’s part of the problem.
Your configuration isn’t perfect, there is a redirect that adds a /.
So you have different options:
stop your webserver, then use standalone, then start your webserver again
sudo certbot certonly --apache --preferred-challenges http -d fridtjuv.se
that creates a location http + /.well-known/acme-challenge and should skip your not working redirect http -> https
add a manual exclusion, so /.well-known/acme-challenge isn’t redirected to https, then find your DocumentRoot of your http port and use that:
certbot run -a webroot certonly -w yourDocumentroot -d fridtjuv.se
These are the steps I understand from you that I need to take:
use: sudo certbot certonly --apache --preferred-challenges http -d fridtjuv.se
add a manual exclusion – How?
then: certbot run -a webroot certonly -w yourDocumentroot -d fridtjuv.se
All is fixed?
it is step 3 I need some help with and is “yourDocumentRoot” = var/www/fridtjuv.se/html_public
No, these are three different options, not one after the other.
The webroot version is the preferred version. Every webserver should have a working webroot. And you don’t need to stop your running webserver.
How do I add the Manual exclusion and where?
Is it the TXT record “_acme-challenge” that needs to be setup manually at my host?
like here under manual DNS “ https://docs.certifytheweb.com/docs/dns-validation.html”
And were is the value to the TXT record?
Please start with the basics:
When you get a certificate from Let’s Encrypt, our servers validate that you control the domain names in that certificate using “challenges,” as defined by the ACME standard. Most of the time, this validation is handled automatically by your ACME...
Thank you for pointing me in the right direction. I guess it is a HTTP-01 challenge I need so the TXT DNS records is not used. Can I somehow check if the automated renewal process is working?
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.