Ubuntu 20.04 switch from Apache2 to Nginx - Do I need new certificates?

maraxai · February 26, 2022, 2:19pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: maraxai.de

I ran this command: sudo certbot renew --dry-run

It produced this output:


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for maraxai.de
Enabled Apache rewrite module
Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.

(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Unable to restart apache using ['apache2ctl', 'graceful']
Cleaning up challenges
Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.

(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Unable to restart apache using ['apache2ctl', 'graceful']
Encountered exception during recovery:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 2212, in _reload
    util.run_script(self.option("restart_cmd"))
  File "/usr/lib/python3/dist-packages/certbot/util.py", line 92, in run_script
    raise errors.SubprocessError(msg)
certbot.errors.SubprocessError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.

(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs


During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 70, in handle_authorizations
    resps = self.auth.perform(achalls)
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 2309, in perform
    self.restart()
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 2203, in restart
    self._reload()
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 2230, in _reload
    raise errors.MisconfigurationError(error)
certbot.errors.MisconfigurationError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.

(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs


During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 2212, in _reload
    util.run_script(self.option("restart_cmd"))
  File "/usr/lib/python3/dist-packages/certbot/util.py", line 92, in run_script
    raise errors.SubprocessError(msg)
certbot.errors.SubprocessError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.

(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs


During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/error_handler.py", line 124, in _call_registered
    self.funcs[-1]()
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 243, in _cleanup_challenges
    self.auth.cleanup(achalls)
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 2333, in cleanup
    self.restart()
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 2203, in restart
    self._reload()
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 2230, in _reload
    raise errors.MisconfigurationError(error)
certbot.errors.MisconfigurationError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.

(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Attempting to renew cert (maraxai.de) from /etc/letsencrypt/renewal/maraxai.de.conf produced an unexpected error: Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.

(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/maraxai.de/fullchain.pem (failure)

My web server is (include version): nginx/1.18.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 20.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 0.40.0

I installed Letsencrypt certificates successfully on my Ubuntu server running Apache2. Now, I installed Nginx and wonder if I need to get new certficates or if I just need to reconfigure my system.
For a clean installation, should I deinstall certbot? Instructions advise to install python3-certbot-nginx. This would then autoconfigure SSL for Nginx.
If I only need to change the configuration, where else beside /etc/nginx/sites-available/maraxai.de do I need to make changes?

9peppe · February 26, 2022, 2:25pm

The latter.

Just read the certbot documentation on how to install the certificates you already have in nginx.

https://eff-certbot.readthedocs.io/en/stable/using.html#certbot-command-line-options

You may want to run certbot renew --nginx --dry-run

maraxai · February 26, 2022, 3:02pm

Sorry, I am not really familiar with this. Do you mean:
$ certbot --nginx install?
Right now, certbot wants to start the Apache2 server and not the Nginx server (see 'It produced output:').
I cannot find a letsencrypt configuration file.

9peppe · February 26, 2022, 3:46pm

Run certbot --nginx and it will ask you interactively.

maraxai · February 26, 2022, 5:48pm

...and this will install the existing certificates?

9peppe · February 26, 2022, 5:50pm

It should. But most importantly, it should tell you what it's doing.

maraxai · February 26, 2022, 5:52pm

Thank you!

system · March 28, 2022, 5:52pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Trying to renew with Apache2, should be Nginx Help	2	743	January 26, 2019
Certificate renewal - Nginx Help	6	739	August 24, 2020
Migration to new server and also apache to nginx Help	12	4172	October 21, 2017
Can't create a certificare or renew Help	8	2081	January 26, 2018
Certbot renew on Apache through nginx proxy Help	10	863	July 17, 2019

Ubuntu 20.04 switch from Apache2 to Nginx - Do I need new certificates?

Related topics