Ubuntu 20.04 switch from Apache2 to Nginx - Do I need new certificates?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: maraxai.de

I ran this command: sudo certbot renew --dry-run

It produced this output:


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for maraxai.de
Enabled Apache rewrite module
Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.

(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Unable to restart apache using ['apache2ctl', 'graceful']
Cleaning up challenges
Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.

(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Unable to restart apache using ['apache2ctl', 'graceful']
Encountered exception during recovery:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 2212, in _reload
    util.run_script(self.option("restart_cmd"))
  File "/usr/lib/python3/dist-packages/certbot/util.py", line 92, in run_script
    raise errors.SubprocessError(msg)
certbot.errors.SubprocessError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.

(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs


During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 70, in handle_authorizations
    resps = self.auth.perform(achalls)
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 2309, in perform
    self.restart()
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 2203, in restart
    self._reload()
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 2230, in _reload
    raise errors.MisconfigurationError(error)
certbot.errors.MisconfigurationError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.

(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs


During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 2212, in _reload
    util.run_script(self.option("restart_cmd"))
  File "/usr/lib/python3/dist-packages/certbot/util.py", line 92, in run_script
    raise errors.SubprocessError(msg)
certbot.errors.SubprocessError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.

(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs


During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/error_handler.py", line 124, in _call_registered
    self.funcs[-1]()
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 243, in _cleanup_challenges
    self.auth.cleanup(achalls)
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 2333, in cleanup
    self.restart()
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 2203, in restart
    self._reload()
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 2230, in _reload
    raise errors.MisconfigurationError(error)
certbot.errors.MisconfigurationError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.

(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Attempting to renew cert (maraxai.de) from /etc/letsencrypt/renewal/maraxai.de.conf produced an unexpected error: Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.

(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/maraxai.de/fullchain.pem (failure)

My web server is (include version): nginx/1.18.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 20.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 0.40.0

I installed Letsencrypt certificates successfully on my Ubuntu server running Apache2. Now, I installed Nginx and wonder if I need to get new certficates or if I just need to reconfigure my system.
For a clean installation, should I deinstall certbot? Instructions advise to install python3-certbot-nginx. This would then autoconfigure SSL for Nginx.
If I only need to change the configuration, where else beside /etc/nginx/sites-available/maraxai.de do I need to make changes?

The latter.

Just read the certbot documentation on how to install the certificates you already have in nginx.

https://eff-certbot.readthedocs.io/en/stable/using.html#certbot-command-line-options

You may want to run certbot renew --nginx --dry-run

2 Likes

Sorry, I am not really familiar with this. Do you mean:
$ certbot --nginx install?
Right now, certbot wants to start the Apache2 server and not the Nginx server (see 'It produced output:').
I cannot find a letsencrypt configuration file.

Run certbot --nginx and it will ask you interactively.

1 Like

...and this will install the existing certificates?

It should. But most importantly, it should tell you what it's doing.

1 Like

Thank you!

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.