I ran this command: sudo certbot renew --dry-run

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/my-link.conf

Account registered.
Simulating renewal of an existing certificate for my-link
Encountered exception during recovery: certbot.errors.MisconfigurationError: nginx restart failed:
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:443 failed (98: Address already in use)
nginx: [emerg] still could not bind()

All simulated renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/my-link/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

How can this issue be resolved? Would using the webroot method work? I should also note that I tried stopping Nginx before running the command, but it still did not work.

The port conflict can be caused by running Certbot with --nginx option when nginx is not already running. There was probably a different error before that one.

Please show contents of this file

And please answer more of the questions on the form you were shown. We will describe commands to run but they differ across distros and configurations

======================

My domain is:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version if you're using Certbot):

The contents of /etc/letsencrypt/renewal/my-limk.conf are as follows:
/etc/letsencrypt/renewal/my-limk.conf

version = 4.2.0

archive_dir = /etc/letsencrypt/archive/my-limk

cert = /etc/letsencrypt/live/my-limk/cert.pem

privkey = /etc/letsencrypt/live/my-limk/privkey.pem

chain = /etc/letsencrypt/live/my-limk/chain.pem

fullchain = /etc/letsencrypt/live/my-limk/fullchain.pem

Options used in the renewal process

[renewalparams]

account = c608c14d78c34ea076d742cb1d3470e8

authenticator = nginx

installer = nginx

server = https://acme-v02.api.letsencrypt.org/directory

key_type = ecdsa

My domain is: my-limk

My web server is (include version): nginx/1.24.0

The operating system my web server runs on is (include version): Ubuntu 24.04 LTS

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version if you're using Certbot): certbot 4.2.0

That seems like something you ought to know if you're hosting a web site, doesn't it? Especially when the apparent problem is that that server is already running when certbot tries to spin up Nginx (because that's the way you've configured certbot)?

Yeah, you are not making this easy for us to help you by not providing requested info.

What do these show

sudo ss -pant | grep -Ei ':80|nginx'

sudo ps -eF | grep nginx

sudo systemctl status --no-pager -l nginx | grep master

I apologize for my late response. Thank you for helping me.

My web server is (include version): nginx/1.24.0
The version of my client is (e.g. output of certbot --version if you're using Certbot): certbot 4.2.0

1. sudo ss -pant | grep -Ei ':80|nginx'

LISTEN 0 511 0.0.0.0:80 0.0.0.0:* users:(("nginx",pid=122707,fd=7),("nginx",pid=122706,fd=7),("nginx",pid=122705,fd=7),("nginx",pid=122704,fd=7),("nginx",pid=122703,fd=7),("nginx",pid=122702,fd=7),("nginx",pid=122701,fd=7),("nginx",pid=122700,fd=7),("nginx",pid=122699,fd=7),("nginx",pid=122698,fd=7),("nginx",pid=122697,fd=7),("ngin",pid=122696,fd=7),("nginx",pid=122695,fd=7),("nginx",pid=122694,fd=7),("nginx",pid=122693,fd=7),("nginx",pid=122692,fd=7),("nginx",pid=122640,fd=7))
LISTEN 0 511 0.0.0.0:443 0.0.0.0:* users:(("nginx",pid=122707,fd=9),("nginx",pid=122706,fd=9),("nginx",pid=122705,fd=9),("nginx",pid=122704,fd=9),("nginx",pid=122703,fd=9),("nginx",pid=122702,fd=9),("nginx",pid=122701,fd=9),("nginx",pid=122700,fd=9),("nginx",pid=122699,fd=9),("nginx",pid=122698,fd=9),("nginx",pid=122697,fd=9),("ngin",pid=122696,fd=9),("nginx",pid=122695,fd=9),("nginx",pid=122694,fd=9),("nginx",pid=122693,fd=9),("nginx",pid=122692,fd=9),("nginx",pid=122640,fd=9))
LISTEN 0 511 [::]:80 [::]:* users:(("nginx",pid=122707,fd=8),("nginx",pid=122706,fd=8),("nginx",pid=122705,fd=8),("nginx",pid=122704,fd=8),("nginx",pid=122703,fd=8),("nginx",pid=122702,fd=8),("nginx",pid=122701,fd=8),("nginx",pid=122700,fd=8),("nginx",pid=122699,fd=8),("nginx",pid=122698,fd=8),("nginx",pid=122697,fd=8),("ngin",pid=122696,fd=8),("nginx",pid=122695,fd=8),("nginx",pid=122694,fd=8),("nginx",pid=122693,fd=8),("nginx",pid=122692,fd=8),("nginx",pid=122640,fd=8))
LISTEN 0 511 [::]:443 [::]:* users:(("nginx",pid=122707,fd=10),("nginx",pid=122706,fd=10),("nginx",pid=122705,fd=10),("nginx",pid=122704,fd=10),("nginx",pid=122703,fd=10),("nginx",pid=122702,fd=10),("nginx",pid=122701,fd=10),("nginx",pid=122700,fd=10),("nginx",pid=122699,fd=10),("nginx",pid=122698,fd=10),("nginx",pid=122697,fd=10),("nginx",pid=122696,fd=10),("nginx",pid=122695,fd=10),("nginx",pid=122694,fd=10),("nginx",pid=122693,fd=10),("nginx",pid=122692,fd=10),("nginx",pid=122640,fd=10))

2. sudo ps -eF | grep nginx

root 122640 1 0 5659 7244 12 Aug14 ? 00:00:00 nginx: master process nginx -c /etc/nginx/nginx.conf
www-data 122692 122640 0 6314 11360 4 Aug14 ? 00:00:01 nginx: worker process
www-data 122693 122640 0 6394 11492 13 Aug14 ? 00:00:01 nginx: worker process
www-data 122694 122640 0 6295 11700 6 Aug14 ? 00:00:02 nginx: worker process
www-data 122695 122640 0 6323 11432 5 Aug14 ? 00:00:01 nginx: worker process
www-data 122696 122640 0 6116 9976 4 Aug14 ? 00:00:01 nginx: worker process
www-data 122697 122640 0 6285 11404 6 Aug14 ? 00:00:01 nginx: worker process
www-data 122698 122640 0 6693 12992 4 Aug14 ? 00:00:01 nginx: worker process
www-data 122699 122640 0 6288 11380 4 Aug14 ? 00:00:01 nginx: worker process
www-data 122700 122640 0 6257 11200 5 Aug14 ? 00:00:01 nginx: worker process
www-data 122701 122640 0 6332 11536 4 Aug14 ? 00:00:01 nginx: worker process
www-data 122702 122640 0 6271 10948 4 Aug14 ? 00:00:01 nginx: worker process
www-data 122703 122640 0 6295 11204 4 Aug14 ? 00:00:01 nginx: worker process
www-data 122704 122640 0 6354 11232 4 Aug14 ? 00:00:01 nginx: worker process
www-data 122705 122640 0 6268 11084 6 Aug14 ? 00:00:01 nginx: worker process
www-data 122706 122640 0 6305 11316 4 Aug14 ? 00:00:01 nginx: worker process
www-data 122707 122640 0 6120 10916 5 Aug14 ? 00:00:01 nginx: worker process
root 202393 202363 0 2286 2332 7 15:34 pts/1 00:00:00 grep --color=auto nginx

3. sudo systemctl status --no-pager -l nginx | grep master

Process: 123113 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 123119 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=1/FAILURE)

The nginx that is running is not under the control of systemd. While that is technically possible it is not usually what people do.

That can happen if running Certbot with --nginx option when nginx is not already running. In that case Certbot starts nginx but not using systemd.

To start, kill off all those running nginx processes and start it normally. Or just reboot your server.

After that, make sure nginx is running. Check it with

sudo systemctl status nginx

If that looks correct show output of this. Do NOT run this if there is any error shown by the above status nginx command

sudo certbot renew --dry-run

NOTE: If you are running nginx outside of systemd please explain more details about that.

Thank you for your comment.
Successfully, Certbot is working on my server.

Best regards,

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.