Using Certbot with NodeJS - Acquiring Certificates Reliably

Please fill out the fields below so we can help you better.

My domain is:

I ran this command: certbot-auto renew --dry-run

It produced this output: unexpected error.could not bind TCP port 443 because it is already in use

My operating system is (include version): ubuntu 14

My web server is (include version): nodejs

My hosting provider, if applicable, is:no

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no

Looks like I need to stop my nodejs server. Wondering why stopping the server is required since I installed the certificate earlier standalone and manually configured my nodejs to use the certificate.

When should I ideally renew my certificates?


The standalone plugin of certbot requires either port 80 or 443 to be available. You probably didn't have NodeJS running when you initially got the certificate issued, correct?

When you "renew", you essentially re-do everything you did initially, but without having to specify it all again. So certbot will again try to use the standalone plugin, which, again, requires port 80 or 443 to be available for it to work.

The question is: do you actually need the standalone plugin? Was NodeJS available initially on port 80 and could it serve files to the world wide web? If that is the case, you might have chosen the webroot plugin, which will make renewing the certificate that much easier.


Hi @deepshar78,

In addition to what @Osiris said, keep in mind that you have never issued a valid certificate for domain Maybe you issued it against staging server which is just to test that your procedure will be able to get a cert but the certificate issued by the staging server won’t be trusted by any browser, application, etc.

Also, the certificate used right now on your domain has been issued by Comodo for another domain.


Thanks Osiris. I may have my nodejs down when I originally acquired the certificate. I have clients on my website so a bit scared on getting renewals properly. Will dry-run be able to pin point the issues if any and is reliable?
Also lets say the renewal fails or does not happen at all - will the request switch to http or stop working? This may not be a valid letsencrypt question I know.

Sahsanu, I dont like to give out my real domain. I have little trust on general audience. Thanks for your time. Thats Y i specified my problem clearly.

That is ok but then you should say... I don't want to provide my real domain name or you should use domain.tld,, etc. but not a real domain that you don't own.

No, users will get an expired certificate warning in that case. This warning looks like this:

Hi, @schoen do you offer paid support? I have paying clients and I am scared to run through the renew command. Also I use nodejs with pm2.
I wonder why I chose letsencrypt as its really a hassle to be running SSL. You have any suggestions plz?

Sure. I would specify that next time.

hi @deepshar78

A) Selecting a technology is at your discretion.
B) LetsEncrypt has issued over 35 million certificates which are in use in production.
C) I believe you are really after consulting on how to make certbot work with your setup. If you are after this then sharing is really caring. (describe your setup, your skills, what you are hoping to accomplish and people would be more than happy to share thoughts etc)
D) There a couple of paid options for managing SSL Certificates


Hey Guys, thanks for all your help! I was able to renew my certificate without any issue.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.