WinError 10013 Problem binding to port 80

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: cant tell

I ran this command: .\certbot.exe certonly --standalone -d

It produced this output: Problem binding to port 80: [WinError 10013] Der Zugriff auf einen Socket war aufgrund der Zugriffsrechte des Sockets unzulässig
A key is created, but not in live folder.

My web server is (include version): I want to use this certificate for Enfocus Switch which has a HTTP/HTTPS Listener running on port 51080 / 51081. On our domain we have a A Record pointing to a subdomain. The firewall is forwarding this to our Windows Server 2016.

The operating system my web server runs on is (include version):Windows Server 2016.

My hosting provider, if applicable, is: -

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.1.1

There is a post with the same topic which is solved Problem binding to port 80 with --standalone - #6 by Artyom but it doesn't explain how they solved this.

low number ports (<1000) needs admin priv to bind.


I am running those commands as Admin in powershell..

than likely other webserver is sitting on port 80. do you have any idea for that?


Hi @orangepizza, and welcome to the LE community forum :slight_smile:

Is IIS using port 80?


It's actually the binary number 1K [starting from 0), so its' 0-1023 [OR <1024].


Either you are not running with elevated permissions or something is using TCP port 80 (typically IIS but see also Apache, tomcat, nginx or perhaps a custom listener).

If IIS you can use Certify The web, win-acme or Posh-ACME (WebSelfHost - Posh-ACME) as these tools support port 80 http pipeline sharing via https.sys (meaning they can run a standalone port 80 web server just for http challenges, without disrupting IIS).

If the thing on port 80 is not http.sys based (e.g. nginx, apache etc) then you have to stop them or use the certbot functionality specific to these, or use the webroot method of http validation (serving the challenge response via the web server using the filesystem)


I used netstat -ano to list all network services running on that windows server.

The flags / parameters used:
a = gives u all activ or listening ports
n = gives u the address and portnumber in nummeric form
o = gives u the connection including the associated process ID
Using the process ID, I was able to find the associated application in the "Details" tab of Windows task manager. The Row "PID" is listing the process IDs.
It was a Apache server running. After shutting this down certbot worked as expected.

Thank you all for your help!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.