certbot renew error, no cert update

Troubleshooting
1

Hello,
today I wonder why my nextcloud https cert was not valid anymore.

When I start

certbot renew

I get a red error:
Attempting to renew cert (domainx.org) from /etc/letsencrypt/renewal/domain.org.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6… Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/domainx.org/fullchain.pem (failure)


I redirect all web server traffic from port 80 to 443. In my DSL router I added a route to port 80 without success.

The privkey.pem and other files are 3 month old, the combined.pem is from today (in /etc/letsencrypt/live/domainx.org folder)

Any suggestions?

2

Update:

searching the web gives me a hint, stop lighttpd before certbot renew.

/etc/init.d/lighttpd stop
certbot renew 
/etc/init.d/lighttpd start

now the PEM etc. files are new, but combined.pem is still old. But

cat privkey.pem cert.pem > combined.pem 
/etc/init.d/lighttpd restart

did the job.

Why do I have to do this by hand?

3

Ekran
Jep found that issue as well. Meanwhile we changed the method to use webroot authentication method (so Lighttpd) instead of letting CertBot start it’s own standalone webserver (which fails if Lighttpd is active). This also allows auto-renewal via certbot’s own systemd timer.

To enable this method, while Lighttpd is active, run:

certbot --force-renewal --webroot -w /var/www
4

Hi, I’m trying to renew my certificate and I’m having problems as well.
This finally worked:

certbot renew --pre-hook "service lighttpd stop" --post-hook "service lighttpd start"

Hope it helps someone.

5

I blogged https://tech.borpin.co.uk/2019/03/22/letsencrypt-ssl-certificates-by-dns-challenge-with-lighttpd/ about how I do it. I create a small script to do the combining within the

renewal-hooks/

folder. You can do the same to stop lighttpd before renewal.

My renewal is different as the machine is not exposed to the internet so I use the DNS-01 challenge method.

6

For reference: https://dietpi.com/forum/t/letsencrypt-certificate-not-used-after-renewal/3397/4