letsencrypt renew: Port 80 is already in use

I’m trying to renew my certificate via dietpi-launcher and getting the following error:
Attempting to renew cert from /etc/letsencrypt/renewal/XXXXXX.duckdns.org.conf produced an unexpected error: At least one of the required ports is already taken… Skipping.

Full log att.

I usually do this once the certificate expires,I never used the auto renew. But this time I get this error. Any ideias?

I’m using lighttpd, port 80 and 443 are port forward.


many thanks for your report.

There might be some stuck process from the past. pls try to reboot your system and rerun letsencrypt again.

Hi, thanks for the feedback. But same results after rebooting. in att full log
letsencrypt.7z (4.03 KB)

ok pls can you try to stop your web server first an than run letsencrypt again.

It needs an webserver :frowning:

ok let’s try this :slight_smile:

stop lighttpd first

dietpi-services stop lighttpd

and than try to renew the certificate

certbot renew --standalone

Sucess :smiley: Thank you very much

What is the difference between

service lighttpd start - I used this one to stop it


dietpi-services stop lighttpd

Spoke to soon, now when trying to open something i got the error below. Do I need to do anything else?

can you try to display/check the certificate, what the validation date is?

Forgot to :

service lighttpd force-reload


Its working now

Thank you one more time :smiley:

ok cool that we could fix it.

What is still strange that dietpi-letsencrypt did not stop your web server before renewing the certificate. That’s why the port was blocked.

Hello again,

Im in the same situation again, but now I always get the error: “NET::ERR_CERT_DATE_INVALID”

dietpi-services stop lighttpd
certbot renew --standalone
dietpi-services start lighttpd

And no luck, even did the service lighttpd force-reload that I’ve did it last time with no luck.

And now I cannot try the renew again, says the certificate do not need to be renewed.

In the browser it says the date expired today, how can I check in the dir


, that contains the following:
cert.pem chain.pem combined.pem fullchain.pem privkey.pem

Thanks for the help once again :slight_smile:

which web server you are using? Because I can see nginx if I try to open the ddns your are posted below.

/etc/letsencrypt/live/> your-ddns> .duckdns.org

It’s part if the dir name :wink:. But you restarted lighttpd below

dietpi-services stop lighttpd
certbot renew --standalone
dietpi-services start lighttpd


I use lighttpd, I’ve have never config ngix on dietpi :thinking:

I dont understand how you end it up there :smiley:

well but this is what it tells me if I try to connect to your side. See attached picture

pls can you do following and pots the output

ps -ef|grep www

This is very strange :smiley:

Here is the processes related to www

When I open the url I only get the certificate error, something fishy :smiley:

I’ll PM you the url, and tks for changing on my post :wink:

I guess you can accept the error message and continue to the website itself.

Strange that you did not have nginx running but the default web page is showing nginx. Unusual it should show default page from lighttpd :thinking:

I need a good certificate because I use it along wiht nextcloud, and the mobile app is not working anymore for this reason, so I think Im going to try do delete the directory /etc/letsencrypt/live/your-ddns.duckdns.org and try to recreate. Or is there another way to remove it?

And if I’ll need to create via cmd, what is the command used? Do you know? I’ve search and found something like this:
certbot certonly --webroot -w /srv/htdocs/your-ddns.duckdns.org -d your-ddns.duckdns.org
Or should it be:
certbot certonly --webroot -w /etc/letsencrypt/live/your-ddns.duckdns.org -d your-ddns.duckdns.org

basically you could start dietpi-letsencrypt. That should work as well to refresh your cert. If you go for a command line, you would need to use the original file location at /etc/letsencrypt/live/your-ddns.duckdns.org. So should be more easier to use dietpi tool instead the command :slight_smile:

This error could mean that the time is not correct. Certificates are valid from a date/time to a date/time. If the system has the wrong date/time, it will think that the certificate is invalid.
If the time is correct, check if you have an antivirus which might be checking https in its options.