certbot renew error, no cert update

Having issues with your DietPi installation, or, found a bug? Post it here.
Post Reply
Ekran
Posts: 5
Joined: Thu Sep 28, 2017 10:11 pm

certbot renew error, no cert update

Post by Ekran »

Hello,
today I wonder why my nextcloud https cert was not valid anymore.

When I start

Code: Select all

certbot renew
I get a red error:
Attempting to renew cert (domainx.org) from /etc/letsencrypt/renewal/domain.org.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/domainx.org/fullchain.pem (failure)


I redirect all web server traffic from port 80 to 443. In my DSL router I added a route to port 80 without success.

The privkey.pem and other files are 3 month old, the combined.pem is from today (in /etc/letsencrypt/live/domainx.org folder)

Any suggestions?
Ekran
Posts: 5
Joined: Thu Sep 28, 2017 10:11 pm

Re: certbot renew error, no cert update

Post by Ekran »

Update:

searching the web gives me a hint, stop lighttpd before certbot renew.

Code: Select all

/etc/init.d/lighttpd stop
certbot renew 
/etc/init.d/lighttpd start
now the PEM etc. files are new, but combined.pem is still old. But

Code: Select all

cat privkey.pem cert.pem > combined.pem 
/etc/init.d/lighttpd restart
did the job.

Why do I have to do this by hand?
User avatar
MichaIng
Site Admin
Posts: 2293
Joined: Sat Nov 18, 2017 6:21 pm

Re: certbot renew error, no cert update

Post by MichaIng »

@Ekran
Jep found that issue as well. Meanwhile we changed the method to use webroot authentication method (so Lighttpd) instead of letting CertBot start it's own standalone webserver (which fails if Lighttpd is active). This also allows auto-renewal via certbot's own systemd timer.

To enable this method, while Lighttpd is active, run:

Code: Select all

certbot --force-renewal --webroot -w /var/www
globo
Posts: 3
Joined: Fri Feb 01, 2019 10:16 am

Re: certbot renew error, no cert update

Post by globo »

Hi, I'm trying to renew my certificate and I'm having problems as well.
This finally worked:

Code: Select all

certbot renew --pre-hook "service lighttpd stop" --post-hook "service lighttpd start"
Hope it helps someone.
baz123
Posts: 166
Joined: Thu Jan 12, 2017 9:23 pm

Re: certbot renew error, no cert update

Post by baz123 »

I blogged https://tech.borpin.co.uk/2019/03/22/le ... -lighttpd/ about how I do it. I create a small script to do the combining within the

Code: Select all

renewal-hooks/
folder. You can do the same to stop lighttpd before renewal.

My renewal is different as the machine is not exposed to the internet so I use the DNS-01 challenge method.
User avatar
MichaIng
Site Admin
Posts: 2293
Joined: Sat Nov 18, 2017 6:21 pm

Re: certbot renew error, no cert update

Post by MichaIng »

Post Reply