Question
SSL Certificate not updateable
- Posted on November 10, 2024
- Let's Encrypt
Asked by robertwildling
My domain is scores-catalogs.org and it has 4 subdomains. I need to update all of them with Let’s Encrypt, but sudo certbot renew does not work. systemctrl status nginx-service return this:
**×** nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; **enabled**; preset: **enabled**)
Active: **failed** (Result: exit-code) since Sun 2024-11-10 15:35:58 UTC; 5min ago
Duration: 2month 3w 6h 56min 49.401s
Docs: man:nginx(8)
Process: 2410866 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 2410867 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; **(code=exited, status=1/FAILURE)**
CPU: 67ms
Then I tried this:
% sudo systemctl status nginx !**4330**
**×** nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; **enabled**; preset: **enabled**)
Active: **failed** (Result: exit-code) since Sun 2024-11-10 15:46:44 UTC; 2min 5s ago
Duration: 2month 3w 6h 56min 49.401s
Docs: man:nginx(8)
Process: 2411237 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 2411238 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; **(code=exited, status=1/FAILURE)**
CPU: 89ms
Nov 10 15:46:43 scores-catalog-droplet nginx[2411238]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Nov 10 15:46:43 scores-catalog-droplet nginx[2411238]: nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
Nov 10 15:46:43 scores-catalog-droplet nginx[2411238]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
Nov 10 15:46:43 scores-catalog-droplet nginx[2411238]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Nov 10 15:46:43 scores-catalog-droplet nginx[2411238]: nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
Nov 10 15:46:43 scores-catalog-droplet nginx[2411238]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
Nov 10 15:46:44 scores-catalog-droplet nginx[2411238]: nginx: [emerg] still could not bind()
Nov 10 15:46:44 scores-catalog-droplet systemd[1]: **nginx.service: Control process exited, code=exited, status=1/FAILURE**
Nov 10 15:46:44 scores-catalog-droplet systemd[1]: **nginx.service: Failed with result 'exit-code'.**
Nov 10 15:46:44 scores-catalog-droplet systemd[1]: **Failed to start A high performance web server and a reverse proxy server.**
…and this:
% sudo systemctl restart nginx !**4329**
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xeu nginx.service" for details.
Opening journalctl ... is empty.
and for a final try I did this:
% sudo certbot --nginx -d scores-catalog.org -d www.scores-catalog.org !**4333**
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
An ECDSA certificate named scores-catalog.org already exists. Do you want to
update its key type to RSA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(U)pdate key type/(K)eep existing key type: u
Renewing an existing certificate for scores-catalog.org and www.scores-catalog.org
Encountered exception during recovery: certbot.errors.MisconfigurationError: nginx restart failed:
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] still could not bind()
nginx restart failed:
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] still could not bind()
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
I followed this tutorial: https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-22-04
At some place in the BE; DigitalOcean offers a “Certificates for Load Balancers and Spaces”, which automatically creates and updates Let’s Encrypt certificates – but I guess that’s not a place that helps me (loadbalancers…).
The firewall settings look like this:
sudo ufw status !**4335**
Status: active
To Action From
-- ------ ----
Nginx Full ALLOW Anywhere
OpenSSH ALLOW Anywhere
80/tcp ALLOW Anywhere
443 ALLOW Anywhere
8055 ALLOW Anywhere
8056 ALLOW Anywhere
8057 ALLOW Anywhere
8058 ALLOW Anywhere
Nginx Full (v6) ALLOW Anywhere (v6)
OpenSSH (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
8055 (v6) ALLOW Anywhere (v6)
8056 (v6) ALLOW Anywhere (v6)
8057 (v6) ALLOW Anywhere (v6)
8058 (v6) ALLOW Anywhere (v6)
I am actually surprised that via http my subdomains are reachable: http://jvds.scores-catalog.org
Anybody knows what I must do to fix this problem? Thank you!
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.
Heya,
Another thing that I could recommend is checking the answer here on how to troubleshoot common Nginx problems:
https://www.digitalocean.com/community/questions/how-to-troubleshoot-common-nginx-issues-on-linux-server
Regards
Hey there!
From the error that you’ve shared, it looks like your Nginx service is failing to restart because the ports 80 and 443 are already in use.
This is why you’re seeing the
bind() to 0.0.0.0:80 failed (98: Address already in use)error. Let’s walk through some steps to help resolve this.I’ve answered a similar quesiton in the past here:
What you would need to do is to find what else is running on that port as you can not have multiple services listening on the same port.
Run the following command to identify which process is currently using these ports:
If another process (like another web server like Apache or a rogue Nginx instance) is using these ports, you might see output like:
If you find a conflicting process, kill it using:
If it is Apache, note that you don’t need to have two web service installed and listening on the same port, so you should pick one and stop the other. For example to stop Apache you could:
Once you’ve identified and stopped any conflicting services, try restarting Nginx:
If Nginx still fails to restart, you can run:
This will check for any configuration errors in your Nginx configuration files.
After that try to renew your certificates manually again:
If that doesn’t work, you can try reissuing the certificates with:
Make sure your
/etc/nginx/sites-available/default(or your relevant Nginx config file) has the correct SSL configuration.Let me know if this helps resolve the issue!
- Bobby