mailinabox
mailinabox copied to clipboard
mail-in-a-box
LetsEncrypt certificate renewal fails
I know, you've seen similar issues before. However, noone seems to have fixed it.
The main domain for the mailserver is the only one that cannot renew. all subaccounts seem to be good.
The output from /var/log/letsencrypt/letsencrypt.log is included at the end of this post. The error is "certbot.errors.PluginError: Could not bind TCP port 80 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again."
I've tried a migration. No joy. I've tried "service mailinabox stop" and "service nginx stop", then "lsof -Pnl +M -i6". I get:
`COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME dovecot 697 0 16u IPv6 18923 0t0 TCP *:4190 (LISTEN)
dovecot 697 0 25u IPv6 18931 0t0 TCP *:995 (LISTEN)
dovecot 697 0 43u IPv6 18947 0t0 TCP *:993 (LISTEN)
munin-nod 703 0 5u IPv6 19988 0t0 TCP *:4949 (LISTEN)
nsd:\x20x 706 115 5u IPv6 19929 0t0 TCP [::1]:8952 (LISTEN)
sshd 776 0 4u IPv6 19787 0t0 TCP *:22 (LISTEN)
ntpd 782 113 16u IPv6 18871 0t0 UDP *:123
ntpd 782 113 21u IPv6 18884 0t0 UDP [::1]:123
ntpd 782 113 22u IPv6 18886 0t0 UDP [fe80::d828:56ff:feac:1401]:123
nsd:\x20m 843 115 5u IPv6 19929 0t0 TCP [::1]:8952 (LISTEN)
nsd:\x20s 900 115 5u IPv6 19929 0t0 TCP [::1]:8952 (LISTEN)
master 1874 0 14u IPv6 23158 0t0 TCP *:25 (LISTEN)
master 1874 0 19u IPv6 23164 0t0 TCP *:587 (LISTEN)
master 1874 0 23u IPv6 23170 0t0 TCP *:465 (LISTEN)
smtpd 1937 116 7u IPv6 23170 0t0 TCP *:465 (LISTEN)
smtpd 3294 116 7u IPv6 23170 0t0 TCP *:465 (LISTEN)
/usr/sbin 3417 0 0u IPv6 44390 0t0 TCP 127.0.0.1:4949->127.0.0.1:45428 (ESTABLISHED)
/usr/sbin 3417 0 1u IPv6 44390 0t0 TCP 127.0.0.1:4949->127.0.0.1:45428 (ESTABLISHED)
/usr/sbin 3417 0 5u IPv6 19988 0t0 TCP *:4949 (LISTEN)
/usr/sbin 3417 0 6u IPv6 44390 0t0 TCP 127.0.0.1:4949->127.0.0.1:45428 (ESTABLISHED)`
Then mailinabox/management/ssl_certificates.py . Still no joy.
I also tried a regular "mailinabox" setup. Still no joy.
A few posts mention that there's a way to get certbot to work with the running browser, but none say how to do that.
Please help. The main certificate for this box has already expired.
Output from /var/log/letsencrypt/letsencrypt.log
` 2024-02-09 14:13:13,652:DEBUG:certbot._internal.error_handler:Calling registered functions 2024-02-09 14:13:13,652:INFO:certbot._internal.auth_handler:Cleaning up challenges 2024-02-09 14:13:13,652:ERROR:certbot._internal.renewal:Failed to renew certificate box.greatcms.com with error: Could not bind TCP port 80 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again. 2024-02-09 14:13:13,656:DEBUG:certbot._internal.renewal:Traceback was: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/certbot/_internal/plugins/standalone.py", line 71, in run servers = acme_standalone.HTTP01DualNetworkedServers( File "/usr/lib/python3/dist-packages/acme/standalone.py", line 211, in init BaseDualNetworkedServers.init(self, HTTP01Server, *args, **kwargs) File "/usr/lib/python3/dist-packages/acme/standalone.py", line 120, in init raise last_socket_err File "/usr/lib/python3/dist-packages/acme/standalone.py", line 95, in init server = ServerClass(*new_args, **kwargs) File "/usr/lib/python3/dist-packages/acme/standalone.py", line 201, in init HTTPServer.init( File "/usr/lib/python3/dist-packages/acme/standalone.py", line 193, in init BaseHTTPServer.HTTPServer.init(self, *args, **kwargs) File "/usr/lib/python3.10/socketserver.py", line 452, in init self.server_bind() File "/usr/lib/python3.10/http/server.py", line 137, in server_bind socketserver.TCPServer.server_bind(self) File "/usr/lib/python3.10/socketserver.py", line 466, in server_bind self.socket.bind(self.server_address) OSError: [Errno 98] Address already in use
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/usr/lib/python3/dist-packages/certbot/_internal/plugins/standalone.py", line 158, in _try_perform_single return self._perform_single(achall) File "/usr/lib/python3/dist-packages/certbot/_internal/plugins/standalone.py", line 163, in _perform_single servers, response = self._perform_http_01(achall) File "/usr/lib/python3/dist-packages/certbot/_internal/plugins/standalone.py", line 170, in _perform_http_01 servers = self.servers.run(port, challenges.HTTP01, listenaddr=addr) File "/usr/lib/python3/dist-packages/certbot/_internal/plugins/standalone.py", line 74, in run raise errors.StandaloneBindError(error, port) certbot.errors.StandaloneBindError: Problem binding to port 80: [Errno 98] Address already in use
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/_internal/renewal.py", line 475, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1386, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 122, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/usr/lib/python3/dist-packages/certbot/_internal/renewal.py", line 335, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 389, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 439, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 70, in handle_authorizations
resps = self.auth.perform(achalls)
File "/usr/lib/python3/dist-packages/certbot/_internal/plugins/standalone.py", line 153, in perform
return [self._try_perform_single(achall) for achall in achalls]
File "/usr/lib/python3/dist-packages/certbot/_internal/plugins/standalone.py", line 153, in
