SystemMen - Let’s Encrypt renew error could not bind to IPv4 or IPv6. If you encounter this error when renewing Let’s Encrypt ssl certificate, maybe this post will help you.
This is also an accidental error I encountered when I supported renew for a client server. And of course, the initial Let’s Encrypt installation was not done by me.
So when I finish this problem. I write this tutorial for others who need it.
Describe the error encountered
When running the command certbot-auto renew or certbot renew, the information returned is as follows.
Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/abc.com.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert is due for renewal, auto-renewing… Plugins selected: Authenticator standalone, Installer None Renewing an existing certificate Performing the following challenges: http-01 challenge for abc.com http-01 challenge for www.abc.com Cleaning up challenges Attempting to renew cert (abc.com) from /etc/letsencrypt/renewal/abc.com.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6.. Skipping. All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/abc.com/fullchain.pem (failure) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/abc.com/fullchain.pem (failure) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1 renew failure(s), 0 parse failure(s)
What is the problem?
If you look in the error log, you will see the phrase Authenticator standalone. This is the cause of the renewed ssl certificate failure.
According to man:
--apache Use the Apache plugin for authentication & installation --standalone Run a standalone webserver for authentication --nginx Use the Nginx plugin for authentication & installation --webroot Place files in a server's webroot folder for authentication --manual Obtain certificates interactively, or using shell script hooks
What does it mean? Your web server is running and renewing with standalone will not work.
Fix Let’s Encrypt renew error “could not bind to IPv4 or IPv6”
Now everything will be simple.
Step 1: Stop your web server (apache or nginx)
systemctl stop nginx
or
systemctl stop apache
Step 2: Run the renew command
certbot-auto renew
The result like this.
root@server:~# certbot-auto renew Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/abc.com.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert is due for renewal, auto-renewing… Plugins selected: Authenticator standalone, Installer None Renewing an existing certificate Performing the following challenges: http-01 challenge for abc.com http-01 challenge for www.abc.com Waiting for verification… Cleaning up challenges - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - new certificate deployed without reload, fullchain is /etc/letsencrypt/live/abc.com/fullchain.pem - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations, all renewals succeeded. The following certs have been renewed: /etc/letsencrypt/live/abc.com/fullchain.pem (success) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Step 3: Start your web server again
systemctl start nginx
or
systemctl start apache
And done.
Conclusion
This is not a very serious or complicated error. However, for first-time users of Let’s Encrypt, it can be a bit annoying. Hopefully the article has helped you as clearly as possible.
«« Set up Let’s Encrypt Certbot auto renewvCenter Server Appliance 6.7 startup failed after reboot »»
