3

I enabled both 80 and 443.

sudo certbot certonly --standalone --agree-tos --no-eff-email --staple-ocsp --preferred-challenges http -m **@**.com -d mycomp.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for mycomp.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Could not bind TCP port 80 because it is already in use by another process on
this system (such as a web server). Please stop the program in question and then
try again.

Let's Debug shows

ANotWorking
ERROR
mycomp.com has an A (IPv4) record (*.***.***.***) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.

I do not understand what is wrong with port 80. How to fix this?

Improve this question

4 Answers 4

Reset to default
9

As the error says, port 80 "is already in use by another process on this system (such as a web server)". You have told certbot to run standalone rather than co-operating with the existing webserver, which it would use if you'd asked.

Either change certbot --standalone or stop the webserver you've got running.

Improve this answer
2

Stop the web server:

sudo systemctl stop apache2

# or if you are using Nginx
sudo systemctl stop nginx

Run Certbot to obtain the certificate:

sudo certbot certonly --standalone -d yourdomain.com

Restart the web server:

sudo systemctl start apache2

# or if you are using Nginx
sudo systemctl start nginx
Improve this answer
1

If you're running certbot --standalone then certbot will try and stand up a temporary webserver on port 80 to do the validation. However it's not able to do this since you already have a site running on that port. Depending on what you are using to host your site there are other workarounds but it's hard to know without more details.

Improve this answer
2
  • 1
    While the info in your answer is clear, it does not add significantly to the previous answer given by romia. Commented Nov 27, 2022 at 20:38
  • It's not so much that "workarounds" are available but that integrations are available. certbot works really nicely with Apache and Nginx. Just tell it what you're using Commented Oct 26, 2023 at 8:37
-1

For what it's worth, I just succeeded on a windows 2012 R2 server. At first, I had a failures, and after I stopped the, webserver it worked :)

Though it wasn't obvious in the certbot instructions, it made sense, as the running webserver was claiming port 80, which is the one certbot is attempting to use while creating certificates for your domains.

Have a nice weekend, Ole

Improve this answer
6
  • It looks like this answer applies only for Windows Server (which is off-topic in this site). If you've tested on a Linux server and it worked then you should add what you did in order to solve the problem of this question. Commented Jan 22, 2023 at 6:23
  • This if for Windows, Original poster has Unbuntu (not even mentioning he probably needs his Webserver). Commented Jan 24, 2023 at 8:22
  • Well, the conditions would be the same on any operational system. If a web server is claiming the ports, certbot will be excluded and fail. This would also be the case in a linux / unix environment. Best Regards, Ole Commented Jan 25, 2023 at 17:10
  • Like I said in my answer, certbot can either use the existing web server (the recommended approach) or run standalone. On my Windows servers it integrates with IIS. On my Linux-based servers it integrates with Apache Commented Jan 25, 2023 at 22:34
  • I just did the exact same setup on a Debian installation, it's the exact same scenario when the Nginx Webserver is running, certbot will be denied using port 80 :) Commented Jan 29, 2023 at 12:01

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.