Letsencrypt renewal fails: Could not bind to IPv4 or IPv6.. Skipping

lets-encrypt

Solution 1:

you probably run the script with (preconfigurated) --standalone when your server is already running at port 443.

You can stop server before renew and start them after.

man says:

--apache          Use the Apache plugin for authentication & installation
--standalone      Run a standalone webserver for authentication
--nginx           Use the Nginx plugin for authentication & installation
--webroot         Place files in a server's webroot folder for authentication
--manual          Obtain certificates interactively, or using shell script hooks

If I run renew with --apache I can't get any error.

Solution 2:

You just need to stop all running servers like Apache, nginx or OpenShift before doing this.

Stop Nginx

sudo systemctl stop nginx

Stop Apache2

sudo systemctl stop apache2

Solution 3:

As hinted in the other answers, you need to pass the option for your running webserver, for example:

Without webserver param:

sudo certbot renew

Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:tls-sni-01 challenge for example.com
Cleaning up challenges Attempting to renew cert (example.com) from /etc/letsencrypt/renewal/example.com.conf produced an unexpected error:
Problem binding to port 443: Could not bind to IPv4 or IPv6.. Skipping.

Then, again with the webserver param (success):

sudo certbot renew --nginx

Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges: tls-sni-01 challenge for example.com
Waiting for verification...
Cleaning up challenges

new certificate deployed with reload of nginx server; fullchain is /etc/letsencrypt/live/example.com/fullchain.pem

Congratulations, all renewals succeeded. The following certs have been renewed: /etc/letsencrypt/live/example.com/fullchain.pem (success)

Solution 4:

[This is specifically for ubuntu]

  1. Login as root user to your server

  2. Stop your server using the following command (for nginx)

    service nginx stop

  3. Then renew your certificate

    certbot renew

  4. Start your server

    service nginx start

[TIP] To check the expiry date of your renewed certificate, enter the command below

ssl-cert-check -c [Path_to_your_certificate]/fullchain.pem

For example

ssl-cert-check -c /etc/letsencrypt/live/[your_domain_name]/fullchain.pem

Or

ssl-cert-check -c /etc/letsencrypt/live/[your_domain_name]/cert.pem

If you don't have ssl-cert-check already installed in your server, install it using

apt install ssl-cert-check

Note: The certificate can be renewed only if it is not expired. If it is expired, you have to create new one.

Solution 5:

This happened because you used --standalone. The purpose of that option is to launch a temporary webserver because you don't have one running.

Next time use the --webroot method, and you'll be able to use your already running nginx server.

Related

SciPy Create 2D Polygon Mask
asp.net membership change password without knowing old one
How do I transfer production database to staging on Heroku using pgbackups? Getting error
Visual Studio does not let me drag drop items into it?
Dart lambda/shortland function confusion
error when trying to update the settings
Using ES6 Classes as Angular 1.x directives
Pythonic/efficient way to strip whitespace from every Pandas Data frame cell that has a stringlike object in it
AWS CloudFront access denied to S3 bucket
Can you change a field label in the Django Admin application?
How to create classes after creating Core Data model in Xcode for iPhone
How to remove "href" with Jquery?