0

I have installed let's encrypt with Nginx configuration with DNS validation mode, As instructed on the documentation to auto-renew, I added the below entry:

15 3 * * * /usr/bin/certbot renew --quiet

However, this didn't work, so I run it in the command line to see what happened. I get the error below, I do understand that port 80/443 is in use by Nginx and I have to stop it when I renew it manually, I wonder how do I set it up in AUTO RENEW mode, i.e add stop Nginx before this cronjob and restart after it? But it's a bit too dangerous to do this on a cronjob as if the Nginx fails it creates a lot of downtimes.

[centos]# /usr/bin/certbot renew --quiet
Attempting to renew cert (example.com) from /etc/letsencrypt/renewal/example.com.conf produced an 
unexpected error: 
Problem binding to port 80: Could not bind to IPv4 or IPv6.. Skipping.

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/example.com/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)

Any idea?

Davidw
  • 1,222
  • 3
  • 14
  • 25
mahen3d
  • 4,342
  • 14
  • 36
  • 57

1 Answers1

3

Run certbot with the --nginx or --webroot parameter, as documented, to have it use your running nginx instead of starting it's open webserver.

certbot renew --quiet --nginx

or

certbot renew --quiet --webroot --webroot-path /var/www/html

Don't forget to also use the --deploy-hook parameter to reload your nginx after a successful renewal.

Note: you must install the nginx plugin if you haven't already installed it, with below command.

yum install python-certbot-nginx
Gerald Schneider
  • 23,274
  • 8
  • 57
  • 89