Close

Letsencryptを更新しようとしたら例の「Problem binding to port 80」が出現する

Letsencryptで証明書を更新しようとしたら例の「Problem binding to port 80」が出現する時

今までの記事で、apacheやnginxが起動したままだったとか、80番ポートが閉じられていたなど、
色々な要因があったけど、今回はどちらをやってもダメたった。

参考
Let’s Encryptの証明書を更新する(Bitnami on AWS)
WordPress(aws_bitnami)のssl対応
Nginxコンテナに、Let’s Encryptで証明書を自動更新で当てたい場合

「error: Problem binding to port 80: Could not bind to IPv4 or IPv6.. Skipping.
All renewal attempts failed. The following certs could not be renewed:」と言われて証明書の更新ができない、、

$ /home/bitnami/letsencrypt/certbot-auto renew --force-renew
Requesting to rerun /home/bitnami/letsencrypt/certbot-auto with root privileges...
/home/bitnami/letsencrypt/certbot-auto has insecure permissions!
To learn how to fix them, visit https://community.letsencrypt.org/t/certbot-auto-deployment-best-practices/91979/
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/hoge.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for hoge.com
Cleaning up challenges
Attempting to renew cert (hoge.com) from /etc/letsencrypt/renewal/hoge.com.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/hoge.com/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/hoge.com/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

apacheは停止している、、、

$ sudo /opt/bitnami/ctlscript.sh status
php-fpm already running
apache not running
mysql already running

確認したら、何かよくわからないが80番ポートが使われていた

$ sudo lsof -i :80
COMMAND     PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
httpd.bin 123 daemon    4u  IPv6 111      0t0  TCP *:http (LISTEN)
httpd.bin 234   root    4u  IPv6 111      0t0  TCP *:http (LISTEN)
httpd.bin 345 daemon    4u  IPv6 111      0t0  TCP *:http (LISTEN)
httpd.bin 456 daemon    4u  IPv6 111      0t0  TCP *:http (LISTEN)
$ ps -aux | grep -e 123 -e 234 -e 345 -e 456
daemon   123  0.0  3.9 1305416 39908 ?       Sl   Jan30   0:16 /opt/bitnami/apache2/bin/httpd.bin -f /opt/bitnami/apache2/conf/httpd.conf
root     234  0.0  2.1 206644 21532 ?        Ss    2019   3:30 /opt/bitnami/apache2/bin/httpd.bin -f /opt/bitnami/apache2/conf/httpd.conf
daemon   345  0.0  4.0 1305668 40672 ?       Sl   Feb06   0:11 /opt/bitnami/apache2/bin/httpd.bin -f /opt/bitnami/apache2/conf/httpd.conf
daemon   456  0.0  3.2 1305612 32776 ?       Sl   05:45   0:02 /opt/bitnami/apache2/bin/httpd.bin -f /opt/bitnami/apache2/conf/httpd.conf
bitnami  567  0.0  0.0  14220   948 pts/0    S+   09:35   0:00 grep --color=auto -e 123 -e 234 -e 345 -e 456

よくわらかないので、切ってみる

$ sudo kill -9 $(sudo lsof -t -i:80)

これで成功、原因はよくわからんが、みるところ違ったのかな、、

$ /home/bitnami/letsencrypt/certbot-auto renew --force-renew
Requesting to rerun /home/bitnami/letsencrypt/certbot-auto with root privileges...
/home/bitnami/letsencrypt/certbot-auto has insecure permissions!
To learn how to fix them, visit https://community.letsencrypt.org/t/certbot-auto-deployment-best-practices/91979/
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/hoge.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for hoge.com
Waiting for verification...
Cleaning up challenges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/hoge.com/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/hoge.com/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
%d bloggers like this: