Let’s Encryptの証明書更新に失敗した時の対応メモとは別パターンのエラーに遭遇したのでこちらもメモ。
現象
an unexpected error: Problem binding to port 443: Could not bind to IPv4 or IPv6.. Skipping.
というエラーで更新に失敗する。
# /usr/local/letsencrypt/letsencrypt-auto renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/example.com.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for example.com
Cleaning up challenges
Attempting to renew cert (example.com) from /etc/letsencrypt/renewal/example.com.conf produced an unexpected error: Problem binding to port 443: Could not bind to IPv4 or IPv6.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/example.com/fullchain.pem (failure)
-------------------------------------------------------------------------------
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/example.com/fullchain.pem (failure)
-------------------------------------------------------------------------------
対応
Trying to renew cert on nginx but getting “Problem binding to port 443: Could not bind to IPv4 or IPv6” – Let’s Encryptを見る限り、443ポートを使用しているサーバーを止めてから作業すると動く様子。
# service httpd stop
Stopping httpd: [ OK ]
更新
[root@ip-172-31-24-26 ~]# /usr/local/letsencrypt/letsencrypt-auto renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/example.com.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for example.com
Waiting for verification...
Cleaning up challenges
-------------------------------------------------------------------------------
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/example.com/fullchain.pem
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/example.com/fullchain.pem (success)
-------------------------------------------------------------------------------
再起動
[root@ip-172-31-24-26 ~]# service httpd start
Starting httpd: [ OK ]
更新を確認
[root@ip-172-31-24-26 ~]# openssl x509 -noout -dates -in /etc/letsencrypt/live/example.com/fullchain.pem
notBefore=Oct 30 14:56:43 2017 GMT
notAfter=Jan 28 14:56:43 2018 GMT