"Problem binding to port 443"でLet’s Encryptの証明書更新に失敗した場合の対応メモ

Let’s Encryptの証明書更新に失敗した時の対応メモとは別パターンのエラーに遭遇したのでこちらもメモ。

現象

an unexpected error: Problem binding to port 443: Could not bind to IPv4 or IPv6.. Skipping.というエラーで更新に失敗する。

# /usr/local/letsencrypt/letsencrypt-auto renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/example.com.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for example.com
Cleaning up challenges
Attempting to renew cert (example.com) from /etc/letsencrypt/renewal/example.com.conf produced an unexpected error: Problem binding to port 443: Could not bind to IPv4 or IPv6.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/example.com/fullchain.pem (failure)

-------------------------------------------------------------------------------

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/example.com/fullchain.pem (failure)
-------------------------------------------------------------------------------

対応

Trying to renew cert on nginx but getting “Problem binding to port 443: Could not bind to IPv4 or IPv6” – Let’s Encryptを見る限り、443ポートを使用しているサーバーを止めてから作業すると動く様子。

# service httpd stop
Stopping httpd:                                            [  OK  ]

更新

[root@ip-172-31-24-26 ~]# /usr/local/letsencrypt/letsencrypt-auto renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/example.com.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for example.com
Waiting for verification...
Cleaning up challenges

-------------------------------------------------------------------------------
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/example.com/fullchain.pem
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/example.com/fullchain.pem (success)
-------------------------------------------------------------------------------

再起動

[root@ip-172-31-24-26 ~]# service httpd start
Starting httpd:                                            [  OK  ]

更新を確認

[root@ip-172-31-24-26 ~]# openssl x509 -noout -dates -in /etc/letsencrypt/live/example.com/fullchain.pem
notBefore=Oct 30 14:56:43 2017 GMT
notAfter=Jan 28 14:56:43 2018 GMT