From nobody Thu Nov 16 22:12:36 2023
X-Original-To: questions@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SWZ6227MDz518ZX
	for <questions@mlmmj.nyi.freebsd.org>; Thu, 16 Nov 2023 22:12:42 +0000 (UTC)
	(envelope-from pete@nomadlogic.org)
Received: from mail.nomadlogic.org (mail.nomadlogic.org [66.165.241.226])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4SWZ6109pcz4YWx
	for <questions@freebsd.org>; Thu, 16 Nov 2023 22:12:40 +0000 (UTC)
	(envelope-from pete@nomadlogic.org)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=nomadlogic.org header.s=04242021 header.b=32vzmx6Q;
	spf=pass (mx1.freebsd.org: domain of pete@nomadlogic.org designates 66.165.241.226 as permitted sender) smtp.mailfrom=pete@nomadlogic.org;
	dmarc=pass (policy=quarantine) header.from=nomadlogic.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nomadlogic.org;
	s=04242021; t=1700172758;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=XCYU9iETOegkStrA6nAB4OxTJGC+9naO8jVlqTwpelo=;
	b=32vzmx6QD9J/efJQIw3OoS+MO/SJl3te0CJ/MY0drPR031DQDqSNvK+eZvAR67bCLrbWvf
	6PTl58eOAU1XHOgUsXG99ifHT6+By1X84Ektz9087MJanZ+ouGgO8w4ib/i6RU8BVXO3dp
	EOCutzk+oMLYax9tIhw1FW8o2HlizBY=
Received: from [192.168.1.240] (cpe-24-24-168-214.socal.res.rr.com [24.24.168.214])
	by mail.nomadlogic.org (OpenSMTPD) with ESMTPSA id c397fa68 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO)
	for <questions@freebsd.org>;
	Thu, 16 Nov 2023 22:12:37 +0000 (UTC)
Message-ID: <75f4ef5a-e6cc-425f-8a07-9f5f95e4d8aa@nomadlogic.org>
Date: Thu, 16 Nov 2023 14:12:36 -0800
List-Id: User questions <freebsd-questions.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-questions
List-Help: <mailto:questions+help@freebsd.org>
List-Post: <mailto:questions@freebsd.org>
List-Subscribe: <mailto:questions+subscribe@freebsd.org>
List-Unsubscribe: <mailto:questions+unsubscribe@freebsd.org>
Sender: owner-freebsd-questions@freebsd.org
X-BeenThere: freebsd-questions@freebsd.org
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: py39-certbot-2.6.0,1
Content-Language: en-US
To: questions@freebsd.org
References: <E9299A1C-27B1-46CE-95B3-926AAEA56DF1@sermon-archive.info>
 <173e9c01-1e50-43ce-8acb-22a33f9603d4@gmail.com>
 <8D21AE27-BE70-4158-B198-4B06C7D4A981@sermon-archive.info>
From: Pete Wright <pete@nomadlogic.org>
In-Reply-To: <8D21AE27-BE70-4158-B198-4B06C7D4A981@sermon-archive.info>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Spamd-Result: default: False [-3.99 / 15.00];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-1.00)[-1.000];
	DMARC_POLICY_ALLOW(-0.50)[nomadlogic.org,quarantine];
	R_SPF_ALLOW(-0.20)[+mx];
	R_DKIM_ALLOW(-0.20)[nomadlogic.org:s=04242021];
	MIME_GOOD(-0.10)[text/plain];
	XM_UA_NO_VERSION(0.01)[];
	ASN(0.00)[asn:29802, ipnet:66.165.240.0/22, country:US];
	FROM_EQ_ENVFROM(0.00)[];
	MLMMJ_DEST(0.00)[questions@freebsd.org];
	RCVD_COUNT_ONE(0.00)[1];
	MIME_TRACE(0.00)[0:+];
	DKIM_TRACE(0.00)[nomadlogic.org:+];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	RCPT_COUNT_ONE(0.00)[1];
	FROM_HAS_DN(0.00)[];
	ARC_NA(0.00)[];
	RCVD_TLS_ALL(0.00)[];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	TO_DN_NONE(0.00)[];
	PREVIOUSLY_DELIVERED(0.00)[questions@freebsd.org];
	MID_RHS_MATCH_FROM(0.00)[]
X-Rspamd-Queue-Id: 4SWZ6109pcz4YWx
X-Spamd-Bar: ---



On 11/16/23 2:02 PM, Doug Hardie wrote:
>> On Nov 16, 2023, at 13:59, TIM KELLERS <trkellers@gmail.com> wrote:
>>
>> I use that certbot, too, and I just do an apachectl stop before 
>> "certbot renew."  I also have to stop the pf service because my 
>> firewall doesn't like port 80 traffic, but that's a different use case.
>>
>>
>> Tim
>>
>>
>> On 11/16/23 4:34 PM, Doug Hardie wrote:
>>> I have been using py39-certbot-2.6.0,1 for sometime now without any 
>>> issues.  However, earlier this month it started generating errors:
>>>
>>> Renewing an existing certificate for sermon-archive.info and 5 more 
>>> domains
>>> Failed to renew certificate sermon-archive.info with error: Could not 
>>> bind TCP port 80 because it is already in use by another process on 
>>> this system (such as a web server). Please stop the program in 
>>> question and then try again.
>>>
>>> Huh?  Of course there is a web server there.  That's why I need a 
>>> certificate.  Anyone know how to fix this issue, or should I switch 
>>> to some other LetsEncrypt client?  Thanks,
>>>
> 
> Stopping the web server is not a viable approach.  It is on a production 
> machine and that would affect my clients.  It has never done this in the 
> years I have been using LetsEncrypt.  I don't see any changes in that 
> port either.
> 

have you added any vhosts or 301 redirects on port 80 in your httpd 
configuration?  i have this issue with one system that does a 301 
redirect to port 443 on port 80.  on another host where i don't do this 
certbot works as expected without having to stop httpd.

-pete


-- 
Pete Wright
pete@nomadlogic.org