La renovación de certbot bloquea nginx y todos los sitios web se desconectan

tag-icon tag-icon nginx lets-encrypt certbot server-crashes crash
La renovación de certbot bloquea nginx y todos los sitios web se desconectan

Cuando sudo certbot renewse ejecuta el comando, el servidor nginx falla. El registro de errores en systemd se ve así:

- The job identifier is 48862.
Sep 01 11:31:52 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Main process exited, code=dumped, status=11/SEGV
-- Subject: Unit process exited
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
-- 
-- An ExecStart= process belonging to unit nginx.service has exited.
-- 
-- The process' exit code is 'dumped' and its exit status is 11.
Sep 01 11:31:52 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2046516 (PassengerAgent) with signal SIGKILL.
Sep 01 11:31:52 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2046532 (nginx) with signal SIGKILL.
Sep 01 11:31:52 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2046535 (nginx) with signal SIGKILL.
Sep 01 11:31:52 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2046538 (nginx) with signal SIGKILL.
Sep 01 11:31:52 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2046539 (nginx) with signal SIGKILL.
Sep 01 11:31:52 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2046557 (PassengerAgent) with signal SIGKILL.
Sep 01 11:31:52 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2046516 (PassengerAgent) with signal SIGKILL.
Sep 01 11:31:52 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2046532 (nginx) with signal SIGKILL.
Sep 01 11:31:52 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2046535 (nginx) with signal SIGKILL.
Sep 01 11:31:52 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2046538 (nginx) with signal SIGKILL.
Sep 01 11:31:52 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2046539 (nginx) with signal SIGKILL.
Sep 01 11:31:52 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2046557 (PassengerAgent) with signal SIGKILL.
Sep 01 11:31:52 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Failed with result 'core-dump'.
-- Subject: Unit failed
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
-- 
-- The unit nginx.service has entered the 'failed' state with result 'core-dump'.

El resultado del comando de renovación se ve así:

$ sudo certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/atp.flexgrid-project.eu.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attempting to parse the version 1.18.0 renewal configuration file found at /etc/letsencrypt/renewal/atp.flexgrid-project.eu.conf with version 0.40.0 of Certbot. This might not work.
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for atp.flexgrid-project.eu
Waiting for verification...
Cleaning up challenges
nginx: [error] open() "/run/nginx.pid" failed (2: No such file or directory)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of nginx server; fullchain is
/etc/letsencrypt/live/atp.flexgrid-project.eu/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/db.flexgrid-project.eu.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attempting to parse the version 1.18.0 renewal configuration file found at /etc/letsencrypt/renewal/db.flexgrid-project.eu.conf with version 0.40.0 of Certbot. This might not work.
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for db.flexgrid-project.eu
Waiting for verification...
Cleaning up challenges
nginx: [alert] kill(2046610, 1) failed (3: No such process)
Attempting to renew cert (db.flexgrid-project.eu) from /etc/letsencrypt/renewal/db.flexgrid-project.eu.conf produced an unexpected error: nginx restart failed:
b''
b''. Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/phoenix.medialab.ntua.gr.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attempting to parse the version 1.18.0 renewal configuration file found at /etc/letsencrypt/renewal/phoenix.medialab.ntua.gr.conf with version 0.40.0 of Certbot. This might not work.
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for phoenix.medialab.ntua.gr
nginx: [alert] kill(2046610, 1) failed (3: No such process)
Cleaning up challenges
nginx: [alert] kill(2046610, 1) failed (3: No such process)
Encountered exception during recovery: 
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 70, in handle_authorizations
    resps = self.auth.perform(achalls)
  File "/usr/lib/python3/dist-packages/certbot_nginx/configurator.py", line 1134, in perform
    self.restart()
  File "/usr/lib/python3/dist-packages/certbot_nginx/configurator.py", line 919, in restart
    nginx_restart(self.conf('ctl'), self.nginx_conf)
  File "/usr/lib/python3/dist-packages/certbot_nginx/configurator.py", line 1202, in nginx_restart
    raise errors.MisconfigurationError(
certbot.errors.MisconfigurationError: nginx restart failed:
b''
b''

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/error_handler.py", line 124, in _call_registered
    self.funcs[-1]()
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 243, in _cleanup_challenges
    self.auth.cleanup(achalls)
  File "/usr/lib/python3/dist-packages/certbot_nginx/configurator.py", line 1152, in cleanup
    self.restart()
  File "/usr/lib/python3/dist-packages/certbot_nginx/configurator.py", line 919, in restart
    nginx_restart(self.conf('ctl'), self.nginx_conf)
  File "/usr/lib/python3/dist-packages/certbot_nginx/configurator.py", line 1202, in nginx_restart
    raise errors.MisconfigurationError(
certbot.errors.MisconfigurationError: nginx restart failed:
b''
b''
Attempting to renew cert (phoenix.medialab.ntua.gr) from /etc/letsencrypt/renewal/phoenix.medialab.ntua.gr.conf produced an unexpected error: nginx restart failed:
b''
b''. Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/rabit.socialenergy-project.eu.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attempting to parse the version 1.18.0 renewal configuration file found at /etc/letsencrypt/renewal/rabit.socialenergy-project.eu.conf with version 0.40.0 of Certbot. This might not work.
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for rabit.socialenergy-project.eu
http-01 challenge for rat.socialenergy-project.eu
nginx: [alert] kill(2046610, 1) failed (3: No such process)
Cleaning up challenges
nginx: [alert] kill(2046610, 1) failed (3: No such process)
Encountered exception during recovery: 
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 70, in handle_authorizations
    resps = self.auth.perform(achalls)
  File "/usr/lib/python3/dist-packages/certbot_nginx/configurator.py", line 1134, in perform
    self.restart()
  File "/usr/lib/python3/dist-packages/certbot_nginx/configurator.py", line 919, in restart
    nginx_restart(self.conf('ctl'), self.nginx_conf)
  File "/usr/lib/python3/dist-packages/certbot_nginx/configurator.py", line 1202, in nginx_restart
    raise errors.MisconfigurationError(
certbot.errors.MisconfigurationError: nginx restart failed:
b''
b''

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/error_handler.py", line 124, in _call_registered
    self.funcs[-1]()
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 243, in _cleanup_challenges
    self.auth.cleanup(achalls)
  File "/usr/lib/python3/dist-packages/certbot_nginx/configurator.py", line 1152, in cleanup
    self.restart()
  File "/usr/lib/python3/dist-packages/certbot_nginx/configurator.py", line 919, in restart
    nginx_restart(self.conf('ctl'), self.nginx_conf)
  File "/usr/lib/python3/dist-packages/certbot_nginx/configurator.py", line 1202, in nginx_restart
    raise errors.MisconfigurationError(
certbot.errors.MisconfigurationError: nginx restart failed:
b''
b''
Attempting to renew cert (rabit.socialenergy-project.eu) from /etc/letsencrypt/renewal/rabit.socialenergy-project.eu.conf produced an unexpected error: nginx restart failed:
b''
b''. Skipping.
The following certs could not be renewed:
  /etc/letsencrypt/live/db.flexgrid-project.eu/fullchain.pem (failure)
  /etc/letsencrypt/live/phoenix.medialab.ntua.gr/fullchain.pem (failure)
  /etc/letsencrypt/live/rabit.socialenergy-project.eu/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

The following certs were successfully renewed:
  /etc/letsencrypt/live/atp.flexgrid-project.eu/fullchain.pem (success)

The following certs could not be renewed:
  /etc/letsencrypt/live/db.flexgrid-project.eu/fullchain.pem (failure)
  /etc/letsencrypt/live/phoenix.medialab.ntua.gr/fullchain.pem (failure)
  /etc/letsencrypt/live/rabit.socialenergy-project.eu/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
3 renew failure(s), 0 parse failure(s)

Los scripts de renovación en certbot tienen este aspecto:

$ sudo cat /etc/letsencrypt/renewal/atp.flexgrid-project.eu.conf 
# renew_before_expiry = 30 days
version = 1.18.0
archive_dir = /etc/letsencrypt/archive/atp.flexgrid-project.eu
cert = /etc/letsencrypt/live/atp.flexgrid-project.eu/cert.pem
privkey = /etc/letsencrypt/live/atp.flexgrid-project.eu/privkey.pem
chain = /etc/letsencrypt/live/atp.flexgrid-project.eu/chain.pem
fullchain = /etc/letsencrypt/live/atp.flexgrid-project.eu/fullchain.pem

# Options used in the renewal process
[renewalparams]
account = XXXXXXXXXXXXXXXXXXXXXXXXXXxx
authenticator = nginx
installer = nginx
server = https://acme-v02.api.letsencrypt.org/directory

Las versiones son:

  • certbot 0.40.0
  • nginx1.18.0-0ubuntu1.2
  • Ubuntu 20.04.3 LTS

Este error es realmente molesto porque el servidor se apaga sin previo aviso cada vez que es necesario renovar un certificado.

Vi varios hilos en foros y problemas, pero son de hace algunos años y no parecen funcionar en versiones más nuevas. Un hilo sugirió usar la versión instantánea en lugar de apta para certbot, pero el error persiste.

El registro de errores de nginx tiene lo siguiente:

==> /var/log/nginx/error.log <==
[ N 2021-09-02 08:07:25.5247 2298270/T5 age/Cor/SecurityUpdateChecker.h:519 ]: Security update check: no update found (next check in 24 hours)
2021/09/02 08:07:25 [notice] 2298303#2298303: signal process started

[ N 2021-09-02 08:07:25.5352 2298270/T9 age/Cor/CoreMain.cpp:670 ]: Signal received. Gracefully shutting down... (send signal 2 more time(s) to force shutdown)
[ N 2021-09-02 08:07:25.5352 2298270/T1 age/Cor/CoreMain.cpp:1245 ]: Received command to shutdown gracefully. Waiting until all clients have disconnected...
[ N 2021-09-02 08:07:25.5353 2298270/Tb Ser/Server.h:901 ]: [ServerThr.2] Freed 0 spare client objects
[ N 2021-09-02 08:07:25.5353 2298270/Tc Ser/Server.h:901 ]: [ServerThr.3] Freed 0 spare client objects
[ N 2021-09-02 08:07:25.5353 2298270/Te Ser/Server.h:901 ]: [ServerThr.4] Freed 0 spare client objects
[ N 2021-09-02 08:07:25.5353 2298270/Tb Ser/Server.h:558 ]: [ServerThr.2] Shutdown finished
[ N 2021-09-02 08:07:25.5353 2298270/Tc Ser/Server.h:558 ]: [ServerThr.3] Shutdown finished
[ N 2021-09-02 08:07:25.5353 2298270/Te Ser/Server.h:558 ]: [ServerThr.4] Shutdown finished
[ N 2021-09-02 08:07:25.5354 2298270/T9 Ser/Server.h:901 ]: [ServerThr.1] Freed 0 spare client objects
[ N 2021-09-02 08:07:25.5354 2298270/T9 Ser/Server.h:558 ]: [ServerThr.1] Shutdown finished
[ N 2021-09-02 08:07:25.5355 2298270/Tg Ser/Server.h:901 ]: [ApiServer] Freed 0 spare client objects
[ N 2021-09-02 08:07:25.5355 2298270/Tg Ser/Server.h:558 ]: [ApiServer] Shutdown finished
2021/09/02 08:07:28 [notice] 2298312#2298312: signal process started
2021/09/02 08:07:28 [error] 2298312#2298312: open() "/run/nginx.pid" failed (2: No such file or directory)
[ N 2021-09-02 08:07:28.8243 2298314/T1 age/Wat/WatchdogMain.cpp:1373 ]: Starting Passenger watchdog...
[ N 2021-09-02 08:07:28.8529 2298317/T1 age/Cor/CoreMain.cpp:1340 ]: Starting Passenger core...
[ N 2021-09-02 08:07:28.8530 2298317/T1 age/Cor/CoreMain.cpp:256 ]: Passenger core running in multi-application mode.
[ N 2021-09-02 08:07:28.8674 2298317/T1 age/Cor/CoreMain.cpp:1015 ]: Passenger core online, PID 2298317
2021/09/02 08:07:29 [info] 2298343#2298343: Using 32768KiB of shared memory for nchan in /etc/nginx/nginx.conf:63
[ N 2021-09-02 08:07:31.1196 2298317/T5 age/Cor/SecurityUpdateChecker.h:519 ]: Security update check: no update found (next check in 24 hours)
2021/09/02 08:07:32 [notice] 2298349#2298349: signal process started

[ N 2021-09-02 08:07:32.2357 2298317/T9 age/Cor/CoreMain.cpp:670 ]: Signal received. Gracefully shutting down... (send signal 2 more time(s) to force shutdown)
[ N 2021-09-02 08:07:32.2358 2298317/T1 age/Cor/CoreMain.cpp:1245 ]: Received command to shutdown gracefully. Waiting until all clients have disconnected...
[ N 2021-09-02 08:07:32.2358 2298317/Ta Ser/Server.h:901 ]: [ServerThr.2] Freed 0 spare client objects
[ N 2021-09-02 08:07:32.2358 2298317/Tc Ser/Server.h:901 ]: [ServerThr.3] Freed 0 spare client objects
[ N 2021-09-02 08:07:32.2359 2298317/Ta Ser/Server.h:558 ]: [ServerThr.2] Shutdown finished
[ N 2021-09-02 08:07:32.2359 2298317/Tc Ser/Server.h:558 ]: [ServerThr.3] Shutdown finished
[ N 2021-09-02 08:07:32.2359 2298317/T9 Ser/Server.h:901 ]: [ServerThr.1] Freed 0 spare client objects
[ N 2021-09-02 08:07:32.2359 2298317/T9 Ser/Server.h:558 ]: [ServerThr.1] Shutdown finished
[ N 2021-09-02 08:07:32.2359 2298317/Te Ser/Server.h:901 ]: [ServerThr.4] Freed 0 spare client objects
[ N 2021-09-02 08:07:32.2359 2298317/Te Ser/Server.h:558 ]: [ServerThr.4] Shutdown finished
[ N 2021-09-02 08:07:32.2360 2298317/Tg Ser/Server.h:901 ]: [ApiServer] Freed 0 spare client objects
[ N 2021-09-02 08:07:32.2360 2298317/Tg Ser/Server.h:558 ]: [ApiServer] Shutdown finished
[ N 2021-09-02 08:07:32.2765 2298352/T1 age/Wat/WatchdogMain.cpp:1373 ]: Starting Passenger watchdog...
[ N 2021-09-02 08:07:32.3006 2298356/T1 age/Cor/CoreMain.cpp:1340 ]: Starting Passenger core...
[ N 2021-09-02 08:07:32.3008 2298356/T1 age/Cor/CoreMain.cpp:256 ]: Passenger core running in multi-application mode.
[ N 2021-09-02 08:07:32.3151 2298356/T1 age/Cor/CoreMain.cpp:1015 ]: Passenger core online, PID 2298356
[ N 2021-09-02 08:07:32.5218 2298317/T1 age/Cor/CoreMain.cpp:1325 ]: Passenger core shutdown finished

[ N 2021-09-02 08:07:34.5746 2298356/T5 age/Cor/SecurityUpdateChecker.h:519 ]: Security update check: no update found (next check in 24 hours)
2021/09/02 08:07:34 [notice] 2298386#2298386: signal process started

[ N 2021-09-02 08:07:34.8582 2298356/T9 age/Cor/CoreMain.cpp:670 ]: Signal received. Gracefully shutting down... (send signal 2 more time(s) to force shutdown)
[ N 2021-09-02 08:07:34.8583 2298356/T1 age/Cor/CoreMain.cpp:1245 ]: Received command to shutdown gracefully. Waiting until all clients have disconnected...
[ N 2021-09-02 08:07:34.8583 2298356/Tc Ser/Server.h:901 ]: [ServerThr.3] Freed 0 spare client objects
[ N 2021-09-02 08:07:34.8583 2298356/Tc Ser/Server.h:558 ]: [ServerThr.3] Shutdown finished
[ N 2021-09-02 08:07:34.8583 2298356/T9 Ser/Server.h:901 ]: [ServerThr.1] Freed 0 spare client objects
[ N 2021-09-02 08:07:34.8584 2298356/T9 Ser/Server.h:558 ]: [ServerThr.1] Shutdown finished
[ N 2021-09-02 08:07:34.8584 2298356/Tb Ser/Server.h:901 ]: [ServerThr.2] Freed 0 spare client objects
[ N 2021-09-02 08:07:34.8584 2298356/Tb Ser/Server.h:558 ]: [ServerThr.2] Shutdown finished
[ N 2021-09-02 08:07:34.8584 2298356/Te Ser/Server.h:901 ]: [ServerThr.4] Freed 0 spare client objects
[ N 2021-09-02 08:07:34.8584 2298356/Te Ser/Server.h:558 ]: [ServerThr.4] Shutdown finished
[ N 2021-09-02 08:07:34.8584 2298356/Tg Ser/Server.h:901 ]: [ApiServer] Freed 0 spare client objects
[ N 2021-09-02 08:07:34.8584 2298356/Tg Ser/Server.h:558 ]: [ApiServer] Shutdown finished
panic: memory wrap at /usr/share/perl/5.30/constant.pm line 20.
Compilation failed in require at /usr/lib/x86_64-linux-gnu/perl5/5.30/nginx.pm line 61.
BEGIN failed--compilation aborted at /usr/lib/x86_64-linux-gnu/perl5/5.30/nginx.pm line 61.
Compilation failed in require.
BEGIN failed--compilation aborted.
2021/09/02 08:07:34 [alert] 2298325#2298325: perl_parse() failed: 255
[ N 2021-09-02 08:07:35.1369 2298356/T1 age/Cor/CoreMain.cpp:1325 ]: Passenger core shutdown finished
2021/09/02 08:07:38 [notice] 2298396#2298396: signal process started
2021/09/02 08:07:39 [info] 2298398#2298398: Using 32768KiB of shared memory for nchan in /etc/nginx/nginx.conf:63
2021/09/02 08:07:40 [notice] 2298401#2298401: signal process started
2021/09/02 08:07:40 [alert] 2298401#2298401: kill(2298325, 1) failed (3: No such process)
2021/09/02 08:07:40 [emerg] 2298402#2298402: bind() to 0.0.0.0:443 failed (98: Address already in use)
2021/09/02 08:07:40 [emerg] 2298402#2298402: bind() to 0.0.0.0:80 failed (98: Address already in use)
2021/09/02 08:07:40 [emerg] 2298402#2298402: bind() to [::]:80 failed (98: Address already in use)
2021/09/02 08:07:40 [emerg] 2298402#2298402: bind() to [::]:443 failed (98: Address already in use)
2021/09/02 08:07:40 [emerg] 2298402#2298402: bind() to 0.0.0.0:443 failed (98: Address already in use)
2021/09/02 08:07:40 [emerg] 2298402#2298402: bind() to 0.0.0.0:80 failed (98: Address already in use)
2021/09/02 08:07:40 [emerg] 2298402#2298402: bind() to [::]:80 failed (98: Address already in use)
2021/09/02 08:07:40 [emerg] 2298402#2298402: bind() to [::]:443 failed (98: Address already in use)
2021/09/02 08:07:40 [emerg] 2298402#2298402: bind() to 0.0.0.0:443 failed (98: Address already in use)
2021/09/02 08:07:40 [emerg] 2298402#2298402: bind() to 0.0.0.0:80 failed (98: Address already in use)
2021/09/02 08:07:40 [emerg] 2298402#2298402: bind() to [::]:80 failed (98: Address already in use)
2021/09/02 08:07:40 [emerg] 2298402#2298402: bind() to [::]:443 failed (98: Address already in use)
2021/09/02 08:07:40 [emerg] 2298402#2298402: bind() to 0.0.0.0:443 failed (98: Address already in use)
2021/09/02 08:07:40 [emerg] 2298402#2298402: bind() to 0.0.0.0:80 failed (98: Address already in use)
2021/09/02 08:07:40 [emerg] 2298402#2298402: bind() to [::]:80 failed (98: Address already in use)
2021/09/02 08:07:40 [emerg] 2298402#2298402: bind() to [::]:443 failed (98: Address already in use)
2021/09/02 08:07:40 [emerg] 2298402#2298402: bind() to 0.0.0.0:443 failed (98: Address already in use)
2021/09/02 08:07:40 [emerg] 2298402#2298402: bind() to 0.0.0.0:80 failed (98: Address already in use)
2021/09/02 08:07:40 [emerg] 2298402#2298402: bind() to [::]:80 failed (98: Address already in use)
2021/09/02 08:07:40 [emerg] 2298402#2298402: bind() to [::]:443 failed (98: Address already in use)
2021/09/02 08:07:40 [emerg] 2298402#2298402: still could not bind()
2021/09/02 08:07:43 [notice] 2298406#2298406: signal process started
2021/09/02 08:07:43 [alert] 2298406#2298406: kill(2298325, 1) failed (3: No such process)
2021/09/02 08:07:43 [emerg] 2298407#2298407: bind() to 0.0.0.0:443 failed (98: Address already in use)
2021/09/02 08:07:43 [emerg] 2298407#2298407: bind() to 0.0.0.0:80 failed (98: Address already in use)
2021/09/02 08:07:43 [emerg] 2298407#2298407: bind() to [::]:80 failed (98: Address already in use)
2021/09/02 08:07:43 [emerg] 2298407#2298407: bind() to [::]:443 failed (98: Address already in use)
2021/09/02 08:07:43 [emerg] 2298407#2298407: bind() to 0.0.0.0:443 failed (98: Address already in use)
2021/09/02 08:07:43 [emerg] 2298407#2298407: bind() to 0.0.0.0:80 failed (98: Address already in use)
2021/09/02 08:07:43 [emerg] 2298407#2298407: bind() to [::]:80 failed (98: Address already in use)
2021/09/02 08:07:43 [emerg] 2298407#2298407: bind() to [::]:443 failed (98: Address already in use)
2021/09/02 08:07:43 [emerg] 2298407#2298407: bind() to 0.0.0.0:443 failed (98: Address already in use)
2021/09/02 08:07:43 [emerg] 2298407#2298407: bind() to 0.0.0.0:80 failed (98: Address already in use)
2021/09/02 08:07:43 [emerg] 2298407#2298407: bind() to [::]:80 failed (98: Address already in use)
2021/09/02 08:07:43 [emerg] 2298407#2298407: bind() to [::]:443 failed (98: Address already in use)
2021/09/02 08:07:43 [emerg] 2298407#2298407: bind() to 0.0.0.0:443 failed (98: Address already in use)
2021/09/02 08:07:43 [emerg] 2298407#2298407: bind() to 0.0.0.0:80 failed (98: Address already in use)
2021/09/02 08:07:43 [emerg] 2298407#2298407: bind() to [::]:80 failed (98: Address already in use)
2021/09/02 08:07:43 [emerg] 2298407#2298407: bind() to [::]:443 failed (98: Address already in use)
2021/09/02 08:07:43 [emerg] 2298407#2298407: bind() to 0.0.0.0:443 failed (98: Address already in use)
2021/09/02 08:07:43 [emerg] 2298407#2298407: bind() to 0.0.0.0:80 failed (98: Address already in use)
2021/09/02 08:07:43 [emerg] 2298407#2298407: bind() to [::]:80 failed (98: Address already in use)
2021/09/02 08:07:43 [emerg] 2298407#2298407: bind() to [::]:443 failed (98: Address already in use)
2021/09/02 08:07:43 [emerg] 2298407#2298407: still could not bind()
2021/09/02 08:07:46 [info] 2298408#2298408: Using 32768KiB of shared memory for nchan in /etc/nginx/nginx.conf:63
2021/09/02 08:07:49 [notice] 2298414#2298414: signal process started
2021/09/02 08:07:49 [alert] 2298414#2298414: kill(2298325, 1) failed (3: No such process)
2021/09/02 08:07:49 [emerg] 2298416#2298416: bind() to 0.0.0.0:443 failed (98: Address already in use)
2021/09/02 08:07:49 [emerg] 2298416#2298416: bind() to 0.0.0.0:80 failed (98: Address already in use)
2021/09/02 08:07:49 [emerg] 2298416#2298416: bind() to [::]:80 failed (98: Address already in use)
2021/09/02 08:07:49 [emerg] 2298416#2298416: bind() to [::]:443 failed (98: Address already in use)
2021/09/02 08:07:49 [emerg] 2298416#2298416: bind() to 0.0.0.0:443 failed (98: Address already in use)
2021/09/02 08:07:49 [emerg] 2298416#2298416: bind() to 0.0.0.0:80 failed (98: Address already in use)
2021/09/02 08:07:49 [emerg] 2298416#2298416: bind() to [::]:80 failed (98: Address already in use)
2021/09/02 08:07:49 [emerg] 2298416#2298416: bind() to [::]:443 failed (98: Address already in use)
2021/09/02 08:07:49 [emerg] 2298416#2298416: bind() to 0.0.0.0:443 failed (98: Address already in use)
2021/09/02 08:07:49 [emerg] 2298416#2298416: bind() to 0.0.0.0:80 failed (98: Address already in use)
2021/09/02 08:07:49 [emerg] 2298416#2298416: bind() to [::]:80 failed (98: Address already in use)
2021/09/02 08:07:49 [emerg] 2298416#2298416: bind() to [::]:443 failed (98: Address already in use)
2021/09/02 08:07:49 [emerg] 2298416#2298416: bind() to 0.0.0.0:443 failed (98: Address already in use)
2021/09/02 08:07:49 [emerg] 2298416#2298416: bind() to 0.0.0.0:80 failed (98: Address already in use)
2021/09/02 08:07:49 [emerg] 2298416#2298416: bind() to [::]:80 failed (98: Address already in use)
2021/09/02 08:07:49 [emerg] 2298416#2298416: bind() to [::]:443 failed (98: Address already in use)
2021/09/02 08:07:49 [emerg] 2298416#2298416: bind() to 0.0.0.0:443 failed (98: Address already in use)
2021/09/02 08:07:49 [emerg] 2298416#2298416: bind() to 0.0.0.0:80 failed (98: Address already in use)
2021/09/02 08:07:49 [emerg] 2298416#2298416: bind() to [::]:80 failed (98: Address already in use)
2021/09/02 08:07:49 [emerg] 2298416#2298416: bind() to [::]:443 failed (98: Address already in use)
2021/09/02 08:07:49 [emerg] 2298416#2298416: still could not bind()
2021/09/02 08:07:52 [notice] 2298420#2298420: signal process started
2021/09/02 08:07:52 [alert] 2298420#2298420: kill(2298325, 1) failed (3: No such process)
2021/09/02 08:07:52 [emerg] 2298421#2298421: bind() to 0.0.0.0:443 failed (98: Address already in use)
2021/09/02 08:07:52 [emerg] 2298421#2298421: bind() to 0.0.0.0:80 failed (98: Address already in use)
2021/09/02 08:07:52 [emerg] 2298421#2298421: bind() to [::]:80 failed (98: Address already in use)
2021/09/02 08:07:52 [emerg] 2298421#2298421: bind() to [::]:443 failed (98: Address already in use)
2021/09/02 08:07:52 [emerg] 2298421#2298421: bind() to 0.0.0.0:443 failed (98: Address already in use)
2021/09/02 08:07:52 [emerg] 2298421#2298421: bind() to 0.0.0.0:80 failed (98: Address already in use)
2021/09/02 08:07:52 [emerg] 2298421#2298421: bind() to [::]:80 failed (98: Address already in use)
2021/09/02 08:07:52 [emerg] 2298421#2298421: bind() to [::]:443 failed (98: Address already in use)
2021/09/02 08:07:52 [emerg] 2298421#2298421: bind() to 0.0.0.0:443 failed (98: Address already in use)
2021/09/02 08:07:52 [emerg] 2298421#2298421: bind() to 0.0.0.0:80 failed (98: Address already in use)
2021/09/02 08:07:52 [emerg] 2298421#2298421: bind() to [::]:80 failed (98: Address already in use)
2021/09/02 08:07:52 [emerg] 2298421#2298421: bind() to [::]:443 failed (98: Address already in use)
2021/09/02 08:07:52 [emerg] 2298421#2298421: bind() to 0.0.0.0:443 failed (98: Address already in use)
2021/09/02 08:07:52 [emerg] 2298421#2298421: bind() to 0.0.0.0:80 failed (98: Address already in use)
2021/09/02 08:07:52 [emerg] 2298421#2298421: bind() to [::]:80 failed (98: Address already in use)
2021/09/02 08:07:52 [emerg] 2298421#2298421: bind() to [::]:443 failed (98: Address already in use)
2021/09/02 08:07:52 [emerg] 2298421#2298421: bind() to 0.0.0.0:443 failed (98: Address already in use)
2021/09/02 08:07:52 [emerg] 2298421#2298421: bind() to 0.0.0.0:80 failed (98: Address already in use)
2021/09/02 08:07:52 [emerg] 2298421#2298421: bind() to [::]:80 failed (98: Address already in use)
2021/09/02 08:07:52 [emerg] 2298421#2298421: bind() to [::]:443 failed (98: Address already in use)
2021/09/02 08:07:52 [emerg] 2298421#2298421: still could not bind()

Respuesta1

Después de 1 día de pruebas e intentos de solución, encontré el problema y la solución (para mi caso).

No es un problema de certbot, es un problema de nginx, relacionado con el módulo Pearl. Es necesario no cargar el módulo. Puedes encontrar aquí la explicación:https://community.letsencrypt.org/t/nginx-server-fails-after-certbot-renew/142660/15?u=marcelloverona

Respuesta2

Creo que encontré una solución (pirata) para solucionar el problema. Los pasos son los siguientes:

  1. Cree un script ejecutable en la ubicación /etc/letsencrypt/nginx_fix.shcon el siguiente contenido:

    #!/bin/bash
for arg
do
  if [ "$arg" = "reload" ]
  then
    exec systemctl restart nginx
  fi
done
exec nginx "$@"

  2. Agregue la línea nginx_ctl = /etc/letsencrypt/nginx_fix.shal [renewalparams]bloque de cada archivo de configuración de renovación administrado por el autenticador nginx, ubicado en etc/letsencrypt/renewal/*.confla siguiente manera:

    # Options used in the renewal process
[renewalparams]
account = XXXXXX # Use your own account key
authenticator = nginx
installer = nginx
server = https://acme-v02.api.letsencrypt.org/directory
nginx_ctl = /etc/letsencrypt/nginx_fix.sh

No marcar esta respuesta como aceptada porque no es óptima en dos sentidos:

  1. Debe recordar editar el archivo de configuración de renovación para cada dominio que agregue.

  2. Aún recibe algunos errores en los registros de nginx de la siguiente manera:

    Sep 02 09:37:24 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2351182 (PassengerAgent) with signal SIGKILL.
Sep 02 09:37:24 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2351186 (PassengerAgent) with signal SIGKILL.
Sep 02 09:37:24 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2351227 (ruby) with signal SIGKILL.
Sep 02 09:37:24 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2351630 (ruby) with signal SIGKILL.
Sep 02 09:37:24 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2351655 (ruby) with signal SIGKILL.
Sep 02 09:37:24 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2351673 (ruby) with signal SIGKILL.
Sep 02 09:37:24 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2351692 (ruby) with signal SIGKILL.
Sep 02 09:37:24 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2351755 (PassengerAgent) with signal SIGKILL.
Sep 02 09:37:24 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2351191 (PassengerAgent) with signal SIGKILL.
Sep 02 09:37:24 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2351194 (PassengerAgent) with signal SIGKILL.
Sep 02 09:37:24 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2351197 (PassengerAgent) with signal SIGKILL.
Sep 02 09:37:24 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2351198 (PassengerAgent) with signal SIGKILL.
Sep 02 09:37:24 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2351200 (PassengerAgent) with signal SIGKILL.
Sep 02 09:37:24 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2351201 (PassengerAgent) with signal SIGKILL.
Sep 02 09:37:24 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2351205 (PassengerAgent) with signal SIGKILL.
Sep 02 09:37:24 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2351210 (PassengerAgent) with signal SIGKILL.
Sep 02 09:37:24 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2351618 (file_store.rb:*) with signal SIGKILL.
Sep 02 09:37:24 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2351651 (worker-1) with signal SIGKILL.
Sep 02 09:37:24 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2351656 (ruby) with signal SIGKILL.
Sep 02 09:37:24 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2351659 (connection_poo*) with signal SIGKILL.
Sep 02 09:37:24 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2351664 (n/a) with signal SIGKILL.
Sep 02 09:37:24 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2351665 (utils.rb:110) with signal SIGKILL.
Sep 02 09:37:24 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2351677 (n/a) with signal SIGKILL.
Sep 02 09:37:24 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2351682 (utils.rb:110) with signal SIGKILL.
Sep 02 09:37:24 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2351683 (n/a) with signal SIGKILL.
Sep 02 09:37:24 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2351696 (connection_poo*) with signal SIGKILL.
Sep 02 09:37:24 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2351701 (n/a) with signal SIGKILL.
Sep 02 09:37:24 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2351708 (worker-2) with signal SIGKILL.
Sep 02 09:37:24 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2351709 (worker-3) with signal SIGKILL.
Sep 02 09:37:24 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2351710 (worker-2) with signal SIGKILL.
Sep 02 09:37:24 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2351711 (worker-3) with signal SIGKILL.
Sep 02 09:37:24 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2351729 (io-worker-1) with signal SIGKILL.
Sep 02 09:37:24 phoenix.medialab.ntua.gr systemd[1]: nginx.service: Killing process 2351756 (PassengerAgent) with signal SIGKILL.

Pero al menos parece funcionar, al menos con la dry-runopción.

información relacionada