Let's Encrypt Problem binding to port 80: Could not bind to IPv4 or IPv6

Learning that lasts. Online courses from $14.99

A couple of users notified me that they were receiving warning messages regarding the security certificate on their email server when they were checking email with Microsoft Outlook. I checked the expiration date on the security certificate for the email server with the OpenSSL command openssl s_client -connect pop3.moonpoint.com:995 (the system is using Dovecot, which is an open-source IMAP/POP3 software program providing users with the ability to download their email). Dovecot listens on TCP port 995 for POP3S secure email connections for downloading email.

$ openssl s_client -connect pop3.moonpoint.com:995
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = moonpoint.com
verify error:num=10:certificate has expired
notAfter=Mar 27 17:43:56 2022 GMT
verify return:1
depth=0 CN = moonpoint.com
notAfter=Mar 27 17:43:56 2022 GMT
verify return:1
---
Certificate chain
 0 s:/CN=moonpoint.com
   i:/C=US/O=Let's Encrypt/CN=R3
 1 s:/C=US/O=Let's Encrypt/CN=R3
   i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
 2 s:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
<text snipped>
+OK Dovecot ready.
quit
closed
$

I could see the certificae was expired and I issued the quit command when I saw the "OK Dovecot ready" prompt. The email security certificate on the system is provided by Let's Encrypt, so I then tried renewing the certificate from the root account with the letsencrypt renew command, but was unsuccessful.

$ su - root
Password:
Last login: Mon Apr  4 10:13:03 EDT 2022 on pts/0
[root@moonpoint ~]# letsencrypt renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/moonpoint.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Renewing an existing certificate for moonpoint.com and 2 more domains
Performing the following challenges:
http-01 challenge for moonpoint.com
http-01 challenge for support.moonpoint.com
http-01 challenge for www.moonpoint.com
Cleaning up challenges
Failed to renew certificate moonpoint.com with error: Problem binding to port 80: Could not bind to IPv4 or IPv6.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/support.moonpoint.com-0001.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/support.moonpoint.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Renewing an existing certificate for moonpoint.com and 5 more domains
Performing the following challenges:
http-01 challenge for moonpoint.com
http-01 challenge for support.moonpoint.com
http-01 challenge for www.moonpoint.com
http-01 challenge for imap.moonpoint.com
http-01 challenge for pop3.moonpoint.com
http-01 challenge for smtp.moonpoint.com
Cleaning up challenges
Failed to renew certificate support.moonpoint.com with error: Problem binding to port 80: Could not bind to IPv4 or IPv6.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following certificates are not due for renewal yet:
  /etc/letsencrypt/live/support.moonpoint.com-0001/fullchain.pem expires on 2022-05-27 (skipped)
All renewals failed. The following certificates could not be renewed:
  /etc/letsencrypt/live/moonpoint.com/fullchain.pem (failure)
  /etc/letsencrypt/live/support.moonpoint.com/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 renew failure(s), 0 parse failure(s)
#

I found the solution was to stop the Apache web server software running on the system, thanks to a post by JuergenAuer at Renewing certificate getting error: Problem binding to port 80: Could not bind to IPv4 or IPv6. After I stopped the web server software, I was able to reissue the letsencrypt command to renew the certificate without the "Problem binding to port 80" error message. I then restarted the Apache web server software and Dovecot.

# apachectl stop
# letsencrypt renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/moonpoint.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Renewing an existing certificate for moonpoint.com and 2 more domains
Performing the following challenges:
http-01 challenge for moonpoint.com
http-01 challenge for support.moonpoint.com
http-01 challenge for www.moonpoint.com
Waiting for verification...
Cleaning up challenges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/moonpoint.com/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/support.moonpoint.com-0001.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/support.moonpoint.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Renewing an existing certificate for moonpoint.com and 5 more domains
Performing the following challenges:
http-01 challenge for imap.moonpoint.com
http-01 challenge for pop3.moonpoint.com
http-01 challenge for smtp.moonpoint.com
Waiting for verification...
Cleaning up challenges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/support.moonpoint.com/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following certificates are not due for renewal yet:
  /etc/letsencrypt/live/erinfionacameron.com/fullchain.pem expires on 2022-05-26 (skipped)
  /etc/letsencrypt/live/support.moonpoint.com-0001/fullchain.pem expires on 2022-05-27 (skipped)
Congratulations, all renewals succeeded:
  /etc/letsencrypt/live/moonpoint.com/fullchain.pem (success)
  /etc/letsencrypt/live/support.moonpoint.com/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# apachectl start
# service dovecot restart
Redirecting to /bin/systemctl restart  dovecot.service
#

When I checked the new expiration date with an openssl x509 -enddate -noout -in command, I saw it is now July 4, 2022.

# openssl x509 -enddate -noout -in /etc/letsencrypt/live/moonpoint.com/cert.pem
notAfter=Jul  4 19:23:41 2022 GMT
#

Related articles:

  1. Let's Encrypt certificate for email server expired