Nginx stops by itself once in a while.

Nginx stops by itself occasionally and didn’t know the reason for it. When the server got down at 3rd time, I decided to dig into the problem.

I’ve looked up syslog first.

tail -5000f /var/log/syslog

Found the following messages.

May 12 00:51:39 ip-172-31-12-44 systemd[1]: Starting Certbot...
May 12 00:51:40 ip-172-31-12-44 systemd[1]: Stopping A high performance web server and a reverse proxy server...
May 12 00:51:40 ip-172-31-12-44 systemd[1]: Stopped A high performance web server and a reverse proxy server.
May 12 00:51:46 ip-172-31-12-44 certbot[15472]: nginx: [error] open() "/run/nginx.pid" failed (2: No such file or directory)
May 12 00:51:47 ip-172-31-12-44 systemd[1]: Starting A high performance web server and a reverse proxy server...
May 12 00:51:47 ip-172-31-12-44 nginx[15559]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
May 12 00:51:47 ip-172-31-12-44 nginx[15559]: nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
May 12 00:51:47 ip-172-31-12-44 nginx[15559]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
May 12 00:51:47 ip-172-31-12-44 nginx[15559]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
May 12 00:51:47 ip-172-31-12-44 nginx[15559]: nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
May 12 00:51:47 ip-172-31-12-44 nginx[15559]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
May 12 00:51:48 ip-172-31-12-44 nginx[15559]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
May 12 00:51:48 ip-172-31-12-44 nginx[15559]: nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
May 12 00:51:48 ip-172-31-12-44 nginx[15559]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
May 12 00:51:48 ip-172-31-12-44 nginx[15559]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
May 12 00:51:48 ip-172-31-12-44 nginx[15559]: nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
May 12 00:51:48 ip-172-31-12-44 nginx[15559]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
May 12 00:51:49 ip-172-31-12-44 nginx[15559]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
May 12 00:51:49 ip-172-31-12-44 nginx[15559]: nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
May 12 00:51:49 ip-172-31-12-44 nginx[15559]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
May 12 00:51:49 ip-172-31-12-44 nginx[15559]: nginx: [emerg] still could not bind()
May 12 00:51:49 ip-172-31-12-44 systemd[1]: nginx.service: Control process exited, code=exited status=1
May 12 00:51:49 ip-172-31-12-44 systemd[1]: Failed to start A high performance web server and a reverse proxy server.
May 12 00:51:49 ip-172-31-12-44 systemd[1]: nginx.service: Unit entered failed state.
May 12 00:51:49 ip-172-31-12-44 systemd[1]: nginx.service: Failed with result 'exit-code'.
May 12 00:51:49 ip-172-31-12-44 certbot[15472]: Hook command "service nginx start" returned error code 1
May 12 00:51:49 ip-172-31-12-44 certbot[15472]: Error output from service:
May 12 00:51:49 ip-172-31-12-44 certbot[15472]: Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalcte>-xe" for details.

I remember that I’ve set up a nginx server with certbot and noticed that it’s complaining about restarting nginx during certification renewal process.

Thus, I opened up the certification configuration file as below.

sudo vi /etc/letsencrypt/renewal/tinyapple.net.conf

I’ve changed the config file as below.

  1. Update authenticator from standalone to nginx.
  2. Update installer from nginx to none
  3. Comment out pre_hook.
  4. Update post_hook with service nginx restart.
# Options used in the renewal process
[renewalparams]
authenticator = nginx
installer = none
account = IDENTIFIER
#pre_hook = service nginx stop
post_hook = service nginx restart

To test the update, run the following command in order to simulate the renewal.

sudo certbot renew --dry-run

If it results without issues or errors, it’s good to go. 🙂

Advertisements