It seems that Letsencrypt needs port 443 to renew certificates.
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for mydomain.com
-------------------------------------------------------------------------------
Port 443 is already in use by another process. This will prevent us from binding
to that port. Please stop the process that is populating the port in question
and try again. For automated renewal, you may want to use a script that stops
and starts your webserver. You can find an example at
https://certbot.eff.org/docs/using.html#renewal . Alternatively you can use the
webroot plugin to renew without needing to stop and start your webserver.
-------------------------------------------------------------------------------
Cleaning up challenges
Attempting to renew cert from /etc/letsencrypt/renewal/mydomain.com.conf produced an unexpected error: At least one of the required ports is already taken.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/mydomain.com/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)It means that you should stop your web service. That is not affordable for a productive service so, you should force letsencrypt to do the verification with a different port.
Here is the happiness command:
OTHER_PORT=80
sudo ./letsencrypt-auto renew --standalone-supported-challenges http-01 --http-01-port $OTHER_PORT