Action required: Let's Encrypt certificate renewals


#26

[root@HMFR-4 ~]# systemctl status apache2
● apache2.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead)
[root@HMFR-4 ~]#

i dont have apache2 … so now


#27

[REmodified instructions]
If you are OK with temporary stop, try:
systemctl stop httpd
certbot renew --dry-run -v --standalone
[if that fails also try]
certbot renew --dry-run -v --installer null
systemctl start httpd


#28
raise errors.StandaloneBindError(error, port)

StandaloneBindError: Problem binding to port 80: Could not bind to IPv4 or IPv6.

The following certs could not be renewed:
/etc/letsencrypt/live/www.priceblaze.pk/fullchain.pem (failure)


** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

The following certs were successfully renewed:
/etc/letsencrypt/live/merchant.priceblaze.pk/fullchain.pem (success)
/etc/letsencrypt/live/admin.priceblaze.pk/fullchain.pem (success)

The following certs could not be renewed:
/etc/letsencrypt/live/www.priceblaze.pk/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)


Running post-hook command: systemctl start httpd
Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 9, in
load_entry_point(‘certbot==0.29.1’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 1352, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 1259, in renew
renewal.handle_renewal_request(config)
File “/usr/lib/python2.7/site-packages/certbot/renewal.py”, line 457, in handle_renewal_request
len(renew_failures), len(parse_failures)))
Error: 1 renew failure(s), 0 parse failure(s)
1 renew failure(s), 0 parse failure(s)
[root@HMFR-4 ~]#

i stop httpd now this shows .?


#29

Please show:
ls -lR /etc/letsencrypt/renewal-hooks/


#30

[root@HMFR-4 ~]# ls -lR /etc/letsencrypt/renewal-hooks/
/etc/letsencrypt/renewal-hooks/:
total 0
drwxr-xr-x. 2 root root 6 Dec 11 2017 deploy
drwxr-xr-x. 2 root root 6 Dec 11 2017 post
drwxr-xr-x. 2 root root 6 Dec 11 2017 pre

/etc/letsencrypt/renewal-hooks/deploy:
total 0

/etc/letsencrypt/renewal-hooks/post:
total 0

/etc/letsencrypt/renewal-hooks/pre:
total 0
[root@HMFR-4 ~]#


#31

This makes no sense…
There are no hooks and yet:

Where did it get that from?


#32

[reREmodified instructions]
If you are OK with temporary stop, try:

certbot renew --dry-run -v --standalone --no-directory-hooks --pre-hook "systemctl stop httpd"

[if that fails also try]

certbot renew --dry-run -v --installer null --no-directory-hooks --pre-hook "systemctl stop httpd"

After all test done:
systemctl start httpd


#33

Please also show:
netstat -pant


#34

hi

i run this as well and got this resposne.

[root@HMFR-4 ~]# certbot renew --dry-run -v --installer null

Dry run: skipping updating lineage at /etc/letsencrypt/live/www.priceblaze.pk
Skipping renewal deployer in dry-run mode.


new certificate deployed with reload of null server; fullchain is
/etc/letsencrypt/live/www.priceblaze.pk/fullchain.pem


Skipping updaters in dry-run mode.
The following certs could not be renewed:
/etc/letsencrypt/live/merchant.priceblaze.pk/fullchain.pem (failure)


** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

The following certs were successfully renewed:
/etc/letsencrypt/live/admin.priceblaze.pk/fullchain.pem (success)
/etc/letsencrypt/live/www.priceblaze.pk/fullchain.pem (success)

The following certs could not be renewed:
/etc/letsencrypt/live/merchant.priceblaze.pk/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)


Running post-hook command: systemctl start httpd
Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 9, in
load_entry_point(‘certbot==0.29.1’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 1352, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 1259, in renew
renewal.handle_renewal_request(config)
File “/usr/lib/python2.7/site-packages/certbot/renewal.py”, line 457, in handle_renewal_request
len(renew_failures), len(parse_failures)))
Error: 1 renew failure(s), 0 parse failure(s)
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: merchant.priceblaze.pk
    Type: unauthorized
    Detail: Invalid response from
    http://merchant.priceblaze.pk/.well-known/acme-challenge/PoMn0-t9OMKZq8oRh0FNIuiy_58ZL578hI1PuZ-IA8A:
    "\n\n<html lang=“en”>\n\n <meta
    http-equiv=“content-type” content=“text/html; charset=utf-8”>\n

    Page not"

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.


#35

[root@HMFR-4 ~]# netstat -pant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 2940/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1447/sshd
tcp 0 0 38.108.7.164:22 113.204.66.138:33684 SYN_RECV -
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1453/cupsd
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN 13610/postgres
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 3630/sendmail: acce
tcp 0 0 127.0.0.1:49993 127.0.0.1:5432 TIME_WAIT -
tcp 0 0 127.0.0.1:50001 127.0.0.1:5432 TIME_WAIT -
tcp 0 64 38.108.7.164:22 202.63.215.48:62387 ESTABLISHED 12071/sshd: cubexs@
tcp 0 273 127.0.0.1:50004 127.0.0.1:5432 ESTABLISHED 16222/httpd
tcp 0 16400 38.108.7.164:22 125.209.123.78:61701 ESTABLISHED 7442/sshd: root@not
tcp 0 0 127.0.0.1:5432 127.0.0.1:50004 ESTABLISHED -
tcp 0 0 38.108.7.164:22 139.59.60.202:60854 ESTABLISHED 16677/sshd: unknown
tcp 0 0 127.0.0.1:49997 127.0.0.1:5432 TIME_WAIT -
tcp 0 0 38.108.7.164:22 112.85.42.227:16394 ESTABLISHED 16679/sshd: root [p
tcp 0 0 127.0.0.1:49999 127.0.0.1:5432 TIME_WAIT -
tcp 0 0 127.0.0.1:50003 127.0.0.1:5432 TIME_WAIT -
tcp 0 0 127.0.0.1:48810 127.0.0.1:5432 ESTABLISHED 13730/pgagent
tcp 0 0 127.0.0.1:49994 127.0.0.1:5432 TIME_WAIT -
tcp 0 0 127.0.0.1:5432 127.0.0.1:48810 ESTABLISHED 13731/postgres: pos
tcp 0 0 127.0.0.1:49995 127.0.0.1:5432 TIME_WAIT -
tcp 0 0 127.0.0.1:50002 127.0.0.1:5432 TIME_WAIT -
tcp 0 0 127.0.0.1:50000 127.0.0.1:5432 TIME_WAIT -
tcp 0 0 127.0.0.1:49998 127.0.0.1:5432 TIME_WAIT -
tcp 0 0 38.108.7.164:22 125.209.123.78:55604 ESTABLISHED 10999/sshd: root@no
tcp 0 0 38.108.7.164:22 125.209.123.78:55446 ESTABLISHED 7179/sshd: root@not
tcp 0 0 127.0.0.1:49996 127.0.0.1:5432 TIME_WAIT -
tcp6 0 0 :::3306 :::* LISTEN 2750/mysqld
tcp6 0 0 :::8080 :::* LISTEN 16171/httpd
tcp6 0 0 :::80 :::* LISTEN 16171/httpd
tcp6 0 0 :::8081 :::* LISTEN 16171/httpd
tcp6 0 0 :::8082 :::* LISTEN 16171/httpd
tcp6 0 0 :::22 :::* LISTEN 1447/sshd
tcp6 0 0 ::1:631 :::* LISTEN 1453/cupsd
tcp6 0 0 :::5432 :::* LISTEN 13610/postgres
tcp6 0 0 :::443 :::* LISTEN 16171/httpd
tcp6 0 0 38.108.7.164:443 137.59.227.217:60721 ESTABLISHED 16544/httpd
tcp6 0 0 38.108.7.164:443 46.229.168.134:46840 TIME_WAIT -
tcp6 0 0 38.108.7.164:443 54.36.148.149:48474 TIME_WAIT -
tcp6 0 0 38.108.7.164:443 46.229.168.137:19454 TIME_WAIT -
tcp6 0 0 38.108.7.164:443 54.36.149.73:26662 TIME_WAIT -
tcp6 0 0 38.108.7.164:443 46.229.168.153:14560 TIME_WAIT -
tcp6 0 0 38.108.7.164:443 54.36.149.100:35786 TIME_WAIT -
tcp6 0 0 38.108.7.164:443 54.36.148.223:37250 TIME_WAIT -
tcp6 0 0 38.108.7.164:443 54.36.149.51:46142 ESTABLISHED 16374/httpd
tcp6 0 0 38.108.7.164:443 54.36.149.88:49360 TIME_WAIT -
tcp6 0 0 38.108.7.164:80 109.201.154.251:34392 TIME_WAIT -
tcp6 0 0 38.108.7.164:443 54.36.148.255:47104 TIME_WAIT -
tcp6 0 0 38.108.7.164:443 54.36.149.106:25718 TIME_WAIT -
tcp6 0 0 38.108.7.164:443 137.59.227.217:51968 FIN_WAIT2 -
tcp6 0 0 38.108.7.164:443 46.229.168.152:58964 TIME_WAIT -
[root@HMFR-4 ~]#


#36

The problem continues with merchant

Please show:

grep -Eri 'merchant|listen|servername|serveralias|virtualhost|rewrite|redirect|known' /etc/httpd

#37

/etc/httpd/conf/magic:0 string MThd audio/unknown
/etc/httpd/conf/magic:0 string CTMF audio/unknown
/etc/httpd/conf/magic:0 string SBI audio/unknown
/etc/httpd/conf/magic:0 string Creative\ Voice\ File audio/unknown
/etc/httpd/conf/magic:# should be string instead of unknown-endian long…]
/etc/httpd/conf/magic:0 string RIFF audio/unknown
/etc/httpd/conf/magic:0 string GIF94z image/unknown
/etc/httpd/conf/magic:0 string FGF95a image/unknown
/etc/httpd/conf/magic:0 string PBF image/unknown
/etc/httpd/conf/magic:0 byte 1 video/unknown
/etc/httpd/conf/magic:0 byte 2 video/unknown
/etc/httpd/conf/httpd.conf.bak.11122017:# Listen: Allows you to bind Apache to specific IP addresses and/or
/etc/httpd/conf/httpd.conf.bak.11122017:# ports, instead of the default. See also the
/etc/httpd/conf/httpd.conf.bak.11122017:# Change this to Listen on specific IP addresses as shown below to
/etc/httpd/conf/httpd.conf.bak.11122017:#Listen 12.34.56.78:80
/etc/httpd/conf/httpd.conf.bak.11122017:Listen 80
/etc/httpd/conf/httpd.conf.bak.11122017:Listen 8080
/etc/httpd/conf/httpd.conf.bak.11122017:Listen 8081
/etc/httpd/conf/httpd.conf.bak.11122017:Listen 8082
/etc/httpd/conf/httpd.conf.bak.11122017:# definition. These values also provide defaults for
/etc/httpd/conf/httpd.conf.bak.11122017:# any containers you may define later in the file.
/etc/httpd/conf/httpd.conf.bak.11122017:# All of these directives may appear inside containers,
/etc/httpd/conf/httpd.conf.bak.11122017:# ServerName gives the name and port that the server uses to identify itself.
/etc/httpd/conf/httpd.conf.bak.11122017:#ServerName www.example.com:80
/etc/httpd/conf/httpd.conf.bak.11122017:# If you do not specify an ErrorLog directive within a
/etc/httpd/conf/httpd.conf.bak.11122017:# logged here. If you do define an error logfile for a
/etc/httpd/conf/httpd.conf.bak.11122017: # If you do not define any access logfiles within a
/etc/httpd/conf/httpd.conf.bak.11122017: # define per- access logfiles, transactions will be
/etc/httpd/conf/httpd.conf.bak.11122017: # Redirect: Allows you to tell clients about documents that used to
/etc/httpd/conf/httpd.conf.bak.11122017: # Redirect permanent /foo http://www.example.com/bar
/etc/httpd/conf/httpd.conf.bak.11122017:# 1) plain text 2) local redirects 3) external redirects
/etc/httpd/conf/httpd.conf.bak.11122017:<VirtualHost *:80>
/etc/httpd/conf/httpd.conf.bak.11122017: ServerName priceblaze.pk
/etc/httpd/conf/httpd.conf.bak.11122017: ServerAlias www.priceblaze.pk
/etc/httpd/conf/httpd.conf.bak.11122017:
/etc/httpd/conf/httpd.conf.bak.11122017:<VirtualHost *:80>
/etc/httpd/conf/httpd.conf.bak.11122017: ServerName 38.108.7.164
/etc/httpd/conf/httpd.conf.bak.11122017:
/etc/httpd/conf/httpd.conf.bak.11122017:<VirtualHost :8080>
/etc/httpd/conf/httpd.conf.bak.11122017: DocumentRoot /var/www/html/priceblazemerchant
/etc/httpd/conf/httpd.conf.bak.11122017: ServerName 38.108.7.164
/etc/httpd/conf/httpd.conf.bak.11122017: ErrorLog /var/log/httpd/pb-merchant-error.log
/etc/httpd/conf/httpd.conf.bak.11122017: CustomLog /var/log/httpd/pb-merchant-access.log combined
/etc/httpd/conf/httpd.conf.bak.11122017: <Directory “/var/www/html/priceblazemerchant”>
/etc/httpd/conf/httpd.conf.bak.11122017: Alias /static /var/www/html/priceblazemerchant/static
/etc/httpd/conf/httpd.conf.bak.11122017: <Directory /var/www/html/priceblazemerchant/static>
/etc/httpd/conf/httpd.conf.bak.11122017: #WSGIScriptAlias / /var/www/html/priceblazemerchant/merchantpanel/wsgi.py
/etc/httpd/conf/httpd.conf.bak.11122017: <Directory /var/www/html/priceblazemerchant/merchantpanel>
/etc/httpd/conf/httpd.conf.bak.11122017: WSGIDaemonProcess pbmerchant python-path=/var/www/html/priceblazemerchant:/var/www/html/priceblazeenv/lib/python2.7/site-packages
/etc/httpd/conf/httpd.conf.bak.11122017: WSGIProcessGroup pbmerchant
/etc/httpd/conf/httpd.conf.bak.11122017: WSGIScriptAlias / /var/www/html/priceblazemerchant/merchantpanel/wsgi.py
/etc/httpd/conf/httpd.conf.bak.11122017:#######################REDIRECTOR#############################
/etc/httpd/conf/httpd.conf.bak.11122017:#RewriteEngine On
/etc/httpd/conf/httpd.conf.bak.11122017:#RewriteCond %{HTTPS} off
/etc/httpd/conf/httpd.conf.bak.11122017:#RewriteRule ^(.
)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
/etc/httpd/conf/httpd.conf.bak.11122017:
/etc/httpd/conf/httpd.conf.bak.11122017:<VirtualHost *:8081>
/etc/httpd/conf/httpd.conf.bak.11122017: ServerName 38.108.7.164
/etc/httpd/conf/httpd.conf.bak.11122017:
/etc/httpd/conf/httpd.conf.bak.11122017:<VirtualHost *:8082>
/etc/httpd/conf/httpd.conf.bak.11122017: ServerName 38.108.7.164
/etc/httpd/conf/httpd.conf.bak.11122017:
/etc/httpd/conf/httpd.conf:# Listen: Allows you to bind Apache to specific IP addresses and/or
/etc/httpd/conf/httpd.conf:# ports, instead of the default. See also the
/etc/httpd/conf/httpd.conf:# Change this to Listen on specific IP addresses as shown below to
/etc/httpd/conf/httpd.conf:#Listen 12.34.56.78:80
/etc/httpd/conf/httpd.conf:Listen 80
/etc/httpd/conf/httpd.conf:Listen 8080
/etc/httpd/conf/httpd.conf:Listen 8081
/etc/httpd/conf/httpd.conf:Listen 8082
/etc/httpd/conf/httpd.conf:#Listen 443
/etc/httpd/conf/httpd.conf:# definition. These values also provide defaults for
/etc/httpd/conf/httpd.conf:# any containers you may define later in the file.
/etc/httpd/conf/httpd.conf:# All of these directives may appear inside containers,
/etc/httpd/conf/httpd.conf:# ServerName gives the name and port that the server uses to identify itself.
/etc/httpd/conf/httpd.conf:#ServerName www.example.com:80
/etc/httpd/conf/httpd.conf:# If you do not specify an ErrorLog directive within a
/etc/httpd/conf/httpd.conf:# logged here. If you do define an error logfile for a
/etc/httpd/conf/httpd.conf: # If you do not define any access logfiles within a
/etc/httpd/conf/httpd.conf: # define per- access logfiles, transactions will be
/etc/httpd/conf/httpd.conf: # Redirect: Allows you to tell clients about documents that used to
/etc/httpd/conf/httpd.conf: # Redirect permanent /foo http://www.example.com/bar
/etc/httpd/conf/httpd.conf:# 1) plain text 2) local redirects 3) external redirects
/etc/httpd/conf/httpd.conf:<VirtualHost *:80>
/etc/httpd/conf/httpd.conf: ServerName priceblaze.pk
/etc/httpd/conf/httpd.conf: ServerAlias www.priceblaze.pk
/etc/httpd/conf/httpd.conf:
/etc/httpd/conf/httpd.conf:<VirtualHost *:80>
/etc/httpd/conf/httpd.conf: ServerName 38.108.7.164
/etc/httpd/conf/httpd.conf:
/etc/httpd/conf/httpd.conf:<VirtualHost *:8080>
/etc/httpd/conf/httpd.conf: DocumentRoot /var/www/html/priceblazemerchant
/etc/httpd/conf/httpd.conf: ServerName 38.108.7.164
/etc/httpd/conf/httpd.conf: ErrorLog /var/log/httpd/pb-merchant-error.log
/etc/httpd/conf/httpd.conf: CustomLog /var/log/httpd/pb-merchant-access.log combined
/etc/httpd/conf/httpd.conf: <Directory “/var/www/html/priceblazemerchant”>
/etc/httpd/conf/httpd.conf: Alias /static /var/www/html/priceblazemerchant/static
/etc/httpd/conf/httpd.conf: <Directory /var/www/html/priceblazemerchant/static>
/etc/httpd/conf/httpd.conf: #WSGIScriptAlias / /var/www/html/priceblazemerchant/merchantpanel/wsgi.py
/etc/httpd/conf/httpd.conf: <Directory /var/www/html/priceblazemerchant/merchantpanel>
/etc/httpd/conf/httpd.conf: WSGIDaemonProcess pbmerchant python-path=/var/www/html/priceblazemerchant:/var/www/html/priceblazeenv/lib/python2.7/site-packages
/etc/httpd/conf/httpd.conf: WSGIProcessGroup pbmerchant
/etc/httpd/conf/httpd.conf: WSGIScriptAlias / /var/www/html/priceblazemerchant/merchantpanel/wsgi.py
/etc/httpd/conf/httpd.conf:SSLCertificateFile /etc/letsencrypt/live/merchant.priceblaze.pk/cert.pem
/etc/httpd/conf/httpd.conf:SSLCertificateKeyFile /etc/letsencrypt/live/merchant.priceblaze.pk/privkey.pem
/etc/httpd/conf/httpd.conf:SSLCertificateChainFile /etc/letsencrypt/live/merchant.priceblaze.pk/chain.pem
/etc/httpd/conf/httpd.conf:
/etc/httpd/conf/httpd.conf:<VirtualHost *:8081>
/etc/httpd/conf/httpd.conf: ServerName 38.108.7.164
/etc/httpd/conf/httpd.conf:
/etc/httpd/conf/httpd.conf:<VirtualHost *:8082>
/etc/httpd/conf/httpd.conf: ServerName 38.108.7.164
/etc/httpd/conf/httpd.conf:
/etc/httpd/conf/httpd.conf.bkp:# Listen: Allows you to bind Apache to specific IP addresses and/or
/etc/httpd/conf/httpd.conf.bkp:# ports, instead of the default. See also the
/etc/httpd/conf/httpd.conf.bkp:# Change this to Listen on specific IP addresses as shown below to
/etc/httpd/conf/httpd.conf.bkp:#Listen 12.34.56.78:80
/etc/httpd/conf/httpd.conf.bkp:Listen 80
/etc/httpd/conf/httpd.conf.bkp:Listen 8080
/etc/httpd/conf/httpd.conf.bkp:Listen 8081
/etc/httpd/conf/httpd.conf.bkp:Listen 8082
/etc/httpd/conf/httpd.conf.bkp:#Listen 443
/etc/httpd/conf/httpd.conf.bkp:# definition. These values also provide defaults for
/etc/httpd/conf/httpd.conf.bkp:# any containers you may define later in the file.
/etc/httpd/conf/httpd.conf.bkp:# All of these directives may appear inside containers,
/etc/httpd/conf/httpd.conf.bkp:# ServerName gives the name and port that the server uses to identify itself.
/etc/httpd/conf/httpd.conf.bkp:#ServerName www.example.com:80
/etc/httpd/conf/httpd.conf.bkp:# If you do not specify an ErrorLog directive within a
/etc/httpd/conf/httpd.conf.bkp:# logged here. If you do define an error logfile for a
/etc/httpd/conf/httpd.conf.bkp: # If you do not define any access logfiles within a
/etc/httpd/conf/httpd.conf.bkp: # define per- access logfiles, transactions will be
/etc/httpd/conf/httpd.conf.bkp: # Redirect: Allows you to tell clients about documents that used to
/etc/httpd/conf/httpd.conf.bkp: # Redirect permanent /foo http://www.example.com/bar
/etc/httpd/conf/httpd.conf.bkp:# 1) plain text 2) local redirects 3) external redirects
/etc/httpd/conf/httpd.conf.bkp:<VirtualHost *:80>
/etc/httpd/conf/httpd.conf.bkp: ServerName priceblaze.pk
/etc/httpd/conf/httpd.conf.bkp: ServerAlias www.priceblaze.pk
/etc/httpd/conf/httpd.conf.bkp:
/etc/httpd/conf/httpd.conf.bkp:<VirtualHost *:80>
/etc/httpd/conf/httpd.conf.bkp: ServerName 38.108.7.164
/etc/httpd/conf/httpd.conf.bkp:
/etc/httpd/conf/httpd.conf.bkp:<VirtualHost *:8080>
/etc/httpd/conf/httpd.conf.bkp: DocumentRoot /var/www/html/priceblazemerchant
/etc/httpd/conf/httpd.conf.bkp: ServerName 38.108.7.164
/etc/httpd/conf/httpd.conf.bkp: ErrorLog /var/log/httpd/pb-merchant-error.log
/etc/httpd/conf/httpd.conf.bkp: CustomLog /var/log/httpd/pb-merchant-access.log combined
/etc/httpd/conf/httpd.conf.bkp: <Directory “/var/www/html/priceblazemerchant”>
/etc/httpd/conf/httpd.conf.bkp: Alias /static /var/www/html/priceblazemerchant/static
/etc/httpd/conf/httpd.conf.bkp: <Directory /var/www/html/priceblazemerchant/static>
/etc/httpd/conf/httpd.conf.bkp: #WSGIScriptAlias / /var/www/html/priceblazemerchant/merchantpanel/wsgi.py
/etc/httpd/conf/httpd.conf.bkp: <Directory /var/www/html/priceblazemerchant/merchantpanel>
/etc/httpd/conf/httpd.conf.bkp: WSGIDaemonProcess pbmerchant python-path=/var/www/html/priceblazemerchant:/var/www/html/priceblazeenv/lib/python2.7/site-packages
/etc/httpd/conf/httpd.conf.bkp: WSGIProcessGroup pbmerchant
/etc/httpd/conf/httpd.conf.bkp: WSGIScriptAlias / /var/www/html/priceblazemerchant/merchantpanel/wsgi.py
/etc/httpd/conf/httpd.conf.bkp:SSLCertificateFile /etc/letsencrypt/live/merchant.priceblaze.pk/cert.pem
/etc/httpd/conf/httpd.conf.bkp:SSLCertificateKeyFile /etc/letsencrypt/live/merchant.priceblaze.pk/privkey.pem
/etc/httpd/conf/httpd.conf.bkp:SSLCertificateChainFile /etc/letsencrypt/live/merchant.priceblaze.pk/chain.pem
/etc/httpd/conf/httpd.conf.bkp:
/etc/httpd/conf/httpd.conf.bkp:<VirtualHost *:8081>
/etc/httpd/conf/httpd.conf.bkp: ServerName 38.108.7.164
/etc/httpd/conf/httpd.conf.bkp:
/etc/httpd/conf/httpd.conf.bkp:<VirtualHost :8082>
/etc/httpd/conf/httpd.conf.bkp: ServerName 38.108.7.164
/etc/httpd/conf/httpd.conf.bkp:
/etc/httpd/conf.d/autoindex.conf:DefaultIcon /icons/unknown.gif
/etc/httpd/conf.d/pagespeed.conf: # Override the mod_pagespeed ‘rewrite level’. The default level
/etc/httpd/conf.d/pagespeed.conf: # “CoreFilters” uses a set of rewrite filters that are generally
/etc/httpd/conf.d/pagespeed.conf: # directives, below. Valid values for ModPagespeedRewriteLevel are
/etc/httpd/conf.d/pagespeed.conf: ModPagespeedRewriteLevel PassThrough
/etc/httpd/conf.d/pagespeed.conf: # conjuction with ModPagespeedRewriteLevel. For instance, if one
/etc/httpd/conf.d/pagespeed.conf: # ModPagespeedDisableFilters rewrite_images
/etc/httpd/conf.d/pagespeed.conf: # conjuction with ModPagespeedRewriteLevel. For instance, filters
/etc/httpd/conf.d/pagespeed.conf: ModPagespeedEnableFilters rewrite_javascript,rewrite_css
/etc/httpd/conf.d/pagespeed.conf: ModPagespeedForbidFilters rewrite_images
/etc/httpd/conf.d/pagespeed.conf: # mod_pagespeed will wait indefinitely for the rewrite to complete before
/etc/httpd/conf.d/pagespeed.conf: # ModPagespeedRewriteDeadlinePerFlushMs 10
/etc/httpd/conf.d/pagespeed.conf: # Other domain-related directives (like ModPagespeedMapRewriteDomain
/etc/httpd/conf.d/pagespeed.conf: # careful when using them as if you rewrite domains that do not
/etc/httpd/conf.d/pagespeed.conf: # ModPagespeedImageMaxRewritesAtOnce 8
/etc/httpd/conf.d/pagespeed.conf: # “rewrite threads” are used to do short, latency-sensitive work,
/etc/httpd/conf.d/pagespeed.conf: # while “expensive rewrite threads” are used for actual optimization
/etc/httpd/conf.d/pagespeed.conf: # ModPagespeedNumRewriteThreads 4
/etc/httpd/conf.d/pagespeed.conf: # ModPagespeedNumExpensiveRewriteThreads 4
/etc/httpd/conf.d/pagespeed.conf: # Randomly drop rewrites (
) to increase the chance of optimizing
/etc/httpd/conf.d/pagespeed.conf: # ModPagespeedRewriteRandomDropPercentage 90
/etc/httpd/conf.d/pagespeed.conf: # ModPagespeedLibrary 43 1o978_K0_LNE5_ystNklf http://www.modpagespeed.com/rewrite_javascript.js
/etc/httpd/conf.d/pagespeed.conf: # Enables server-side instrumentation and statistics. If this rewriter is
/etc/httpd/conf.d/pagespeed.conf: # rewrite resources with Vary: in the header, e.g. Vary: User-Agent.
/etc/httpd/conf.d/ssl.conf:# When we also provide SSL we have to listen to the
/etc/httpd/conf.d/ssl.conf:Listen 443
/etc/httpd/conf.d/ssl.conf:<VirtualHost *:443>
/etc/httpd/conf.d/ssl.conf:#ServerName www.example.com:443
/etc/httpd/conf.d/ssl.conf:DocumentRoot “/var/www/html/priceblazemerchant”
/etc/httpd/conf.d/ssl.conf:ServerName merchant.priceblaze.pk:443
/etc/httpd/conf.d/ssl.conf:WSGIDaemonProcess PBSMerchant python-path=/var/www/html/priceblazemerchant:/var/www/html/priceblazeenv/lib/python2.7/site-packages
/etc/httpd/conf.d/ssl.conf: WSGIProcessGroup PBSMerchant
/etc/httpd/conf.d/ssl.conf: WSGIScriptAlias / /var/www/html/priceblazemerchant/merchantpanel/wsgi.py
/etc/httpd/conf.d/ssl.conf:<Directory “/var/www/html/priceblazemerchant”>
/etc/httpd/conf.d/ssl.conf:Alias /static /var/www/html/priceblazemerchant/static
/etc/httpd/conf.d/ssl.conf:<Directory /var/www/html/priceblazemerchant/static>
/etc/httpd/conf.d/ssl.conf:<Directory /var/www/html/priceblazemerchant/merchantpanel>
/etc/httpd/conf.d/ssl.conf:ServerAlias merchant.priceblaze.pk
/etc/httpd/conf.d/ssl.conf:SSLCertificateFile /etc/letsencrypt/live/merchant.priceblaze.pk/cert.pem
/etc/httpd/conf.d/ssl.conf:SSLCertificateKeyFile /etc/letsencrypt/live/merchant.priceblaze.pk/privkey.pem
/etc/httpd/conf.d/ssl.conf:SSLCertificateChainFile /etc/letsencrypt/live/merchant.priceblaze.pk/chain.pem
/etc/httpd/conf.d/ssl.conf:
/etc/httpd/conf.d/blog-priceblazepk.conf:<VirtualHost :80>
/etc/httpd/conf.d/blog-priceblazepk.conf: ServerName blog.priceblaze.pk
/etc/httpd/conf.d/blog-priceblazepk.conf: ServerAlias www.blog.priceblaze.pk
/etc/httpd/conf.d/blog-priceblazepk.conf: RewriteEngine On
/etc/httpd/conf.d/blog-priceblazepk.conf: RewriteCond %{SERVER_PORT} !443
/etc/httpd/conf.d/blog-priceblazepk.conf: RewriteRule (.
) https://%{HTTP_HOST} [R]
/etc/httpd/conf.d/blog-priceblazepk.conf:
/etc/httpd/conf.d/blog-priceblazepk.conf:<VirtualHost *:443>
/etc/httpd/conf.d/blog-priceblazepk.conf: ServerName blog.priceblaze.pk:443
/etc/httpd/conf.d/blog-priceblazepk.conf:
/etc/httpd/conf.d/pmerchant.conf:<VirtualHost :80>
/etc/httpd/conf.d/pmerchant.conf: DocumentRoot /var/www/html/priceblazemerchant
/etc/httpd/conf.d/pmerchant.conf: ServerName merchant.priceblaze.pk
/etc/httpd/conf.d/pmerchant.conf: ServerAlias www.merchant.priceblaze.pk
/etc/httpd/conf.d/pmerchant.conf: RewriteEngine Off
/etc/httpd/conf.d/pmerchant.conf: RewriteCond %{SERVER_PORT} !443
/etc/httpd/conf.d/pmerchant.conf: RewriteRule (.
) https://%{HTTP_HOST} [R]
/etc/httpd/conf.d/pmerchant.conf: ErrorLog /var/log/httpd/pb-merchant-error.log
/etc/httpd/conf.d/pmerchant.conf: CustomLog /var/log/httpd/pb-merchant-access.log combined
/etc/httpd/conf.d/pmerchant.conf: <Directory “/var/www/html/priceblazemerchant”>
/etc/httpd/conf.d/pmerchant.conf: Alias /static /var/www/html/priceblazemerchant/static
/etc/httpd/conf.d/pmerchant.conf: <Directory /var/www/html/priceblazemerchant/static>
/etc/httpd/conf.d/pmerchant.conf: <Directory /var/www/html/priceblazemerchant/merchantpanel>
/etc/httpd/conf.d/pmerchant.conf: WSGIDaemonProcess pmerchant python-path=/var/www/html/priceblazemerchant:/var/www/html/priceblazeenv/lib/python2.7/site-packages
/etc/httpd/conf.d/pmerchant.conf: WSGIProcessGroup pmerchant
/etc/httpd/conf.d/pmerchant.conf: WSGIScriptAlias / /var/www/html/priceblazemerchant/merchantpanel/wsgi.py
/etc/httpd/conf.d/pmerchant.conf:
/etc/httpd/conf.d/admin-ssl-pb.conf:<VirtualHost *:443>
/etc/httpd/conf.d/admin-ssl-pb.conf: ServerName admin.priceblaze.pk:443
/etc/httpd/conf.d/admin-ssl-pb.conf:ServerAlias admin.priceblaze.pk
/etc/httpd/conf.d/admin-ssl-pb.conf:
/etc/httpd/conf.d/priceblazelive-ssl.conf:<VirtualHost *:443>
/etc/httpd/conf.d/priceblazelive-ssl.conf: ServerName www.priceblaze.pk:443
/etc/httpd/conf.d/priceblazelive-ssl.conf:ServerAlias www.priceblaze.pk
/etc/httpd/conf.d/priceblazelive-ssl.conf:
/etc/httpd/conf.d/pblazeadmin.conf:<VirtualHost :80>
/etc/httpd/conf.d/pblazeadmin.conf: ServerName admin.priceblaze.pk
/etc/httpd/conf.d/pblazeadmin.conf: ServerAlias www.admin.priceblaze.pk
/etc/httpd/conf.d/pblazeadmin.conf: RewriteEngine On
/etc/httpd/conf.d/pblazeadmin.conf: RewriteCond %{SERVER_PORT} !443
/etc/httpd/conf.d/pblazeadmin.conf: RewriteRule (.
) https://%{HTTP_HOST} [R]
/etc/httpd/conf.d/pblazeadmin.conf:
/etc/httpd/conf.modules.d/00-base.conf:LoadModule rewrite_module modules/mod_rewrite.so


#38

OK. I think this may be causing a problem with the challenge requests for the merchant cert:

/etc/httpd/conf.d/ssl.conf: WSGIScriptAlias / /var/www/html/priceblazemerchant/merchantpanel/wsgi.py
/etc/httpd/conf.d/pmerchant.conf: WSGIScriptAlias / /var/www/html/priceblazemerchant/merchantpanel/wsgi.py

See: https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIScriptAlias.html


#39

ok i can understand . can you please let me know or give me any suggestion please guide me .


#40

Try adding:
Alias /.well-known/acme-challenge /etc/letsencrypt


#41

where i have to add this ?

Alias /.well-known/acme-challenge /etc/letsencrypt

you mean httpd.conf ?


#42

In the same two files.
Above (higher up):
WSGIScriptAlias / /var/www/html/priceblazemerchant/merchantpanel/wsgi.py


#43

First File :

WSGIDaemonProcess PBSMerchant python-path=/var/www/html/priceblazemerchant:/var/www/html/priceblazeenv/lib/python2.7/site-packages
WSGIProcessGroup PBSMerchant
WSGIScriptAlias / /var/www/html/priceblazemerchant/merchantpanel/wsgi.py
Alias /.well-known/acme-challenge /etc/letsencrypt #add this line

Second file:

WSGIDaemonProcess pmerchant python-path=/var/www/html/priceblazemerchant:/var/www/html/priceblazeenv/lib/python2.7/site-packages WSGIProcessGroup pmerchant WSGIScriptAlias / /var/www/html/priceblazemerchant/merchantpanel/wsgi.py

Alias /.well-known/acme-challenge /etc/letsencrypt

– INSERT –

you mean like this ??? looking your resposne.


#44

Yes.
Try that.


#45

Error: 2 renew failure(s), 0 parse failure(s)
2 renew failure(s), 0 parse failure(s)
[root@HMFR-4 conf.d]# certbot renew --dry-run -v --standalone --no-directory-hooks --pre-hook “systemctl stop httpd”

output below ;

File “/usr/lib/python2.7/site-packages/certbot/plugins/standalone.py”, line 78, in run
raise errors.StandaloneBindError(error, port)
StandaloneBindError: Problem binding to port 80: Could not bind to IPv4 or IPv6.

The following certs could not be renewed:
/etc/letsencrypt/live/admin.priceblaze.pk/fullchain.pem (failure)
/etc/letsencrypt/live/www.priceblaze.pk/fullchain.pem (failure)


** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

The following certs were successfully renewed:
/etc/letsencrypt/live/merchant.priceblaze.pk/fullchain.pem (success)

The following certs could not be renewed:
/etc/letsencrypt/live/admin.priceblaze.pk/fullchain.pem (failure)
/etc/letsencrypt/live/www.priceblaze.pk/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)


Running post-hook command: systemctl start httpd
Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 9, in
load_entry_point(‘certbot==0.29.1’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 1352, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 1259, in renew
renewal.handle_renewal_request(config)
File “/usr/lib/python2.7/site-packages/certbot/renewal.py”, line 457, in handle_renewal_request
len(renew_failures), len(parse_failures)))
Error: 2 renew failure(s), 0 parse failure(s)
2 renew failure(s), 0 parse failure(s)
[root@HMFR-4 conf.d]#