Adding domains to and deleting domains from existing certificate

I appreciate all that! I am only doing what you ask.

Back to the process. Here's the change:

<VirtualHost *:443>
    ServerAdmin ken.gorman@me.com
    ServerName sme62.org
    ServerAlias www.sme62.org
    DocumentRoot /srv/www/sme62.org/public_html/
    ErrorLog /srv/www/sme62.org/logs/error.log
    CustomLog /srv/www/sme62.org/logs/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/enfeedia.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/enfeedia.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/enfeedia.com/chain.pem
</VirtualHost>

I restarted Apache (CentOS 7) using sudo systemctl restart httpd.service

Better formatting:

    ServerAdmin ken.gorman@me.com
    ServerName sme62.org
    ServerAlias www.sme62.org
    DocumentRoot /srv/www/sme62.org/public_html/
    ErrorLog /srv/www/sme62.org/logs/error.log
    CustomLog /srv/www/sme62.org/logs/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/enfeedia.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/enfeedia.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/enfeedia.com/chain.pem

Good. That SSL Test site shows you are sending out the same cert now for all your domains.

We can now delete those stray certs you no longer use.

sudo certbot delete --cert-name sme62.org
sudo certbot delete --cert-name www.sme62.org

After that, test your remaining cert renewal with

sudo certbot renew --dry-run

Let us know what happens for that renew --dry-run

Looks great...

Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
Simulating renewal of an existing certificate for enfeedia.com and 13 more domains
Performing the following challenges:
http-01 challenge for enfeedia.com
http-01 challenge for keligo.com
http-01 challenge for llgorman.com
http-01 challenge for packetstacks.com
http-01 challenge for saddlebrookeranch.org
http-01 challenge for sme62.org
http-01 challenge for storiesofpetsbypetsforpets.com
http-01 challenge for www.enfeedia.com
http-01 challenge for www.keligo.com
http-01 challenge for www.llgorman.com
http-01 challenge for www.packetstacks.com
http-01 challenge for www.saddlebrookeranch.org
http-01 challenge for www.sme62.org
http-01 challenge for www.storiesofpetsbypetsforpets.com
Waiting for verification...
Cleaning up challenges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/enfeedia.com/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all simulated renewals succeeded: 
  /etc/letsencrypt/live/enfeedia.com/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

So that's it, case closed I presume.

I can't thank you enough, don't know what I would have done if I hadn't gotten your help. Sorry for the misunderstanding earlier, I was musing out of frustration when I should have been more focusing.

Again, thank you.

Me again, This should be simple, thought I'm skittish -- as you can tell. I'm asking that this action on my part be reviewed, to achieve the following result:

I want to create a new certificate for a new domain. Totally independent of the current certificate. New domain is womenofaction.club. Want the www subdomain version as well.

Because certbot is installed, or more broadly I should say, that everything is in place due to having gotten the first certificate, all I need to do is the following to get a new cert for a new domain (copied from an article titled "Use Certbot on CentOS 7":

sudo certbot --apache

I will be asked which names I would like to activate HTTPS for, in a list, and among the entries in the list, I should find these (not necessarily with those line numbers):

1. womenofaction.com
2. www.womenofaction.com

(Not having done this yet, I'm curious whether it's a zero entry list and I type those entries, or if it includes all domains I own, which would make sense).

Then I would be told to select the appropriate numbers separated by comma and/or spaces. I presume I do a Return key to signal I'm done with making my list. Or whatever, should be obvious.

I understand that certbot will ask if I want to automatically redirect http to https traffic. I do want that.

And when the tool completes, certbot will store generated keys and the issued certificate in /etc/letsencrypt/live/womenofaction.club directory.

And finally, the instructions I'm reading say certbot will update my web server configuration so that it uses the new certificate, and redirect http to https.

I think that's the whole story. Uh, should I reboot the server? Not a problem for me.

I so much appreciate your time and your expertise to review this, to prevent me falling into a hole.

TYPO: .club should be .com [as per the lines above]

Only the web service would need to restart/reload.
[but a full reboot will definitely include that]

None that I can see

Hmmm. I see what might be a problem.

The womenofaction.com redirects to www.woa.tv. Fine. But, don't you want certs for woa.tv and its www domain then too?

If womenofaction.club is yours it is redirecting to saddlebrookranch.org. You may not yet have a viable HTTP site for this club domain. That is always first step for HTTP Challenge.

First, my bonehead mistake, it is .club . But I'm guessing that the .club sites will be presented to select.

Mike, early this morning I learned that when I uncomment the vhost settings for womenofaction, none of my site would open. I critically examined the settings (albeit around 2am) and did not see anything wrong. It's redirecting to saddlebrookeranch.org because, I take it, it's the first in the list of vhost settings and with womenofaction.club commnted out, it doesn't "exist".

So now, I think I just have to find out why activating womenofaction.club kills everything. I will work on that, of course.

I'm very hopeful, given the feedback here, that once I get the womenofaction.club vhost settings working, there will be nothing else to do. I don't recall any other configuration files I need to mess with.

BTW, here's my DNS settings for womenofaction.club:

Type

Name

Data

TTL

Delete
Edit

A	@	45.56.67.89	600 seconds		

A	alpha	45.56.67.89	600 seconds		

NS	@	pdns07.domaincontrol.com.	1 Hour	
Can't delete
Can't edit

NS	@	pdns08.domaincontrol.com.	1 Hour	
Can't delete
Can't edit

CNAME	*	womenofaction.club.	1 Hour		

CNAME	ftp	womenofaction.club.	1 Hour		

CNAME	www	womenofaction.club.	1 Hour		

CNAME	_domainconnect	_domainconnect.gd.domaincontrol.com.	1 Hour		

SOA	@	Primary nameserver: pdns07.domaincontrol.com.	1 Hour		

There is information missing from that post.
Can you show a picture of it?

And here's that commented-out vhost code for womenofaction.club:

#<VirtualHost *:80>
#    ServerAdmin ken.gorman@me.com
#    ServerName womenofaction.club
#    ServerAlias www.womenofaction.club
#    DocumentRoot /srv/www/womenofaction.club/public_html/
#    ErrorLog /srv/www/womenofaction.club/logs/error.log
#    CustomLog /srv/www/womenofaction.club/logs/access.log combined
#    RewriteEngine on
#RewriteCond %{SERVER_NAME} =womenofaction.club [OR]
#RewriteCond %{SERVER_NAME} =www.womenofaction.club
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

Where is the ending?:
#</VirtualHost>

rg305 -- it looks like our posts passed each other. See my post immediately above yours for full DNS settings. I think that's what you are asking for.

It's there

#</VirtualHost> 

my copying expertise was one line short.

WHOA -- it's not there!!!!

THANKS!

Ahhh.

#<VirtualHost *:80>
#    ServerAdmin ken.gorman@me.com
#    ServerName womenofaction.club
#    ServerAlias www.womenofaction.club
#    DocumentRoot /srv/www/womenofaction.club/public_html/
#    ErrorLog /srv/www/womenofaction.club/logs/error.log
#    CustomLog /srv/www/womenofaction.club/logs/access.log combined
#    RewriteEngine on
#RewriteCond %{SERVER_NAME} =womenofaction.club [OR]
#RewriteCond %{SERVER_NAME} =www.womenofaction.club
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
#</VirtualHost>

Now will uncomment and move forward.

Sadly, when I activate the now-correct VirtualHost entries for womenofaction.club (to be clear, I mean uncommenting the lines you see in my previous post), none of my websites come up.

The womenofaction.club is a new domain I'm adding to my supported domains, so I can only conclude there's something not set up correctly, sufficiently ugly to undermine all my domains. (I will try defeating the two log lines and RewriteEngine lines to see what happens.)

This is not a certbot/certificate issue, so I don't expect advice from this community (but of course hugely appreciate ideas here and pointing out errors!). I will pursue this in some other way, and let you know what I find, to get closure on this issue.

FWIW, FYI, I maintain a complete server backup (my hosting service is Linode) of the working configuration, such that when I introduce womenofaction.club into the mix and it fails, I can restore the working configuration in under 4 minutes.

My process, when I try a fix, is:

(1) do a snapshot backup of the entire server that does not include womenofaction.club, i.e. the working configuration (3 minutes),

(2) introduce a trial fix into the DNS settings (there are not yet DKIM or SPF settings but I don't believe those anti-hack security measures could have the effect I'm experiencing), or any other changes I can imagine,

(3), see what happens (I'm used to failure),

(4) repeat trial fixes and test perhaps for 10 minutes,

(5) come to the conclusion I need to restore the backup because I'm potentially affecting customers and need to do more thinking (I say 'potentially' because I do this stuff at terrible hours when no human should be up),

(6) restore the server to reinstate the working configuration (3 minutes), and

(7) verify all is running, of course without womenofaction.club.

(8) go back to the drawing board, like checking DNS settings for womenofaction.club yet again, including comparing to settings for working domains) and investigating whatever else I can think of.

So, even after adding the missing line, the system still won't serve that domain and it breaks others?

Correct, neither serve that domain and breaks others. Until I get this fixed, the only way to serve the "good" domains is to keep the new one out of the action.

Can you show the entire file that has those commented lines?