Again "Unexpected error: Attempting to overwrite challenge file - /etc/httpd/conf/httpd.conf"


#1

NB: I have already found a workaround, I report my problem for documentation only, if someone occurs in similar error.

my env: centos-6, apache 2.2; apache plugin.

about the error:
renewal attempts generate “Attempting to overwrite challenge file - /etc/httpd/conf/httpd.conf” error.

The problem appeared only on latest (>0.16) versions.
If seems that it is no more possible “share” certificates between virtual domains in same web server.

In previous versions, this apache configuration didn’t generare renew errors:

SSLCertificateFile /etc/letsencrypt/live/AAA/cert.pem
,


SSLCertificateFile /etc/letsencrypt/live/AAA/cert.pem
,

in 0.19, this configuration generates “Attempting to overwrite challenge file” error.

If I define a certificate for every single virtual domain, problem disappears:

SSLCertificateFile /etc/letsencrypt/live/AAA/cert.pem ,, SSLCertificateFile /etc/letsencrypt/live/BBB/cert.pem ,,

#2

It sounds like you are trying to use the same cert for different domains/vhost configs.
If the domains names are not all included in the one cert, that can be a problem when used but should not stop the renewal process.
If all the names are in the one cert then I agree that the problem should not exist.

And yet you do have a problem.
Which goes away when you assign individual certs to each vhost domain.
hmmm…
It sounds like your client is trying to renew all your vhosts at the same time but they are actually trying to renew the same cert - all at the same time.
Try renewing just one vhost which should renew the common cert for all vhosts.
If that works, then you should look into breaking up the renewal process to each vhost.
The first would renew and the remaining related vhosts would just say “too early for renewal…”


#3

At the moment I cannot perform a complete test, because I have already splited and renewd all expiring certificates: now I have one certificate per virtualdomain.

for test:
I have just created a couple of dummy virtualdomains sharing the same certificate, an “renew --force-renew --cert-name …” runs without errors.
I need waiting 60 days for a complete test (I sould have errors for the test subdomains sharing same certificate, when automatic mass-renewal will run, and I should fix errors doing manually, single-certificate renew).

I’ll report situation in 60 days.

In all cases, splitting certificates on virtualhost basis whould be a definitive solution: it should run without errors also in automatic mass-renewal.


#4

Thank you.
We will wait for your test results :slight_smile:


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.