SSL via Certbot was working on one of my domains quite well for the last two months. I decide to install on my other domain and started having problems. So I deleted those domains using Certbot -delete Things got worse. It kept redirecting from http to https. Anyway, to cut a long story short, I uninstalled Certbot and Apache stoped working. It had problems because the .conf file was referring to a letsencrypt directory and it could not find a file there. So I reinstalled Certbot and I am getting all kinds of errors and Apache is not bringing up my domains (it still redirects to https).
I got the error:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
Since this is a new install and even the old install was fairly new (i.e. after Jan 2018) I didnât think I need to update Certbot but I did it anyway, using:
Error while running apache2ctl configtest.
Action âconfigtestâ failed.
The Apache error log may have more information.
AH00526: Syntax error on line 11 of /etc/apache2/sites-enabled/podrones.com-le-ssl.conf:
SSLCertificateFile: file â/etc/letsencrypt/live/www.podrones.com/fullchain.pemâ does not exist or is empty
The apache plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError(âError while running apache2ctl configtest.\nAction âconfigtestâ failed.\nThe Apache error log may have more information.\n\nAH00526: Syntax error on line 11 of /etc/apache2/sites-enabled/podrones.com-le-ssl.conf:\nSSLCertificateFile: file â/etc/letsencrypt/live/www.podrones.com/fullchain.pemâ does not exist or is empty\nâ,)
Note that it is using a different domain from the one in the command.
Please help! Our site is down and people are upset!
P.S. I can start Apache by commenting out the line:
IncludeOptional sites-enabled/*.conf
in /etc/apache2/apache2.conf
but that still doesnât start my sites.
Thanx, but what do I do there? I tried commenting out the lines: #SSLCertificateFile /etc/letsencrypt/live/www.podrones.com/fullchain.pem #SSLCertificateKeyFile /etc/letsencrypt/live/www.podrones.com/privkey.pem
But that doesn't help
Donât delete certificates that are actively in use with certbot delete (this command does not have a way of checking whether software on your system is still using those certificates, even if Certbot was originally responsible for configuring the software to do so), and donât manually delete anything in /etc/letsencrypt. Different versions of Certbot can use the same data in /etc/letsencrypt, so if you uninstall an old version of Certbot and install a newer one, it will continue to understand the information that the previous version put there.
In general, you should only delete a certificate if that certificate was issued in error and is no longer being used at all. If you have a specific problem with your HTTPS site after running Certbot (for example, incorrect redirects or failed validation), you can ask on this forum and people can help debug itâbut deleting the certificate is probably not the solution.
Wow! You would expect certbot to at least warn you, if not prevent you from deleting if the consequences are so severe. I can understand problems created by deleting at the command prompt, but from within the certbot command it would be trivial to put in a warning.
Now, question is, how do I reconfigure my sites to have ssl? Given that some old files (such as *.conf) still exist (and some such as the *.pem files donât)
You should delete any -le-ssl.conf file in /etc/apache2/sites-available and /etc/apache2/sites-enabled if the corresponding certificate no longer exist on your system. (You can run certbot certificates to see whether any still exist.)
Then you can start from the beginning by requesting a certificate with Certbot and allowing it to create a corresponding HTTPS virtual host again.
The consequence of "automating things" is the expectation that it should be automated (fully).
Which anyone versed in this art can see that it is nearly impossible; given the number of variables and limitless (unpredictable) scenarios posed...
Still "progress is progress" and albeit slow, at times, progress is steady and moving in the right direction. [Which never comes soon enough but will eventually get here... ]
One day we will have programed things to cover all possible scenarios and completely overcome all possible doings/un-doings - but, until then, we muddle through it as best we can.
Like tiny little ants building a skyscraper... one grain of sand at a time.
Let me not underrate your work, and I want to state that I am grateful for teams like yours who are creating FOSS utilities and platforms. Keep up the good work! And thanx many times!