Apache - unable to add enhancement redirect to existing configuration

#1

This is an automated system, recently implemented and handling hundreds of domains. The vhost had another domain (alias) which had expired and was removed. A new domain was being added, and needed to be added to the cert after being added as an alias on the vhost. We use --cert-name so we can be specific about the list of domains, which comes from a database. Certbot failed to add the http->https redirect, and I discovered that the RewriteCond directives for the old domain were still present, while those for the new domain had not been added. A manual edit solved it, but I need to be able to automate this scenario and to understand why it didn’t work.

My domain is: pjleasinguk.co.uk

I ran this command: certbot --expand --apache --redirect --non-interactive --preferred-challenges http --cert-name pjl01.clients.merrehill.co.uk -d pjl01.clients.merrehill.co.uk,c.pjl01.clients.merrehill.co.uk,www.pjl01.clients.merrehill.co.uk,pjleasinguk.co.uk,c.pjleasinguk.co.uk,www.pjleasinguk.co.uk

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Cert not yet due for renewal
Keeping the existing certificate
Deploying Certificate to VirtualHost /etc/httpd/conf/httpd-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf/httpd-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf/httpd-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf/httpd-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf/httpd-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf/httpd-le-ssl.conf
Failed redirect for pjl01.clients.merrehill.co.uk
Unable to set enhancement redirect for pjl01.clients.merrehill.co.uk
Unable to find corresponding HTTP vhost; Unable to create one as intended addresses conflict; Current configuration does not support automated redirection
IMPORTANT NOTES:

  • We were unable to set up enhancement redirect for your server,
    however, we successfully installed your certificate.
  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/pjl01.clients.merrehill.co.uk/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/pjl01.clients.merrehill.co.uk/privkey.pem
    Your cert will expire on 2019-06-24. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot again
    with the “certonly” option. To non-interactively renew all of
    your certificates, run “certbot renew”

My web server is (include version): Apache/2.4.6 (CentOS)

The operating system my web server runs on is (include version): CentOS Linux release 7.6.1810 (Core)

My hosting provider, if applicable, is: N/A

I can login to a root shell on my machine: Yes

I’m using a control panel to manage my site: (partially) Virtualmin 6.06

The version of my client is: certbot 0.31.0

Additional
Corrected enhancement redirect from httpd.conf:
RewriteCond %{SERVER_NAME} =pjleasinguk.co.uk [OR]
RewriteCond %{SERVER_NAME} =www.pjleasinguk.co.uk [OR]
RewriteCond %{SERVER_NAME} =pjl01.clients.merrehill.co.uk [OR]
RewriteCond %{SERVER_NAME} =webmail.pjl01.clients.merrehill.co.uk [OR]
RewriteCond %{SERVER_NAME} =c.pjl01.clients.merrehill.co.uk [OR]
RewriteCond %{SERVER_NAME} =www.pjl01.clients.merrehill.co.uk [OR]
RewriteCond %{SERVER_NAME} =c.pjleasinguk.co.uk
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]