This is an automated system, recently implemented and handling hundreds of domains. The vhost had another domain (alias) which had expired and was removed. A new domain was being added, and needed to be added to the cert after being added as an alias on the vhost. We use --cert-name so we can be specific about the list of domains, which comes from a database. Certbot failed to add the http->https redirect, and I discovered that the RewriteCond directives for the old domain were still present, while those for the new domain had not been added. A manual edit solved it, but I need to be able to automate this scenario and to understand why it didn’t work.
My domain is: pjleasinguk.co.uk
I ran this command: certbot --expand --apache --redirect --non-interactive --preferred-challenges http --cert-name pjl01.clients.merrehill.co.uk -d pjl01.clients.merrehill.co.uk,c.pjl01.clients.merrehill.co.uk,www.pjl01.clients.merrehill.co.uk,pjleasinguk.co.uk,c.pjleasinguk.co.uk,www.pjleasinguk.co.uk
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Cert not yet due for renewal
Keeping the existing certificate
Deploying Certificate to VirtualHost /etc/httpd/conf/httpd-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf/httpd-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf/httpd-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf/httpd-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf/httpd-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf/httpd-le-ssl.conf
Failed redirect for pjl01.clients.merrehill.co.uk
Unable to set enhancement redirect for pjl01.clients.merrehill.co.uk
Unable to find corresponding HTTP vhost; Unable to create one as intended addresses conflict; Current configuration does not support automated redirection
IMPORTANT NOTES:
- We were unable to set up enhancement redirect for your server,
however, we successfully installed your certificate. - Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/pjl01.clients.merrehill.co.uk/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/pjl01.clients.merrehill.co.uk/privkey.pem
Your cert will expire on 2019-06-24. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the “certonly” option. To non-interactively renew all of
your certificates, run “certbot renew”
My web server is (include version): Apache/2.4.6 (CentOS)
The operating system my web server runs on is (include version): CentOS Linux release 7.6.1810 (Core)
My hosting provider, if applicable, is: N/A
I can login to a root shell on my machine: Yes
I’m using a control panel to manage my site: (partially) Virtualmin 6.06
The version of my client is: certbot 0.31.0
Additional
Corrected enhancement redirect from httpd.conf:
RewriteCond %{SERVER_NAME} =pjleasinguk.co.uk [OR]
RewriteCond %{SERVER_NAME} =www.pjleasinguk.co.uk [OR]
RewriteCond %{SERVER_NAME} =pjl01.clients.merrehill.co.uk [OR]
RewriteCond %{SERVER_NAME} =webmail.pjl01.clients.merrehill.co.uk [OR]
RewriteCond %{SERVER_NAME} =c.pjl01.clients.merrehill.co.uk [OR]
RewriteCond %{SERVER_NAME} =www.pjl01.clients.merrehill.co.uk [OR]
RewriteCond %{SERVER_NAME} =c.pjleasinguk.co.uk
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]