Auto renewal ambiguity with certbot


Hello world!

Let’s Encrypt is great, worked like a charm.

The only issue is when I start the “dry” option on command for auto renewal:

certbot renew --dry-run

I got the following red error:

“Encountered vhost ambiguity but unable to ask for user guidance in non-interactive mode. Currently Certbot needs each vhost to be in its own conf file, and may need vhosts to be explicitly labelled with ServerName or ServerAlias directories.
Falling back to default vhost *:443…”

I use apache, I inserted the ServerName directory inside the conf file, each vhost is in its own conf file.

First question is: will this work anyway when the certificates will actually expire?

If not, how can I fix this error?

Thanks a lot in advance for your help!

Autorenew vhost ambiguity

This isn’t likely to renew correctly with the current config, no.

how many vhosts do you have ? if they are all similar, could you post one of your vhost files as an example. so we can see what’s wrong / missing ?


I only have 1 vhost for HTTPS and 1 vhost for HTTP in the sites-enabled folder of apache.

Let me add that after the error I posted in the previous message, the certbot gives me this output:

"Waiting for verification…
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0003_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0003_csr-certbot.pem
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/ (success)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)"

Are you sure it’s not going to work?


If you only have one domain, then falling back to the default should work fine. I had wrongly assumed with “each vhost has it’s own conf file” that you had more than one.


Thanks! I will update you in 3 months just in case it shouldn’t work.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.