Broken after moving machine to another provider

RayKiddy · July 27, 2021, 7:43pm

I moved my machine from one provider to another. Is there anything I can do to get these certs back?

certbot --version

certbot 1.16.0

certbot renew

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/opencalaccess.com.conf

Certificate not yet due for renewal

Processing /etc/letsencrypt/renewal/opencalaccess.org.conf

Renewal configuration file /etc/letsencrypt/renewal/opencalaccess.org.conf is broken.
The error was: renewal config file {} is missing a required file reference
Skipping.

Processing /etc/letsencrypt/renewal/thereallewiscarroll.com.conf

Renewing an existing certificate for thereallewiscarroll.com and www.thereallewiscarroll.com

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: thereallewiscarroll.com
Type: unauthorized
Detail: Invalid response from http://thereallewiscarroll.com/.well-known/acme-challenge/m0RuaDTlIX7YspctFzdiMQkiB-RM6-7pkbtR8VbODCc [199.244.51.80]: "\n\n404 Not Found\n\n

Not Found

\n<p"

Domain: www.thereallewiscarroll.com
Type: unauthorized
Detail: Invalid response from http://www.thereallewiscarroll.com/.well-known/acme-challenge/Sm36Hg4WGvwvvmPhRiDjkq8a_el9NmoZ6g_CEEbSh_w [199.244.51.80]: "\n\n404 Not Found\n\n

Not Found

\n<p"

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Failed to renew certificate thereallewiscarroll.com with error: Some challenges have failed.

The following certificates are not due for renewal yet:
/etc/letsencrypt/live/opencalaccess.com/fullchain.pem expires on 2021-10-14 (skipped)
All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/thereallewiscarroll.com/fullchain.pem (failure)

Additionally, the following renewal configurations were invalid:
/etc/letsencrypt/renewal/opencalaccess.org.conf (parsefail)

1 renew failure(s), 1 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

rg305 · July 27, 2021, 7:53pm

Hi @RayKiddy, and welcome to the LE community forum

I can only assume that this Apache config isn't exactly the same as the one in the other system.
To unravel this problem, I'd start with:
sudo apchectl -S

RayKiddy · July 27, 2021, 8:05pm

I believe I used the certificate for opencalaccess.com to ... "certify" the opencalaccess.org and thereallewiscarroll.com domains. Does this make sense?

thereallewiscarroll.com was pointing to the old IP address. This is fixed.

Now these both worked:

$ certbot certonly --cert-path /etc/letsencrypt/renewal/opencalaccess.org.conf

$ certbot certonly --cert-path /etc/letsencrypt/renewal/opencalaccess.com.conf

But when I go to opencalaccess.org, it still says it has a bad cert. And the bad cert is for opencalaccess.com expiring July 12. But I now have renewed certs for both opencalaccess domains. So what the heck? :--)

And now:

certbot certonly --cert-path /etc/letsencrypt/renewal/thereallewiscarroll.com.conf

Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?

1: Apache Web Server plugin (apache)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)

Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 1
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): thereallewiscarroll.com
Requesting a certificate for thereallewiscarroll.com
An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see Rate Limits - Let's Encrypt
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

RayKiddy · July 27, 2021, 8:12pm

cd /etc/letsencrypt

find * -name *conf -ls

1580681 4 -rw-r--r-- 1 root root 952 May 11 13:26 options-ssl-apache.conf
1582226 0 -rw-r--r-- 1 root root 0 May 13 10:32 renewal/opencalaccess.org.conf
1583220 4 -rw-r--r-- 1 root root 544 Jul 16 16:59 renewal/opencalaccess.com.conf
1583305 4 -rw-r--r-- 1 root root 550 Jul 27 12:52 renewal/opencalaccess.org-0001.conf
1583309 4 -rw-r--r-- 1 root root 550 Jul 27 12:56 renewal/opencalaccess.com-0001.conf
1580728 4 -rw-r--r-- 1 root root 574 May 11 13:24 renewal/thereallewiscarroll.com.conf

I was able to get opencalaccess.org and com to work by selecting the -001 choice when I did a "certbot install". But there is no -001 option for thereallewiscarroll.com. Huh?

rg305 · July 27, 2021, 8:18pm

system · August 26, 2021, 8:19pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.