total 120
drwxr-xr-x 9 root root 4096 Feb 21 17:16 .
drwxr-xr-x 106 root root 4096 Feb 21 17:01 ..
drwx------ 4 root root 4096 Apr 13 2020 accounts
drwx------ 3 root root 4096 Feb 12 2020 archive
-rwxrwxr-x 1 kbaistrocchi kbaistrocchi 79897 Jun 6 2020 certbot-auto
-rw-r--r-- 1 root root 121 Feb 10 2019 cli.ini
drwxr-xr-x 2 root root 4096 Feb 21 05:14 csr
drwx------ 2 root root 4096 Feb 21 05:14 keys
drwx------ 3 root root 4096 Feb 12 2020 live
drwxr-xr-x 2 root root 4096 Dec 20 21:37 renewal
drwxr-xr-x 5 root root 4096 Jan 29 2020 renewal-hooks
/etc/letsencrypt/accounts:
total 16
drwx------ 4 root root 4096 Apr 13 2020 .
drwxr-xr-x 9 root root 4096 Feb 21 17:16 ..
drwx------ 3 root root 4096 Apr 13 2020 acme-staging-v02.api.letsencrypt.org
drwx------ 3 root root 4096 Feb 12 2020 acme-v02.api.letsencrypt.org
/etc/letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org:
total 12
drwx------ 3 root root 4096 Apr 13 2020 .
drwx------ 4 root root 4096 Apr 13 2020 ..
drwx------ 3 root root 4096 Apr 13 2020 directory
/etc/letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org/directory:
total 12
drwx------ 3 root root 4096 Apr 13 2020 .
drwx------ 3 root root 4096 Apr 13 2020 ..
drwx------ 2 root root 4096 Apr 13 2020 d916e62ed3a3f75e3c4177fe2a4f1294
/etc/letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org/directory/d916e62ed3a3f75e3c4177fe2a4f1294:
total 20
drwx------ 2 root root 4096 Apr 13 2020 .
drwx------ 3 root root 4096 Apr 13 2020 ..
-rw-r--r-- 1 root root 69 Apr 13 2020 meta.json
-r-------- 1 root root 1632 Apr 13 2020 private_key.json
-rw-r--r-- 1 root root 86 Apr 13 2020 regr.json
/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org:
total 12
drwx------ 3 root root 4096 Feb 12 2020 .
drwx------ 4 root root 4096 Apr 13 2020 ..
drwx------ 3 root root 4096 Feb 12 2020 directory
/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory:
total 12
drwx------ 3 root root 4096 Feb 12 2020 .
drwx------ 3 root root 4096 Feb 12 2020 ..
drwx------ 2 root root 4096 Feb 12 2020 1812750b834e59f2737f09ac1728fe0d
/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/1812750b834e59f2737f09ac1728fe0d:
total 20
drwx------ 2 root root 4096 Feb 12 2020 .
drwx------ 3 root root 4096 Feb 12 2020 ..
-rw-r--r-- 1 root root 69 Feb 12 2020 meta.json
-r-------- 1 root root 1632 Feb 12 2020 private_key.json
-rw-r--r-- 1 root root 78 Feb 12 2020 regr.json
/etc/letsencrypt/archive:
total 12
drwx------ 3 root root 4096 Feb 12 2020 .
drwxr-xr-x 9 root root 4096 Feb 21 17:16 ..
drwxr-xr-x 2 root root 4096 Dec 20 21:37 vestasit.com
etc/letsencrypt/archive/vestasit.com:
total 152
drwxr-xr-x 2 root root 4096 Dec 20 21:37 .
drwx------ 3 root root 4096 Feb 12 2020 ..
-rw-r--r-- 1 root root 1903 Feb 12 2020 cert1.pem
-rw-r--r-- 1 root root 1931 Feb 12 2020 cert2.pem
-rw-r--r-- 1 root root 1927 Apr 18 2020 cert3.pem
-rw-r--r-- 1 root root 1927 Apr 19 2020 cert4.pem
-rw-r--r-- 1 root root 1927 Jun 19 2020 cert5.pem
-rw-r--r-- 1 root root 1927 Aug 18 2020 cert6.pem
-rw-r--r-- 1 root root 1927 Oct 17 08:44 cert7.pem
-rw-r--r-- 1 root root 1858 Dec 16 10:09 cert8.pem
-rw-r--r-- 1 root root 1858 Dec 20 21:37 cert9.pem
-rw-r--r-- 1 root root 1647 Feb 12 2020 chain1.pem
-rw-r--r-- 1 root root 1647 Feb 12 2020 chain2.pem
-rw-r--r-- 1 root root 1647 Apr 18 2020 chain3.pem
-rw-r--r-- 1 root root 1647 Apr 19 2020 chain4.pem
-rw-r--r-- 1 root root 1647 Jun 19 2020 chain5.pem
-rw-r--r-- 1 root root 1647 Aug 18 2020 chain6.pem
-rw-r--r-- 1 root root 1647 Oct 17 08:44 chain7.pem
-rw-r--r-- 1 root root 1586 Dec 16 10:09 chain8.pem
-rw-r--r-- 1 root root 1586 Dec 20 21:37 chain9.pem
-rw-r--r-- 1 root root 3550 Feb 12 2020 fullchain1.pem
-rw-r--r-- 1 root root 3578 Feb 12 2020 fullchain2.pem
-rw-r--r-- 1 root root 3574 Apr 18 2020 fullchain3.pem
-rw-r--r-- 1 root root 3574 Apr 19 2020 fullchain4.pem
-rw-r--r-- 1 root root 3574 Jun 19 2020 fullchain5.pem
-rw-r--r-- 1 root root 3574 Aug 18 2020 fullchain6.pem
-rw-r--r-- 1 root root 3574 Oct 17 08:44 fullchain7.pem
-rw-r--r-- 1 root root 3444 Dec 16 10:09 fullchain8.pem
-rw-r--r-- 1 root root 3444 Dec 20 21:37 fullchain9.pem
-rw------- 1 root root 1708 Feb 12 2020 privkey1.pem
-rw------- 1 root root 1704 Feb 12 2020 privkey2.pem
-rw------- 1 root root 1708 Apr 18 2020 privkey3.pem
-rw------- 1 root root 1708 Apr 19 2020 privkey4.pem
-rw------- 1 root root 1704 Jun 19 2020 privkey5.pem
-rw------- 1 root root 1704 Aug 18 2020 privkey6.pem
-rw------- 1 root root 1704 Oct 17 08:44 privkey7.pem
-rw------- 1 root root 1704 Dec 16 10:09 privkey8.pem
-rw------- 1 root root 1704 Dec 20 21:37 privkey9.pem
/etc/letsencrypt/csr:
total 104
drwxr-xr-x 2 root root 4096 Feb 21 05:14 .
drwxr-xr-x 9 root root 4096 Feb 21 17:16 ..
-rw-r--r-- 1 root root 920 Feb 12 2020 0000_csr-certbot.pem
-rw-r--r-- 1 root root 944 Feb 12 2020 0001_csr-certbot.pem
-rw-r--r-- 1 root root 944 Apr 13 2020 0002_csr-certbot.pem
-rw-r--r-- 1 root root 944 Apr 13 2020 0003_csr-certbot.pem
-rw-r--r-- 1 root root 944 Apr 14 2020 0004_csr-certbot.pem
-rw-r--r-- 1 root root 944 Apr 14 2020 0005_csr-certbot.pem
-rw-r--r-- 1 root root 944 Apr 15 2020 0006_csr-certbot.pem
-rw-r--r-- 1 root root 944 Apr 15 2020 0007_csr-certbot.pem
-rw-r--r-- 1 root root 944 Apr 16 2020 0008_csr-certbot.pem
-rw-r--r-- 1 root root 944 Apr 16 2020 0009_csr-certbot.pem
-rw-r--r-- 1 root root 944 Apr 17 2020 0010_csr-certbot.pem
-rw-r--r-- 1 root root 944 Apr 17 2020 0011_csr-certbot.pem
-rw-r--r-- 1 root root 944 Apr 18 2020 0012_csr-certbot.pem
-rw-r--r-- 1 root root 944 Apr 19 2020 0013_csr-certbot.pem
-rw-r--r-- 1 root root 944 Jun 19 2020 0014_csr-certbot.pem
-rw-r--r-- 1 root root 944 Aug 18 2020 0015_csr-certbot.pem
-rw-r--r-- 1 root root 944 Oct 17 08:44 0016_csr-certbot.pem
-rw-r--r-- 1 root root 944 Dec 16 10:09 0017_csr-certbot.pem
-rw-r--r-- 1 root root 944 Dec 20 21:37 0018_csr-certbot.pem
-rw-r--r-- 1 root root 944 Feb 19 04:19 0019_csr-certbot.pem
-rw-r--r-- 1 root root 944 Feb 19 15:56 0020_csr-certbot.pem
-rw-r--r-- 1 root root 944 Feb 20 03:16 0021_csr-certbot.pem
-rw-r--r-- 1 root root 944 Feb 20 23:00 0022_csr-certbot.pem
-rw-r--r-- 1 root root 944 Feb 21 05:14 0023_csr-certbot.pem
/etc/letsencrypt/keys:
total 104
drwx------ 2 root root 4096 Feb 21 05:14 .
drwxr-xr-x 9 root root 4096 Feb 21 17:16 ..
-rw------- 1 root root 1708 Feb 12 2020 0000_key-certbot.pem
-rw------- 1 root root 1704 Feb 12 2020 0001_key-certbot.pem
-rw------- 1 root root 1704 Apr 13 2020 0002_key-certbot.pem
-rw------- 1 root root 1708 Apr 13 2020 0003_key-certbot.pem
-rw------- 1 root root 1704 Apr 14 2020 0004_key-certbot.pem
-rw------- 1 root root 1704 Apr 14 2020 0005_key-certbot.pem
-rw------- 1 root root 1704 Apr 15 2020 0006_key-certbot.pem
-rw------- 1 root root 1708 Apr 15 2020 0007_key-certbot.pem
-rw------- 1 root root 1704 Apr 16 2020 0008_key-certbot.pem
-rw------- 1 root root 1708 Apr 16 2020 0009_key-certbot.pem
-rw------- 1 root root 1708 Apr 17 2020 0010_key-certbot.pem
-rw------- 1 root root 1704 Apr 17 2020 0011_key-certbot.pem
-rw------- 1 root root 1708 Apr 18 2020 0012_key-certbot.pem
-rw------- 1 root root 1708 Apr 19 2020 0013_key-certbot.pem
-rw------- 1 root root 1704 Jun 19 2020 0014_key-certbot.pem
-rw------- 1 root root 1704 Aug 18 2020 0015_key-certbot.pem
-rw------- 1 root root 1704 Oct 17 08:44 0016_key-certbot.pem
-rw------- 1 root root 1704 Dec 16 10:09 0017_key-certbot.pem
-rw------- 1 root root 1704 Dec 20 21:37 0018_key-certbot.pem
-rw------- 1 root root 1704 Feb 19 04:19 0019_key-certbot.pem
-rw------- 1 root root 1704 Feb 19 15:56 0020_key-certbot.pem
-rw------- 1 root root 1700 Feb 20 03:16 0021_key-certbot.pem
-rw------- 1 root root 1704 Feb 20 23:00 0022_key-certbot.pem
-rw------- 1 root root 1704 Feb 21 05:14 0023_key-certbot.pem
/etc/letsencrypt/live:
total 16
drwx------ 3 root root 4096 Feb 12 2020 .
drwxr-xr-x 9 root root 4096 Feb 21 17:16 ..
-rw-r--r-- 1 root root 740 Feb 12 2020 README
drwxr-xr-x 2 root root 4096 Dec 20 21:37 vestasit.com
/etc/letsencrypt/live/vestasit.com:
total 12
drwxr-xr-x 2 root root 4096 Dec 20 21:37 .
drwx------ 3 root root 4096 Feb 12 2020 ..
-rw-r--r-- 1 root root 692 Feb 12 2020 README
lrwxrwxrwx 1 root root 36 Dec 20 21:37 cert.pem -> ../../archive/vestasit.com/cert9.pem
lrwxrwxrwx 1 root root 37 Dec 20 21:37 chain.pem -> ../../archive/vestasit.com/chain9.pem
lrwxrwxrwx 1 root root 41 Dec 20 21:37 fullchain.pem -> ../../archive/vestasit.com/fullchain9.pem
lrwxrwxrwx 1 root root 39 Dec 20 21:37 privkey.pem -> ../../archive/vestasit.com/privkey9.pem
/etc/letsencrypt/renewal:
total 12
drwxr-xr-x 2 root root 4096 Dec 20 21:37 .
drwxr-xr-x 9 root root 4096 Feb 21 17:16 ..
-rw-r--r-- 1 root root 596 Dec 20 21:37 vestasit.com.conf
/etc/letsencrypt/renewal-hooks:
total 20
drwxr-xr-x 5 root root 4096 Jan 29 2020 .
drwxr-xr-x 9 root root 4096 Feb 21 17:16 ..
drwxr-xr-x 2 root root 4096 Jan 29 2020 deploy
drwxr-xr-x 2 root root 4096 Jan 29 2020 post
drwxr-xr-x 2 root root 4096 Jan 29 2020 pre
/etc/letsencrypt/renewal-hooks/deploy:
total 8
drwxr-xr-x 2 root root 4096 Jan 29 2020 .
drwxr-xr-x 5 root root 4096 Jan 29 2020 ..
/etc/letsencrypt/renewal-hooks/post:
total 8
drwxr-xr-x 2 root root 4096 Jan 29 2020 .
drwxr-xr-x 5 root root 4096 Jan 29 2020 ..
/etc/letsencrypt/renewal-hooks/pre:
total 8
drwxr-xr-x 2 root root 4096 Jan 29 2020 .
drwxr-xr-x 5 root root 4096 Jan 29 2020 ..
Is it possible that I'm just missing the '/' at the end of the webroot path?
webroot_path = /var/www/html,
Shouldn't matter. Certbot wasn't even seeing the webroot path for some reason.
Your files appear fine. Strange indeed. Let's test another way...
sudo certbot certonly --webroot -w /var/www/html -d "vestasit.com,www.vestasit.com" --deploy-hook "/usr/local/lsws/bin/lswsctrl reload" --dry-run
Could this error be due to the bug mentioned in Certbot drops webroot options from renewal configuration file · Issue #7048 · certbot/certbot · GitHub ?
The bug does mention authz reuse, which might be the previous time you strugled with certbot earlier in this thread.
I think it's because it's missing the webroot_map
entries.
vestasit.com" --deploy-hook "/usr/local/lsws/bin/lswsctrl reload" --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for vestasit.com
http-01 challenge for www.vestasit.com
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
An unexpected error occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 387, in _make_request
six.raise_from(e, None)
File "", line 3, in raise_from
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 383, in _make_request
httplib_response = conn.getresponse()
File "/usr/lib/python3.6/http/client.py", line 1373, in getresponse
response.begin()
File "/usr/lib/python3.6/http/client.py", line 311, in begin
version, status, reason = self._read_status()
File "/usr/lib/python3.6/http/client.py", line 272, in _read_status
line = str(self.fp.readline(_MAXLINE + 1), "iso-8859-1")
File "/usr/lib/python3.6/socket.py", line 586, in readinto
return self._sock.recv_into(b)
File "/usr/lib/python3.6/ssl.py", line 1012, in recv_into
return self.read(nbytes, buffer)
File "/usr/lib/python3.6/ssl.py", line 874, in read
return self._sslobj.read(len, buffer)
File "/usr/lib/python3.6/ssl.py", line 631, in read
v = self._sslobj.read(len, buffer)
socket.timeout: The read operation timed out
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 440, in send
timeout=timeout
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 639, in urlopen
_stacktrace=sys.exc_info()[2])
File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 367, in increment
raise six.reraise(type(error), error, _stacktrace)
File "/usr/lib/python3/dist-packages/six.py", line 693, in reraise
raise value
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 601, in urlopen
chunked=chunked)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 389, in _make_request
self._raise_timeout(err=e, url=url, timeout_value=read_timeout)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 309, in _raise_timeout
raise ReadTimeoutError(self, url, "Read timed out. (read timeout=%s)" % timeout_value)
urllib3.exceptions.ReadTimeoutError: HTTPSConnectionPool(host='acme-staging-v02.api.letsencrypt.org', port=443): Re
ad timed out. (read timeout=45)
During handling of the above exception, another exception occurred:
requests.exceptions.ReadTimeout: HTTPSConnectionPool(host='acme-staging-v02.api.letsencrypt.org', port=443): Read t
imed out. (read timeout=45)
Please see the logfiles in /var/log/letsencrypt for more details.
Doh...
I've just posted an inquiry for that error:
I was just reading another thread about adding a webroot_map
but I'm not sure how to go about doing that.
I was looking at this thread: Auto renewal started failing with error - Missing command line flag or config entry for this setting
I don't know a lot about this stuff so I'm reluctant to start messing around in case I break something.
Just hold tight for now. I want to see the error you just got addressed first.
Hm, I've replicated your renewal configuration file and my certbot 1.11.0 is handeling that nicely. Although it seems to hang at "Waiting for verification", as staging is down for me.. now
In any case, the missing webroot_map is with my version not an issue, as it still has the default webroot_path, which is used.
Is it down, again?
I'm getting a read timeout from staging, yes.
In the meantime...
Can we have a look at the output of?:
apachectl -S
Staging server flakiness has been addressed by the Let's Encrypt staff. Please try this again when you can and report back to us:
sudo certbot certonly --webroot -w /var/www/html -d "vestasit.com,www.vestasit.com" --deploy-hook "/usr/local/lsws/bin/lswsctrl reload" --dry-run
input:
apachectl -S
output:
Command 'apachectl' not found, but can be installed with:
apt install apache2
Please ask your administrator.
input:
sudo certbot certonly --webroot -w /var/www/html -d "vestasit.com,www.vestasit.com" --deploy-hook "/usr/local/lsws/bin/lswsctrl reload" --dry-run
output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Dry run: skipping deploy hook command: /usr/local/lsws/bin/lswsctrl reload
IMPORTANT NOTES:
- The dry run was successful.
It seems that LiteSpeed is not Apache - LOL
Now that the --dry-run
worked, just remove "--dry-run
" from that last command and get a real cert.
But shouldn't it be doing this automatically? I thought it was checking twice a day to see if certificates were within 30 days of expiration and if so they would auto-renew. Why is it not renewing automatically?
Did the renewal look like this?:
[probably not (exactly)]
If you can renew it now that way, it will remember those details for the next renewal.
So please try:
[and show the resulting output]