Can I create deleted cert again?


I can't start Apache on a LAMP stack. I get this error:

Jul 08 20:26:34 a-c-d systemd[1]: Starting The Apache HTTP Server...
Jul 08 20:26:34 a-c-d apachectl[2319]: AH00526: Syntax error on line 17 of /etc/apache2/sites-enabled/
Jul 08 20:26:34 a-c-d apachectl[2319]: SSLCertificateFile: file '/etc/letsencrypt/live/' does not exist or is empty
Jul 08 20:26:34 a-c-d apachectl[2316]: Action 'start' failed.

I did delete the cert for because I wasn't aware that I used that one for

Is there a way to renew the certificate?

My problem is that Apache is down.

sudo certbot certonly -d -d

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running apache2ctl configtest.
Action 'configtest' failed.
The Apache error log may have more information.

AH00526: Syntax error on line 17 of /etc/apache2/sites-enabled/
SSLCertificateFile: file '/etc/letsencrypt/live/' does not exist or is empty

How would you like to authenticate with the ACME CA?

1: Apache Web Server plugin (apache) [Misconfigured]
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)

Select the appropriate number [1-3] then [enter] (press 'c' to cancel):

I get the above and don't know what to do from here.


1 Like

Why does file "example1..." try to load cert for "example2..." ?
Did you change something in that config file?


It was an old mistake I made. I have multiple virtual hosts/websites on the same droplet, and by mistake, I used a cert for one domain name to another, and it worked perfectly. I just didn't know, so I deleted the certificate by mistake,

OK, Apache is up now.

I deleted the:

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/
SSLCertificateKeyFile /etc/letsencrypt/live/example2/privkey.pem

From etc/apache2/sites-enabled/

I ran this:

sudo certbot certonly -d -d

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/
Key is saved at: /etc/letsencrypt/live/
This certificate expires on 2023-10-06.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

But for some reason, it is not working, the site is just not encrypted.

You used certonly. Did you, after getting the certificate, manually install the certificate into your Apache configuration? If not, did you understand the meaning of the certonly subcommand? If not, why did you use an option you didn't understand?

1 Like

I added:

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/
SSLCertificateKeyFile /etc/letsencrypt/live/

to etc/apache2/sites-enabled/

And it is working now.

Yea, it was a mistake, I just try to fix it the best I can. But it was dumb.

What is the correct command?


1 Like

There's no good or bad command (at least if it works). It's just that when you use certonly, you'll get, well, as the command implies, only a cert. The rest (i.e., the installing part) is up to the user.


What shows?:
certbot certificates



I deleted it with "sudo certbot delete" and picked the correct number on the list.

1 Like

Basically the issue here is that certbot delete doesn't undo everything that certbot --apache does, and certbot certonly doesn't do everything that certbot --apache does.

  • certbot --apache gets the cert and adds the lines to your configuration file that you saw
  • certbot delete just deletes the certificate, but doesn't remove the edits to the configuration file
  • and certbot certonly will get the cert but not install it (in this context, not add the lines referencing it to the Apache configuration file)

So basically none of these things are exact inverses of each other (which can certainly be confusing).


Ah I see, this is good to know, thanks!


Agree. There is also certbot rollback to revert server changes.

@schoen I don't know exactly what rollback does so never suggest it. Do you have insight?


It's a somewhat unmaintained feature so I also never suggest it (but I should probably test it out sometime and see how well it actually works nowadays).


certbot certificates looks great, it doesn't show any certs not meant to be there, thanks.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.