Cannot install new certificates (command not found)

So I am trying to install new certificates but the command I like to use

sudo -H /etc/letsencrypt/letsencrypt-auto --apache -d kentivo.com -d www.kentivo.com

didn’t work. It comes out with

Command not found

My domain is: kentivo.com

My web server is (include version):
Server version: Apache/2.4.7 (Ubuntu)
Server built: Mar 10 2015 13:05:59

The operating system my web server runs on is (include version):

Distributor ID: Ubuntu
Description: Ubuntu 14.04.2 LTS
Release: 14.04
Codename: trusty

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): newest version

1 Like

Does this file exist on your server? ls -al /etc/letsencrypt/letsencrypt-auto

1 Like

Hi thank you for responding!

This is the output of this

ls al /etc/letsencrypt/

output:

drwxr-xr-x 9 root root 4096 Sep 13 14:42 .
drwxr-xr-x 104 root root 4096 Sep 13 13:51 …
drwx------ 3 root root 4096 Sep 12 10:59 accounts
drwx------ 3 root root 4096 Sep 13 14:42 archive
drwxr-xr-x 2 root root 4096 Sep 13 14:42 csr
drwx------ 2 root root 4096 Sep 13 14:42 keys
drwx------ 3 root root 4096 Sep 13 14:42 live
-rw-r–r-- 1 root root 1619 Sep 12 10:59 options-ssl-apache.conf
drwxr-xr-x 2 root root 4096 Sep 13 14:42 renewal
drwxr-xr-x 5 root root 4096 Sep 12 10:59 renewal-hooks
-rw-r–r-- 1 root root 64 Sep 12 10:59 .updated-options-ssl-apache-conf-dige st.txt

1 Like

Ok, so the problem is that /etc/letsencrypt/letsencrypt-auto doesn’t exist in that location. Not a problem because that command is very old. Please follow the certbot installation instructions from https://certbot.eff.org/lets-encrypt/ubuntuother-apache.

1 Like

I urge you to strongly consider upgrading to Ubuntu 18.04 because 14.04 is now end of life.

1 Like

Great, I got some real progress now another problem has risen that I have two .conf files for beluxin.com.conf which is the main site and kentivo.com is the website below it so they should be in the same conf file. I have -two .conf files one is regular other has HTTPS Enabled
And I think that one that has HTTPS enabled doesnt have kentivo.com

Output:

We were unable to find a vhost with a ServerName or Address of www.kentivo.com.
Which virtual host would you like to choose?

Then I choose 1 which gives me this output

The selected vhost would conflict with other HTTPS VirtualHosts within Apache. Please select another vhost or add ServerNames to your configuration.
VirtualHost not able to be selected.

IMPORTANT NOTES:

  • Unable to install the certificate
  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/kentivo.com/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/kentivo.com/privkey.pem
    Your cert will expire on 2019-12-12. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot-auto
    again with the “certonly” option. To non-interactively renew all
    of your certificates, run “certbot-auto renew”
1 Like

What is the output of command sudo apache2ctl -S?

Can you post your vhost configurations too please?

1 Like

AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/plesk.conf.d/server.conf:6
VirtualHost configuration:
5.79.100.201:80 is a NameVirtualHost
default server beluxin.com (/etc/apache2/plesk.conf.d/ip_default/beluxin.com.conf:136)
port 80 namevhost beluxin.com (/etc/apache2/plesk.conf.d/ip_default/beluxin.com.conf:136)
alias www.beluxin.com
alias ipv4.beluxin.com
port 80 namevhost default (/etc/apache2/plesk.conf.d/server.conf:64)
port 80 namevhost lists (/etc/apache2/plesk.conf.d/server.conf:130)
wild alias lists.*
port 80 namevhost roundcube.webmail (/etc/apache2/plesk.conf.d/roundcube.conf:6)
alias webmail.beluxin.com
wild alias roundcube.webmail.*
5.79.100.201:443 is a NameVirtualHost
default server beluxin.com (/etc/apache2/plesk.conf.d/ip_default/beluxin.com.conf:10)
port 443 namevhost beluxin.com (/etc/apache2/plesk.conf.d/ip_default/beluxin.com.conf:10)
alias www.beluxin.com
alias ipv4.beluxin.com
alias beluxin.com
alias kentivo.com
port 443 namevhost default-5_79_100_201 (/etc/apache2/plesk.conf.d/server.conf:97)
port 443 namevhost lists (/etc/apache2/plesk.conf.d/server.conf:156)
wild alias lists.*
port 443 namevhost roundcube.webmail (/etc/apache2/plesk.conf.d/roundcube.conf:43)
alias webmail.beluxin.com
wild alias roundcube.webmail.*
*:443 www.kentivo.com (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
*:80 beluxin.com (/etc/apache2/sites-enabled/000-default.conf:1)
ServerRoot: “/etc/apache2”
Main DocumentRoot: “/var/www/vhosts/default/htdocs”
Main ErrorLog: “/var/log/apache2/error.log”
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex fcgid-proctbl: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/lock/apache2" mechanism=fcntl
Mutex mpm-accept: using_defaults
Mutex fcgid-pipe: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex watchdog-callback: using_defaults
PidFile: “/var/run/apache2/apache2.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
Define: ENABLE_USR_LIB_CGI_BIN
User: name=“www-data” id=33
Group: name=“www-data” id=33

1 Like

Fixed it, has SSL now :smiley:

Thank you very much!

2 Likes

Glad to hear it!

Best of luck out there. Remember, upgrade that server.

2 Likes

Yes so the server will be upgraded soon, we are migrating sites and stuff from it.

Can I ask you for this strange thing that is happening. Maybe its to do with WordPress or its plugin.

When you go to https://kentivo.com its great and works. But if you click on the language selector on the right and select German
you get redirected through this https://kentivo.beluxin.com/?lang=de
And you get SSL Invalid error

Any thoughts ?

1 Like

And the same instant I install a certificate for beluxin.com the kentivo.com stops working!

NET::ERR_CERT_COMMON_NAME_INVALID
Subject: beluxin.com

Issuer: Let’s Encrypt Authority X3

Expires on: Dec 12, 2019

Current date: Sep 13, 2019

PEM encoded chain:
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgISA2/LfP0ptvR5qz5W8BFxf9i7MA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTA5MTMxNDEwMTdaFw0x
OTEyMTIxNDEwMTdaMBYxFDASBgNVBAMTC2JlbHV4aW4uY29tMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAteP4Euga3svpe5o9h4BtgRw9P1Dp+panPLRT
1P0vGp9/GD4Sd0YlwkU83YXvYjWC+NJD3AGnSQwkr5wKCrg48dtn+oHu452OEI88
23c6N1zxRoyoKGI3vL/v5QzoBXykCM1Ib0gJGoksMzS1LNppyjAQqcu/3jn8uiYI
Sx6AAQFHF6D9TQsgE6dfZiUnwT4BCL3XsCKZqDLsoMfB+UdMWJ7YvHtbkic9cXkE
3x1/76ytSd/xE1nVKC+hEkwS7YJaXwX7vGIrKcaCVvod4oLj5foqrlED3wPMPqIC
gH5BZhU+OIRbUarYoxKCvUxj1xU6iSy5tP/cVAe7hDDRymA+mQIDAQABo4ICcjCC
Am4wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
AjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSEgCg3c86FQmrqeRDoXaP8AcnlKDAf
BgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEw
LgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcw
LwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcv
MCcGA1UdEQQgMB6CC2JlbHV4aW4uY29tgg93d3cuYmVsdXhpbi5jb20wTAYDVR0g
BEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0
cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEA
dwB0ftqDMa0zEJEhnM4lT0Jwwr/9XkIgCMY3NXnmEHvMVgAAAW0rLMUGAAAEAwBI
MEYCIQDEbYarPBHdzlVKHEqcJVg5It5sGXtyjYycH1CNfI84lQIhAJUOQRjp17cY
zt2ucRjstArfGz7UrHCN7pbvT6SMt9AoAHYAY/Lbzeg7zCzPC3KEJ1drM6SNYXeP
vXWmOLHHaFRL2I0AAAFtKyzFIgAABAMARzBFAiAfSQsvFtYDAyA07uy+veNP8XmT
qMyn8Nj+iu9jh9a7/QIhAMAQDSN2tlKghsQrR1ShqZCEi9HIcsMR11IoMaBmQeW9
MA0GCSqGSIb3DQEBCwUAA4IBAQCZemFfakbasvmEr+MJh08KwesXfkulXWTXGZ0G
VijT3m3+JoWZ94OjCyDM/sYyEF0T5pIlsslyoI4TMSoZ7F73VcVgjJsNy3fAEQ2q
di7v2shH248LmWx1fNSWXmB9ZvzWe7aWeIobkAYlKhXP0ZOwsCcVnwRQyxlFeDpz
lvkuUnC7HEQIn3DfZDgICdrWHZHGuT+6INWsGVia9riCRyzylYa77CHpGsO+Sn8e
wuG3euwDfT33tm7ukc/t7712oACtiVIDAytp7fwORzi0YFjRLt8+zXm/7kp2jta2
eXIxZC95EV4QYQ9IHM9Uie/imeoI7Eq3ifg+xMusi5e/2zOU
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----

1 Like

Verify the subject alternate names you’re including when issuing a certificate. Be aware that the production environment has strict rate limits and while testing you should be using the staging environment.

$ echo | openssl s_client -connect beluxin.com:443 -servername beluxin.com -verify_hostname beluxin.com 2>/dev/null | grep Verification
Verification error: Hostname mismatch

$ echo | openssl s_client -connect beluxin.com:443 -servername beluxin.com -verify_hostname beluxin.com 2>/dev/null | openssl x509 -noout -text | grep -oP '(?<=DNS:)[^,]+'
kentivo.com

$ echo | openssl s_client -connect kentivo.com:443 -servername kentivo.com -verify_hostname kentivo.com 2>/dev/null | openssl x509 -noout -text | grep -oP '(?<=DNS:)[^,]+'
kentivo.com
2 Likes