Cannot renew or expand certificate


#1

Hello,

First of all I would like to thank you for your great product.
We are recently starting to encounter a problem detailed below:

My domain is:
dragnsurvey.com

I ran this command:
certbot-auto renew --dry-run

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/www.dragnsurvey.com.conf

Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.dragnsurvey.com
Cleaning up challenges
Attempting to renew cert (www.dragnsurvey.com) from /etc/letsencrypt/renewal/www.dragnsurvey.com.conf produced an unexpected error: Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80… Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.dragnsurvey.com/fullchain.pem (failure)


** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.dragnsurvey.com/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)

1 renew failure(s), 0 parse failure(s)
My web server is (include version):

The operating system my web server runs on is (include version):
apache

My hosting provider, if applicable, is:
Gandi

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

Additionnal informations:
I cannot renew my certificate anymore, it used to work flawlessly but not anymore.
My vhost are corrcetly configured and my website is available through regular http request.

running the command apachectl -S output the following:

VirtualHost configuration:
wildcard NameVirtualHosts and default servers:
*:443 is a NameVirtualHost
default server up2u (/etc/apache2/sites-enabled/default-le-ssl.conf:2)
port 443 namevhost up2u (/etc/apache2/sites-enabled/default-le-ssl.conf:2)
port 443 namevhost dragnsurvey.com (/etc/apache2/sites-enabled/dragnsurvey:2)
*:80 is a NameVirtualHost
default server www.dragnsurvey.com (/etc/apache2/sites-enabled/default-le-ssl.conf:38)
port 80 namevhost www.dragnsurvey.com (/etc/apache2/sites-enabled/default-le-ssl.conf:38)
port 80 namevhost dragnsurvey.com (/etc/apache2/sites-enabled/dragnsurvey:34)
port 80 namevhost sql.dragnsurvey.com (/etc/apache2/sites-enabled/dragnsurvey:56)
Syntax OK

We did a few change to the vhost conf because we are adding subdomain api.dragnsurvey.com.
We noticed the problem with certbot when trying to expand the domains.
Since then we have rolled back to previous configuration but trying to renew certificate is now failing.


#2

Can you show the full contents of this file?


#3

Sure thing:

Blockquote
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory “/usr/lib/cgi-bin”>
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/www.dragnsurvey.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.dragnsurvey.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/www.dragnsurvey.com/chain.pem
</VirtualHost>
</IfModule>


#4

I don’t see the virtual host listening on port 80 in that config file. You said it was line 38, but there are only 32 lines posted. Is there more to that file?


#5

Yes we did add the folowwing lines that were not in the original configuration to try to make certbot reconize the vhost.
It doesn’t work with or without those:

Blockquote
<VirtualHost *:80>
ServerAdmin contact@dragnsurvey.com
ServerName www.dragnsurvey.com
DocumentRoot /path/to/site
<Directory /path/to/site>
Order allow,deny
allow from all
</Directory>
# Les logs (historiques des IPs et des fichiers envoyés)
ErrorLog /var/log/apache2/dragnsurvey.com-error_log
TransferLog /var/log/apache2/dragnsurvey.com-access_log
</VirtualHost>


#6

I solved the issue by running /path/to/certbot-auto --apache-vhost-root=/etc/apache2/sites-available
It then detected my vhost fine again. I don’t know what caused the problem.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.