Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: https://www.rpgrat.org

I ran this command: sudo certbot --apache

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): isaakboes@gmail.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Account registered.
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): rpgrat.org
Requesting a certificate for rpgrat.org

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/rpgrat.org/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/rpgrat.org/privkey.pem
This certificate expires on 2024-02-04.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for rpgrat.org to /etc/apache2/sites-available/000-default-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://rpgrat.org
We were unable to subscribe you the EFF mailing list because your e-mail address appears to be invalid. You can try again later by visiting https://act.eff.org.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

My web server is (include version): Apache/2.4.52 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 22.04.3 LTS

My hosting provider, if applicable, is: self hosted, localhost

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.7.4

I had a functional Apache server running for a while, and I wanted an SSL certificate for it. I followed the instructions for installation exactly for certbot, and upon installing for rpgrat.org the website no longer loads under any circumstances. I am still able to connect by the IP and by an alias (host.rpgrat.org). While debugging I did a clean wipe and reset of both Apache and certbot, and I still cannot connect to the site at all by any means except via localhost (host.rpgrat.org is working and configured correctly, verifying that is is not a DNS or firewall issue). the necessary ports (80 and 334) are open both on the router and in the ufw, and all config files are in place and configured either as they were when the site was working or as certbot automatically configured them. If it matters, my DNS provider is godaddy and I use a DDNS running locally through their API (yeah, it's not the best solution, but it has worked well so far). I have already looked through several forum threads from here and StackOverflow, and so far I have had no luck. Any help is appreciated.

Hi @isaakboes, and welcome to the LE community forum

What shows?:
sudo apachectl -t -D DUMP_VHOSTS

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:443                  rpgrat.org (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
*:80                   127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)

The error was resolved before the wipe and reset, I'll go fix that quick

well, on fixing that I checked the apache2 config file with sudo apachectl configtest and it returned this:

AH00526: Syntax error on line 33 of /etc/apache2/sites-enabled/000-default-le-ssl.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/rpgrat.org/fullchain.pem' does not exist or is empty
Action 'configtest' failed.
The Apache error log may have more information.

That means there is no host name in the main config file.
You can set that to anything "harmless".
Like: localhost, server, vault
[anything that would never conflict with any real world name]

As for the two files in use:

We should probably have a look at what they are doing.

And also look at the output of:

certbot certificates

The main apache2 config file should be fixed, I added the line ServerName rpgrat.rpgrat.org to /etc/apache2/apache2.conf, which is how I had it set before.
The contents of

    /etc/apache2/sites-enabled/000-default-le-ssl.conf
    /etc/apache2/sites-enabled/000-default.conf

are as follows, I believe they are exactly as apache2 and certbot left them.
here's 000-default-le-ssl.conf:

<IfModule mod_ssl.c>
<VirtualHost *:443>
	# The ServerName directive sets the request scheme, hostname and port that
	# the server uses to identify itself. This is used when creating
	# redirection URLs. In the context of virtual hosts, the ServerName
	# specifies what hostname must appear in the request's Host: header to
	# match this virtual host. For the default virtual host (this file) this
	# value is not decisive as it is used as a last resort host regardless.
	# However, you must set it for any further virtual host explicitly.
	#ServerName www.example.com

	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html

	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf


ServerName rpgrat.org
SSLCertificateFile /etc/letsencrypt/live/rpgrat.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/rpgrat.org/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

and here's 000-default.conf:

<VirtualHost *:80>
	# The ServerName directive sets the request scheme, hostname and port that
	# the server uses to identify itself. This is used when creating
	# redirection URLs. In the context of virtual hosts, the ServerName
	# specifies what hostname must appear in the request's Host: header to
	# match this virtual host. For the default virtual host (this file) this
	# value is not decisive as it is used as a last resort host regardless.
	# However, you must set it for any further virtual host explicitly.
	#ServerName www.example.com

	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html

	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf
RewriteEngine on
RewriteCond %{SERVER_NAME} =rpgrat.org
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

the output of certbot certificates is

The following error was encountered:
[Errno 13] Permission denied: '/var/log/letsencrypt/.certbot.lock'
Either run as root, or set --config-dir, --work-dir, and --logs-dir to writeable paths.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/certbot-log-f55zu_42/log or re-run Certbot with -v for more details.

so I ran it with root privileges, and the output is

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: rpgrat.org
    Serial Number: 4cad3a8e50fa6a72c370c5e3cf4f67cd97f
    Key Type: ECDSA
    Domains: rpgrat.org
    Expiry Date: 2024-02-04 23:59:03+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/rpgrat.org/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/rpgrat.org/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

That name is not:

It may eventually create a problem.
You should never use a name in the main host that will [some day] be served by a vhost.

Ah, alright, I'll change it to "mainServer", thanks for the tip.

You can remove this line:

from the file:

That will force ALL names to redirect to HTTPS.
[instead of adding more and more names to that list as your vhost list grows]

OK.
So, you only have one cert:

and it only covers one name:

What other name(s) would you like to serve securely?
There are two methods to attack that problem:

• setup the HTTP site(s) first and then get the cert(s)
• get the cert(s) first and then setup the HTTPS site(s) [HTTP site not required]

The first method would allow for certbot to create the HTTPS site(s) for you automatically.
The second method would allow you to create the HTTPS site(s) yourself [manually] OR by rerunning certbot with --install [but that can be tricky - without an HTTP site].

That line is removed, but the apachectl configtest still fails with the same output.
currently, just rpgrat.org should be secure, as host.rpgrat.org is just an alias for testing purposes that I created to make sure this wasn't a DNS problem.

That is where certbot says the file should be:

What shows?:

ls -l /etc/letsencrypt/live/rpgrat.org/

I just checked

total 4
lrwxrwxrwx 1 root root  34 Nov  7 00:59 cert.pem -> ../../archive/rpgrat.org/cert1.pem
lrwxrwxrwx 1 root root  35 Nov  7 00:59 chain.pem -> ../../archive/rpgrat.org/chain1.pem
lrwxrwxrwx 1 root root  39 Nov  7 00:59 fullchain.pem -> ../../archive/rpgrat.org/fullchain1.pem
lrwxrwxrwx 1 root root  37 Nov  7 00:59 privkey.pem -> ../../archive/rpgrat.org/privkey1.pem
-rw-r--r-- 1 root root 692 Nov  7 00:59 README

What shows?:
ls -l /etc/letsencrypt/archive/rpgrat.org/

total 20
-rw-r--r-- 1 root root 1476 Nov  7 00:59 cert1.pem
-rw-r--r-- 1 root root 3749 Nov  7 00:59 chain1.pem
-rw-r--r-- 1 root root 5225 Nov  7 00:59 fullchain1.pem
-rw------- 1 root root  241 Nov  7 00:59 privkey1.pem

Are you certain you ran this with SUDO?:

Show:

sudo apachectl configtest

I thought I did, but when I ran it again it returned Sentax OK. I'm sorry for the confusion that caused!

Without sudo such things can happen - LOL / LAL [Live And Learn]

OK, back to ...