Can't Expand certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: yeshurunfarm.com

I ran this command: sudo certbot certonly --webroot -w /var/www/html -d yeshurunfarm.com -d www.yeshurunfarm.com -d mail.yeshurunfarm.com

It produced this output:

My web server is (include version): Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None


You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/www.yeshurunfarm.com.conf)

It contains these names: www.yeshurunfarm.com

You requested these names for the new certificate: yeshurunfarm.com,
www.yeshurunfarm.com, mail.yeshurunfarm.com.

Do you want to expand and replace this existing certificate with the new
certificate?


(E)xpand/(C)ancel: E
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mail.yeshurunfarm.com
http-01 challenge for yeshurunfarm.com
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification...
Challenge failed for domain mail.yeshurunfarm.com
Challenge failed for domain yeshurunfarm.com
http-01 challenge for mail.yeshurunfarm.com
http-01 challenge for yeshurunfarm.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

The operating system my web server runs on is (include version): Ubunt 22.04

My hosting provider, if applicable, is: self

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no provider

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.40.0

I have A records for the certificate I want to expand but certbot doesn't seem to recognize them. Also my web server was redirecting all traffic to https however I have it redirect all traffic except for ./well-known/ . How do I get certbot to expand on the certificate?.

Closing, I created a wildcard certificate instead.

Obtaining a wildcard cert is not a solution to:

In order to actually fix that problem, I would start with the output of:
sudo apachectl -t -D DUMP_VHOSTS

2 Likes

Everything is working, webserver and email server.

"working" doesn't equal "all problems fixed".
We see that here all the time with Apache.
But I'll let you be; As you wish.

Cheers from Miami :beers:

2 Likes