Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
heineken.etpi.com.br
I ran this command:
I ran the standard certbot commands,
certbot renew --dry-run and certbot certificates
It produced this output:
said successfully.
My web server is (include version):
apache (httpd)
The operating system my web server runs on is (include version):
centos 7
My hosting provider, if applicable, is:
No
I can login to a root shell on my machine (yes or no, or I don't know):
I believe so.
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certifiedbot 1.11.0
observation:
my domain was working on Thursday (02/08/2024), after trying to remove excess domains that I wasn't using, it stopped. 1st - When I look at the chain I see that it does not have Approved data for: " ***** " 2nd - Do you need any more specific information?
Passing arguments to httpd using apachectl is no longer supported.
You can only start/stop/restart httpd using this script.
If you want to pass extra arguments to httpd, edit the
/etc/sysconfig/httpd config file.
VirtualHost configuration:
*:80 is a NameVirtualHost
default server localhost (/etc/httpd/sites-enabled/localhost.conf:1)
port 80 namevhost localhost (/etc/httpd/sites-enabled/localhost.conf:1)
alias localhost
port 80 namevhost heineken.etpi.com.br (/etc/httpd/sites-enabled/server.conf:1)
alias heineken.etpi.com.br
*:443 heineken.etpi.com.br (/etc/httpd/sites-enabled/server.conf:8)
I don't have a backup, maybe I have the logs that are ok on the server.
On the website crt.sh | heineken.etpi.com.br it shows that I have had the domain for a while and it was working, but now it has stopped for some reason.
It was supposed to look something like this below in the image:
Can you show this file
/etc/letsencrypt/renewal/heineken.etpi.com.br.conf
PS: You need three backtick characters on their own line to preserve formatting That is just for future. We see what has gone wrong. In future, like this:
```
apache info
```
I agree you have been getting certs for a long time. And, you even got one today. But, your Apache server is not configured correctly. This is the main problem. If you don't have any backups you need to restore that VirtualHost for port 443 (HTTPS). There are many ways to do this. To do it by hand you could visit the below site for reference
I think there is also a problem with how you do the "renew" command. Although, you are getting certs so something must be working.
I say this because in your renewal conf file it says you have been using the standalone method. This requires Apache to be stopped before the renew as standalone requires exclusive use of port 80. There are better ways to do this but as long as you are getting certs your main problem is to fix your Apache config.
Regarding the Apache Server, I had made some very simple changes, nothing major and it was working... lol
I have another Apache on another server, the configuration is similar, I can make the backup and make the necessary changes. My Apache is misconfigured (or I made some change wrong and I can't find it), how do I find this possible error in Apache, do you have any tips on what to do or what commands it runs?
Another question, what command/scripts can I do to run the certificate without Apache and/or can I change port 80 so that when I run letsencrypt I use another port?
My previous post with link to the Mozilla Configurator helps with configuring Apache with the TLS/SSL certs. Whatever else you need in Apache is up to you.
Do you use Apache only for getting certs? Or do you also use it for a website or other reason?
I used it for the website, but I had stopped, but I will return soon. I had tested the website (SSL Labs Server Test) for my url but it was actually giving the TLS error. I looked at the website (Mozilla SSL Configuration Generator) and I even understood it, but I can't find where this file is (<VirtualHost *:443>) or if I have to create it (I apologize for so many questions and doubts. lol). I generated these certificates because I thought there was something wrong with letsencrypt, but I'm almost sure it's my Apache.
How do I generate/renew or create certificates:
stop httpd
certbot Certonly --expand -d heineken.etpi.com.br (saved in *.sh files, then I add more domains to my server.)
That's pretty much all I do.
There are many good ways to organize Apache config files. You should review the Apache docs or an Apache support forum for help.
But, your VirtualHost for this domain is in heineken.etpi.com.br.conf which you showed earlier. It has two VirtualHost one for port 80 and one for port 443. I recommend starting over by changing that conf file so it has just these 4 lines:
<VirtualHost *:80>
ServerName heineken.etpi.com.br
DocumentRoot /var/www/html # change to your preferred folder
</VirtualHost>
Restart Apache after changing the conf file.
Stop using that script which stops httpd and uses Certbot --expand. That makes managing certs harder.
Instead, use
certbot --apache -d heineken.etpi.com.br
If you make a new VirtualHost in the future for a different domain name you just repeat this certbot command using the -d (name) for the new domain name. This gives you a separate cert for each VirtualHost which is easier to maintain.
After some attempts and research and tips from the friend above, I made the changes and managed to solve the virtual host configuration problem. For some reason the configuration changed, as it was not necessary to inform this part of the SSL configuration in the *.conf files before. Thank you all
That is just for future. We see what has gone wrong. In future, like this: