The operating system my web server runs on is (include version):
Ubuntu
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.21.0
I installed this wordpress Site using One Click Configuration. At that point I had to use another URL, because sv-mg.de was directing to the old site.
Then we deleted the old site and moved the new one to www.sv-mg.de.
Unfortunately I am not able to get a SSL certificat, because certbot is only offering me the old URL (www.test.schulewasmer.de). But our site is using the URL www.sv-mg.de.
Where does certbot look for the URLs? I think I changed all old URLs into the new ones. But certbot still finds only the old one.
Also, but unrelated to this problem, you are not using the latest version of certbot.
Please uninstall the apt version and follow the recommended installation instructions [via snap].
See: Certbot (eff.org)
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:80 www.test.schulewasmer.de (/etc/apache2/sites-enabled/000-default.conf:4)
In that second that I posted my data here in that thread, my Server got hacked. Right now my server uses 100% of its cpu and it looks like it is used for port scanning.
A vulnerable server should never be connected to the internet. The internet is always being scanned by IP address for vulnerabilities. Maybe posting the URL here did something to accelerate some scanner to directly scan/attack your server, but in the end every host on the internet will be scanned and/or attempted for a hack. (And your site is indexed by Google, so it's publicly known anyway.)
Wordpress itself is known for its vulnerabilities, especially in the past.
Edit: also note that some script kiddies monitor CT logs. In the past, some webbased applications would include getting a free certificate during the onboarding of said application, but at a moment when the application was still vulnerable due to it still having a default password for example. This lead to numerous "hacks". Nowadays such applications (should) have a random password I believe. Thus CT logs are another factor which attracts automated "hacks".
Also: your current certificate is only valid for the www subdomain. If you want your base domain sv-mg.de to also be valid, you should include it in your certificate (and webserver).
