Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command:
certbot --apache
It produced this output:
File:
Could not be found to be deleted /etc/apache2/apache2-le-ssl.conf - Certbot probably shut down unexpectedly
My web server is (include version):
Apache2 (latest on ubuntu 18.04)
The operating system my web server runs on is (include version):
latest Ubuntu 18.04 x64
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 0.31.0
I'm trying to use certbot to make certificates for a bunch of domains on this server... I'm not sure how to fix this.
Could you please post the full stack trace, or /var/log/letsencrypt.log log file, from an incidence of this crash?
Previous issues suggest that orphaned RewriteCond rules (that have no consuming RewriteRule) could cause this issue. However, it’s hard to tell whether that issue is related to your issue without seeing the full log of the crash.
I have to chop off the top of this log, since I'm a new user and cannot post all the URLs in the logs.
}2019-10-09 02:57:23,574:DEBUG:certbot.util:Not suggesting name "*.domain.net"
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/util.py", line 310, in get_filtered_names
filtered_names.add(enforce_le_validity(name))
File "/usr/lib/python3/dist-packages/certbot/util.py", line 526, in enforce_le_validity
"Valid characters are A-Z, a-z, 0-9, ., and -.".format(domain))
certbot.errors.ConfigurationError: *.domain.net contains an invalid character. Valid characters are A-Z, a-z, 0-9, ., and -.
This is the error - I think it has to do with me trying to use www.domain.net but also domain.net at the same time. If I tell certbot to do just one of them at a time (like domain.net) it will properly set the cert and redirect www.domain.net to domain.net, but if I go back and tell it to do www.domain.net it'll have domain.net redirect to www.domain.net. When I go to the "redirected" url, any browser I use complains that the website is not secure.
Am I doing something wrong? Is this a problem with my apache configuration?
I’m not really sure that the stack trace you posted is related to the initial error you posted about. In any case, you can copy your log somewhere like https://dpaste.de if the forum restrictions are getting in the way.
If you want to do both domains on one certificate, I would suggest:
Here’s the command followed by what I saw on screen. I’ll post the log in a sec.
root@server:/etc/apache2/sites-enabled# certbot --apache -d “domain.net” -d “www.domain.net”
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
File:
Could not be found to be deleted /etc/apache2/apache2-le-ssl.conf - Certbot probably shut down unexpectedly
An unexpected error occurred:
StopIteration
Please see the logfiles in /var/log/letsencrypt for more details.
IMPORTANT NOTES:
Unable to install the certificate
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/domain.net/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/domain.net/privkey.pem
Your cert will expire on 2020-01-07. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the “certonly” option. To non-interactively renew all of
your certificates, run “certbot renew”
That command helped a lot, and I think this was my issue. I have a lot of RewriteConds without any corresponding Rewrite rules (Ironically; the only domain with a rewritecond rule is the one that was failing and breaking my certbot). I tweaked (commented out) those, and it’s issuing certs again. Now my problem is that domain1’s cert is being returned from domain2, domain3, domain4… but I think I have to tweak my apache files for that.