Certbot fails redirect to https

My domain is: sultandonerkebab.com

I ran this command: certbot --apache -d sultandonerkebab.com -d www.sultandonerkebab.com

Outputs:-

Plugins selected: Authenticator apache, Installer apache
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/sultandonerkebab.com.conf)

What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Keeping the existing certificate
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/donerkebab-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/donerkebab-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Failed redirect for sultandonerkebab.com
Unable to set enhancement redirect for sultandonerkebab.com
Unable to find corresponding HTTP vhost; Unable to create one as intended addresses conflict; Current configuration does not support automated redirection 

My web server is (include version): Vultr VPS 1 vcore 1024MB memory

The operating system my web server runs on is (include version): Debian x10 buster

My hosting provider, if applicable, is: vultr

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.31.0

Today I added some extra domains to apache conf then ran the certbot comand but later removed those domains and reran the certbot for my original domain however I get this error.
Also there was this interesting line and I think it might be cause of problem but not sure, in my ssl conf file of apache for my website.

# because they have the potential to create redirection loops.

# RewriteCond %{SERVER_NAME} =sultandonerkebab.com [OR]
# RewriteCond %{SERVER_NAME} =www.sultandonerkebab.com
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
<Directory /var/www/donerkebab/>
    AllowOverride All
</Directory>```
2 Likes

Hi @Abdulee

that’s

your problem you have to fix. Looks like you have multiple definitions port + domain name, that’s always wrong.

What says

apachectl -S
3 Likes
VirtualHost configuration:
*:443                  is a NameVirtualHost
         default server sultandonerkebab.com (/etc/apache2/sites-enabled/donerkebab-le-ssl.conf:2)
         port 443 namevhost sultandonerkebab.com (/etc/apache2/sites-enabled/donerkebab-le-ssl.conf:2)
                 alias www.sultandonerkebab.com
                 alias sultandonerkebab.es
         port 443 namevhost sultandonerkebab.com (/etc/apache2/sites-enabled/donerkebab-le-ssl.conf:84)
                 alias www.sultandonerkebab.com
         port 443 namevhost sultangoldencurry.es (/etc/apache2/sites-enabled/goldencurry-le-ssl.conf:2)
                 alias www.sultangoldencurry.es
         port 443 namevhost mail.sultangoldencurry.es (/etc/apache2/sites-enabled/mail.goldencurry.es-le-ssl.conf:2)
                 alias www.mail.sultangoldencurry.es
         port 443 namevhost mail.sultandonerkebab.com (/etc/apache2/sites-enabled/mail.sultandonerkebab.com-le-ssl.conf:2)
                 alias www.mail.sultandonerkebab.com
*:80                   is a NameVirtualHost
         default server sultandonerkebab.com (/etc/apache2/sites-enabled/donerkebab-le-ssl.conf:40)
         port 80 namevhost sultandonerkebab.com (/etc/apache2/sites-enabled/donerkebab-le-ssl.conf:40)
                 alias www.sultandonerkebab.com
         port 80 namevhost sultandonerkebab.com (/etc/apache2/sites-enabled/donerkebab.conf:1)
                 alias www.sultandonerkebab.com
         port 80 namevhost sultangoldencurry.es (/etc/apache2/sites-enabled/goldencurry.conf:1)
                 alias www.sultangoldencurry.es
         port 80 namevhost mail.sultangoldencurry.es (/etc/apache2/sites-enabled/mail.goldencurry.es.conf:1)
                 alias www.mail.sultangoldencurry.es
         port 80 namevhost mail.sultandonerkebab.com (/etc/apache2/sites-enabled/mail.sultandonerkebab.com.conf:1)
                 alias www.mail.sultandonerkebab.com
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default 
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
Define: ENABLE_USR_LIB_CGI_BIN
User: name="www-data" id=33
Group: name="www-data" id=33

1 Like

Unfortunately I don’t understand much can you please guide me how I can do that?
I will be be very thankful.

That’s

your mess. Remove all duplicated entries.

3 Likes

Hey thank you very much I figured it out I had a server alias of old domain still set in my ssl conf for apache … Thank you the apachectl helped listing it. I just couldnt find it I had to search for the name the .es domain

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.