@migfilg Sorry about this problem. I don't know why that happened.
But, we can get your Apache working again (hopefully) with this change
In this file:
/etc/httpd/conf.d/vhosts-le-ssl.conf:
Inside the VirtualHost section that starts
<VirtualHost\ :443>
ServerName rdvrsgcl.atractor.pt
Change these 3 lines from:
SSLCertificateFile /etc/letsencrypt/live/atractor.pt/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/atractor.pt/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/atractor.pt/chain.pem
To this:
SSLCertificateFile /etc/letsencrypt/live/rdvrsgcl.atractor.pt/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/rdvrsgcl.atractor.pt/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/rdvrsgcl.atractor.pt/chain.pem
Then, reload Apache and try showing output of this
sudo apachectl -t -D DUMP_VHOSTS
Update: You may need to use httpd instead of apachectl on your system
If that worked try this again:
sudo certbot renew --dry-run
3 Likes
Thanks a lot! It seems to be working, but I had to also replace the certificate names in both virtual host entries. So the final message of the dry run was:
Congratulations, all simulated renewals succeeded:
/etc/letsencrypt/live/atractor.pt-0001/fullchain.pem (success)
/etc/letsencrypt/live/rdvrsgcl.atractor.pt/fullchain.pem (success)
My sincere thanks to all who helped on this!
1 Like
It is good the dry-run worked. But, something is still very strange with your Apache config.
HTTPS requests to all 3 of the domains worked fine before and did not use the cert that had all 3 names in it. And, they still don't now (which is good). So, the lines in Apache that named that 3-domain cert are not used for actual HTTPS requests.
You likely have overlapping VirtualHost definitions in Apache. Apache allows this but it rarely produces correct results.
If you want help fixing that please show output of this
2 Likes
Sorry I forgot to send the output of that command; here it goes, but I am not sure how to use it...
*httpd -t -D DUMP_VHOSTS
[Tue Apr 08 17:23:48.464320 2025] [alias:warn] [pid 62317] AH00671: The *Alias directive in /etc/httpd/conf.d/autoindex.conf at line 21 will probably never match because it overlaps an earlier Alias.
VirtualHost configuration:
:443 is a NameVirtualHost
default server atractor.pt (/etc/httpd/conf.d/ssl.conf:60)
port 443 namevhost atractor.pt (/etc/httpd/conf.d/ssl.conf:60)
alias www.atractor.pt
port 443 namevhost rdvrsgcl.atractor.pt (/etc/httpd/conf.d/ssl.conf:72)
port 443 namevhost atractor.pt (/etc/httpd/conf.d/vhosts-le-ssl.conf:2)
alias www.atractor.pt
port 443 namevhost rdvrsgcl.atractor.pt (/etc/httpd/conf.d/vhosts-le-ssl.conf:14)
:80 is a NameVirtualHost
default server rdvrsgcl.atractor.pt (/etc/httpd/conf.d/vhosts.conf:1)
port 80 namevhost rdvrsgcl.atractor.pt (/etc/httpd/conf.d/vhosts.conf:1)
port 80 namevhost atractor.pt (/etc/httpd/conf.d/vhosts.conf:16)
alias www.atractor.pt*
The duplicated domain names for the same port 443 (HTTPS) was causing the trouble. And possibly still is. We can get this sorted out.
Please show the contents of the two config files
/etc/httpd/conf.d/ssl.conf
/etc/httpd/conf.d/vhosts-le-ssl.conf
I am pretty sure I know what needs to be done. But, this time I want to check before-hand to be sure I don't give you wrong advice 
2 Likes
Please show the contents of the two config files
/etc/httpd/conf.d/ssl.conf
/etc/httpd/conf.d/vhosts-le-ssl.conf
I am pretty sure I know what needs to be done. But, this time I want to check before-hand to be sure I don't give you wrong advice 
I enclose the two files as one of them has 89 lines...
etc_httpd_conf.d_ssl.conf.txt (3.3 KB)
etc_httpd_conf.d_vhosts-le-ssl.conf.txt (1.2 KB)
2 Likes
Okay, you can delete the /etc/httpd/conf.d/vhosts-le-ssl-conf file
You could make a backup first but I am confident you won't have problems. And, you have a copy in your previous post
Why is the ssl.conf file better?
- It has default SSL settings that have always been active so you should keep using them
- Both VirtualHosts name the correct SSL files for the ServerName and Alias
- The VirtualHosts in the
vhosts file are identical to the ones in ssl.conf except the vhosts uses the wrong cert file for atractor.pt. You changed vhosts to use a valid cert file which avoided the Apache syntax error. But, you used rdvrsgcl cert for atractor.pt. This wouldn't validate properly so we know it isn't being used by Apache anyway.
After you remove vhosts-le-ssl-conf redo the DUMP_VHOSTS command from earlier. You will then see each domain name just once for each port.
And, do below just as final test it is okay
sudo certbot renew --dry-run
2 Likes
Okay, you can delete the /etc/httpd/conf.d/vhosts-le-ssl-conf file
You could make a backup first but I am confident you won't have
problems. And, you have a copy in your previous post
Yes, but I just renamed it by appending "_NOT_IN_USE" as there may be someone else taking care of this in the future.
Then I restarted Apache, DUMP_VHOSTS and certbot renew --dry-run:
About this warning: line 21 is Alias /icons/ "/usr/share/httpd/icons/"
VirtualHost configuration:
*:443 is a NameVirtualHost
default server atractor.pt (/etc/httpd/conf.d/ssl.conf:60)
port 443 namevhost atractor.pt (/etc/httpd/conf.d/ssl.conf:60)
alias www.atractor.pt
port 443 namevhost rdvrsgcl.atractor.pt (/etc/httpd/conf.d/ssl.conf:72)
*:80 is a NameVirtualHost
default server rdvrsgcl.atractor.pt (/etc/httpd/conf.d/vhosts.conf:1)
port 80 namevhost rdvrsgcl.atractor.pt (/etc/httpd/conf.d/vhosts.conf:1)
port 80 namevhost atractor.pt (/etc/httpd/conf.d/vhosts.conf:16)
alias www.atractor.pt
- certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/atractor.pt-0001.conf
Simulating renewal of an existing certificate for atractor.pt and www.atractor.pt
Processing /etc/letsencrypt/renewal/rdvrsgcl.atractor.pt.conf
Simulating renewal of an existing certificate for rdvrsgcl.atractor.pt
Congratulations, all simulated renewals succeeded:
/etc/letsencrypt/live/atractor.pt-0001/fullchain.pem (success)
/etc/letsencrypt/live/rdvrsgcl.atractor.pt/fullchain.pem (success)
So it is working 
and I renew my very sincere thanks for all the help on this!
Best wishes!
2 Likes