Certbot/letsencrypt ran automatically, now Internal server error on my website

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: apo.nmsu.edu

I ran this command: cron ran on my proxy server:

/usr/sbin/apachectl stop
cd /etc/httpd
/bin/mv sites-enabled sites-enabled.save
/bin/mv sites-devel sites-enabled

/usr/sbin/apachectl start

/opt/certbot/certbot-auto enew

/usr/sbin/apachectl stop
/bin/mv sites-enabled sites-devel
/bin/mv sites-enabled.save sites-enabled
/usr/sbin/apachectl start

It produced this output: Lets encrypt gave a log....
tail of the log

2021-08-01 19:07:20,466:DEBUG:acme.client:Storing nonce: 0002212l9Q2x-xt20eFthhNhDDkCamy83adCtkAkzTbTshY
2021-08-01 19:07:20,470:DEBUG:certbot._internal.storage:Writing new private key to /etc/letsencrypt/archive/apo.nmsu.edu-0004/privkey29.pem.
2021-08-01 19:07:20,481:DEBUG:certbot._internal.storage:Writing certificate to /etc/letsencrypt/archive/apo.nmsu.edu-0004/cert29.pem.
2021-08-01 19:07:20,481:DEBUG:certbot._internal.storage:Writing chain to /etc/letsencrypt/archive/apo.nmsu.edu-0004/chain29.pem.
2021-08-01 19:07:20,481:DEBUG:certbot._internal.storage:Writing full chain to /etc/letsencrypt/archive/apo.nmsu.edu-0004/fullchain29.pem.
2021-08-01 19:07:20,538:DEBUG:certbot._internal.cli:Var manual_public_ip_logging_ok=None (set by user).
2021-08-01 19:07:20,540:DEBUG:certbot._internal.storage:Writing new config /etc/letsencrypt/renewal/apo.nmsu.edu-0004.conf.new.
2021-08-01 19:07:20,787:DEBUG:certbot.display.util:Notifying user: new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/apo.nmsu.edu-0004/fullchain.pem
2021-08-01 19:07:20,789:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None

My web server is (include version):
Server version: Apache/2.4.6 (Scientific Linux)
Server built: Nov 10 2020 08:01:24

The operating system my web server runs on is (include version):
Scientific Linux release 7.9 (Nitrogen)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

certbot 1.10.1

Certbot ran yesterday, but since my website now provides a internal server when I try to hit it from offsite, if I use the website from on site it the browser complains about the cert but then lets me proceed...from the outside though internal error and I have never seen this before. I cannot find any logs, error_log on my proxy and my main web server both show nothing of value ( in fact error_log on the proxy server is emtpy).

access_log shows me trying to hit the server and the 500 response.
Nothing was changed from the last run besides me adding one line mistakenly to the /etc/letsencrypt/renewal/apo.nmsu.edu-0004.conf file. Which i subsequently took out and reran the certbot auto command to no effect.

Our server somehow mashes all the subdomains into one cert to cover anything from abc.apo.nmsu.edu to like zzz.apo.nmsu.edu, I have not been able to add new domains to this process so those are processed separately (in fact lets encrypt log stated how some domains are not yet ready for renewal and that was correct), plus any domain that is not the main one seems to function normally.

Not sure how to back out this update or if I can double check settings and rerun the renewal process to fix the error, the whole configuration I inherited of these servers is strange to me.

I figured this out after I got logging working correctly on the proxy. It seems the certbot auto renew fired on the proxy but had not yet updated the certs on the main webserver so I ran a certbot autorenew there and it seemed to of fixed the issue.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.