Certbot renew fails

kasdivi · October 25, 2020, 6:48pm

apparently it was .,.. now fixed

*:80 is a NameVirtualHost
default server kasdivi.com (/usr/local/etc/apache24/extra/httpd-vhosts.conf:1)
port 80 namevhost kasdivi.com (/usr/local/etc/apache24/extra/httpd-vhosts.conf:1)
alias www.kasdivi.com
port 80 namevhost wandjbrewers.com (/usr/local/etc/apache24/extra/httpd-vhosts.conf:28)
alias www.wandjbrewers.com
port 80 namevhost theoceanwindow.com (/usr/local/etc/apache24/extra/httpd-vhosts.conf:51)
alias www.theoceanwindow.com
*:443 is a NameVirtualHost
default server wandjbrewers.com (/usr/local/etc/apache24/extra/httpd-vhosts.conf:74)
port 443 namevhost wandjbrewers.com (/usr/local/etc/apache24/extra/httpd-vhosts.conf:74)
alias wandjbrewers.com
port 443 namevhost theoceanwindow.com (/usr/local/etc/apache24/extra/httpd-vhosts.conf:98)
alias www.theoceanwindow.com
port 443 namevhost kasdivi.com (/usr/local/etc/apache24/extra/httpd-vhosts.conf:120)
alias www.kasdivi.com

kasdivi · October 25, 2020, 6:56pm

I corrected httpd.conf. ran your big line again and got

**Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for theoceanwindow.com
http-01 challenge for www.theoceanwindow.com
Using the webroot path /usr/local/www/wandjbrewers.com for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Running deploy-hook command: sudo /usr/local/sbin/apachectl graceful
Output from deploy-hook command sudo:
Performing sanity check on apache24 configuration:
Performing a graceful restart

Error output from deploy-hook command sudo:
Syntax OK

IMPORTANT NOTES:

Congratulations! Your certificate and chain have been saved at:
/usr/local/etc/letsencrypt/live/kasdivi.com/fullchain.pem
Your key file has been saved at:
/usr/local/etc/letsencrypt/live/kasdivi.com/privkey.pem
Your cert will expire on 2021-01-23. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew all of your certificates, run
"certbot renew"
If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: **

which I assume mean you nailed it.!

griffin · October 25, 2020, 7:07pm

Now, once more with feeling for confidence:
sudo certbot renew --dry-run

kasdivi · October 25, 2020, 7:12pm

all together now!!

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /usr/local/etc/letsencrypt/renewal/kasdivi.com.conf

Cert not due for renewal, but simulating renewal for dry run

Plugins selected: Authenticator webroot, Installer None

Renewing an existing certificate

Performing the following challenges:

http-01 challenge for theoceanwindow.com

http-01 challenge for wandjbrewers.com

http-01 challenge for www.theoceanwindow.com

http-01 challenge for www.wandjbrewers.com

http-01 challenge for kasdivi.com

http-01 challenge for www.kasdivi.com

Using the webroot path /usr/local/www/wandjbrewers.com for all unmatched domains.

Waiting for verification...

Cleaning up challenges

Dry run: skipping deploy hook command: sudo /usr/local/sbin/apachectl graceful

new certificate deployed without reload, fullchain is

/usr/local/etc/letsencrypt/live/kasdivi.com/fullchain.pem

** DRY RUN: simulating 'certbot renew' close to cert expiry

** (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:

/usr/local/etc/letsencrypt/live/kasdivi.com/fullchain.pem (success)

** DRY RUN: simulating 'certbot renew' close to cert expiry

** (The test certificates above have not been saved.)strong text

griffin · October 25, 2020, 7:13pm

That's what we like to see!

Now about that mixed content for https://theoceanwindow.com...

Check https://theoceanwindow.com with the following tool and change the http's to https's:

kasdivi · October 25, 2020, 7:17pm

all fixed I had been unaware. now aware\

griffin · October 25, 2020, 7:19pm

Mixed content is any reference in your https webpage that is served over http, but should be served over https. This is why https://theoceanwindow.com shows no padlock next to the address.

You also need 301 redirects for all three sites from http to https.

system · November 24, 2020, 7:20pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.