Certbot wont renew my cert --> 404

ls -l /etc/letsencrypt/live/vibez-clan.de/
total 4
lrwxrwxrwx 1 root root  38 Nov 10 13:38 chain.pem -> ../../archive/vibez-clan.de/chain6.pem
lrwxrwxrwx 1 root root  42 Nov 10 13:38 fullchain.pem -> ../../archive/vibez-clan.de/fullchain6.pem
lrwxrwxrwx 1 root root  40 Nov 10 13:38 privkey.pem -> ../../archive/vibez-clan.de/privkey6.pem
-rw-r--r-- 1 root root 682 Aug 24 08:13 README

hmm still no file

What happened with?:

well changed to ln -s /etc/letsencrypt/archive/cert6.pem /etc/letsencrypt/live/vibez-clan.de/cert.pem

now:

lrwxrwxrwx 1 root root   34 Jan 20 12:48 cert.pem -> /etc/letsencrypt/archive/cert6.pem
lrwxrwxrwx 1 root root   38 Nov 10 13:38 chain.pem -> ../../archive/vibez-clan.de/chain6.pem
lrwxrwxrwx 1 root root   42 Nov 10 13:38 fullchain.pem -> ../../archive/vibez-clan.de/fullchain6.pem
lrwxrwxrwx 1 root root   40 Nov 10 13:38 privkey.pem -> ../../archive/vibez-clan.de/privkey6.pem
-rw-r--r-- 1 root root  682 Aug 24 08:13 README

hahaha!
[I missed the folder entirely]

OK,

Now renew as usual.

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 65, in _reconstitute
    renewal_candidate = storage.RenewableCert(full_path, config)
  File "/usr/lib/python3/dist-packages/certbot/storage.py", line 439, in __init__
    self._check_symlinks()
  File "/usr/lib/python3/dist-packages/certbot/storage.py", line 502, in _check_symlinks
    "not exist".format(target, link))
certbot.errors.CertStorageError: target /etc/letsencrypt/archive/cert6.pem of symlink /etc/letsencrypt/live/vibez-clan.de/cert.pem does not exist
Renewal configuration file /etc/letsencrypt/renewal/vibez-clan.de.conf is broken. Skipping.

still not working

The File is marked red in putty. other symlinks are marked blue

image825×83 4.61 KB

OK, that's still wrong
[We're missing the folder there too]

Again:
rm /etc/letsencrypt/live/vibez-clan.de/cert.pem

Then make sure it's gone:
ls -l /etc/letsencrypt/live/vibez-clan.de/cert.pem

Then redo the symlink [this time with both sides having the folder]:

ln -s /etc/letsencrypt/archive/vibez-clan.de/cert6.pem \
      /etc/letsencrypt/live/vibez-clan.de/cert.pem

[sorry, it's almost 7am here - and I've not yet been to bed]

Congratulations, all renewals succeeded.

Man thank you so much!!! Wish u a good 'night' and a nice weekend!

GREAT JOB!!!

Cheers from Miami

Remember to update that client
If APT doesn't have anything newer [probably not - 18.04 is very old too], you can remove it from APT and install it from SNAP.
See:
Certbot Instructions | Certbot (eff.org)

allright, thats done too, thank you

 certbot --version
certbot 2.2.0

i cant stop me from asking:

U may have a solutions for my apache2-warnings too?

[Fri Jan 20 13:22:19.508167 2023] [mpm_prefork:notice] [pid 22531] AH00171: Graceful restart requested, doing restart
[Fri Jan 20 13:22:19.561490 2023] [ssl:warn] [pid 22531] AH01909: vibez-clan.de:443:0 server certificate does NOT include an ID which matches the server name
[Fri Jan 20 13:22:19.562452 2023] [ssl:warn] [pid 22531] AH01909: vibez-clan.com:443:0 server certificate does NOT include an ID which matches the server name
[Fri Jan 20 13:22:19.562774 2023] [mpm_prefork:notice] [pid 22531] AH00163: Apache/2.4.29 (Ubuntu) OpenSSL/1.1.1 configured -- resuming normal operations
[Fri Jan 20 13:22:19.562786 2023] [core:notice] [pid 22531] AH00094: Command line: '/usr/sbin/apache2'

also, my ssl-cert is not secure if i visit my website without www.
So no problems with www.vibez-clan.de
but on vibez-clan.de its Invalid SSL Certificate

Those two things are one.
Apache is complaining that the certificate doesn't cover all the names being served by that HTTPS block.
Your browser is complaining that the certificate doesn't cover the name being requested (when "www").

Show:
certbot certificates

This one topic is now covering three (separate) things:

• 404 error on renewal
• symlink not found
• www is insecure

Help for each should have been requested separately; So, that future readers can find help on related topics easier.

And while I'm asking...
Feel free to send me a to help me pass the time between - LOL

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: vibez-clan.de-0001
    Serial Number: 463c9a4f8001e445516cd1e8de7c93990f5
    Key Type: ECDSA
    Domains: vibez-clan.de
    Expiry Date: 2023-04-20 15:48:33+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/vibez-clan.de-0001/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/vibez-clan.de-0001/privkey.pem
  Certificate Name: vibez-clan.de
    Serial Number: 4109da7e30d644f0fe611500b43f588c21a
    Key Type: ECDSA
    Domains: vibez-clan.de www.vibez-clan.de
    Expiry Date: 2023-04-20 15:26:55+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/vibez-clan.de/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/vibez-clan.de/privkey.pem
  Certificate Name: www.vibez-clan.com
    Serial Number: 497b900a3c224cbf700891f7a727fa4159d
    Key Type: RSA
    Domains: www.vibez-clan.com
    Expiry Date: 2023-04-01 12:36:49+00:00 (VALID: 70 days)
    Certificate Path: /etc/letsencrypt/live/www.vibez-clan.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/www.vibez-clan.com/privkey.pem
  Certificate Name: www.vibez-clan.de
    Serial Number: 4c4d0311fb22724abe6e4c20a577788e378
    Key Type: ECDSA
    Domains: www.vibez-clan.de
    Expiry Date: 2023-04-20 15:24:38+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/www.vibez-clan.de/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/www.vibez-clan.de/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

i will for sure

well i have probably fixed it somehow..
i played around with alias and servername in configurations.
It actually seems to work, atleast i can reach my sites with and without www

vibez-clan.de-le-ssl.conf:

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerAdmin u@localhost
    ServerName vibez-clan.de
    ServerAlias www.vibez-clan.de
    DocumentRoot /var/www/vibez-clan.de
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined


Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/vibez-clan.de/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/vibez-clan.de/privkey.pem
</VirtualHost>
</IfModule>

vibez-clan.de.conf:

<VirtualHost *:80>
    ServerAdmin u@localhost
    ServerName www.vibez-clan.de
    ServerAlias vibez-clan.de
    DocumentRoot /var/www/vibez-clan.de
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

#RewriteEngine on
#RewriteCond %{SERVER_NAME} =vibez-clan.de [OR]
#RewriteCond %{SERVER_NAME} =www.vibez-clan.de
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
LogLevel warn

You have some unnecessary certs.

So, you are missing a cert with both COM names on it.
And if you want to serve both ECDSA and RSA... then you could get a second cert for each [DE & COM].

deleted those unnecessary certs vibez-clan.de-0001 and www.vibez-clan.de
But how to edit www.vibez-clan.com to both names?

There is no way to "edit".
You have to request a new cert with both names on it.
Then switch the web server to use that new cert.
OR
Replace the existing cert with another cert but use the same cert name.
Add:
--cert-name www.vibez-clan.com -d vibez-clan.com -d www.vibez-clan.com

And thanks for the

okay that didnt worked so i have cleared all certs and created 2x new with both domains.
It actually seems to work very fine

I have to thank you!

What says?:
certbot certificates

Found the following certs:
  Certificate Name: vibez-clan.com
    Serial Number: 44bc334df550a19b469e20620f52a351d97
    Key Type: ECDSA
    Domains: vibez-clan.com www.vibez-clan.com
    Expiry Date: 2023-04-20 20:45:32+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/vibez-clan.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/vibez-clan.com/privkey.pem
  Certificate Name: vibez-clan.de
    Serial Number: 369b9834b8816524f46111f2e16b30dbe70
    Key Type: ECDSA
    Domains: vibez-clan.de www.vibez-clan.de
    Expiry Date: 2023-04-20 20:45:00+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/vibez-clan.de/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/vibez-clan.de/privkey.pem

looks clean imo man i have to thank you so much...i am struggling since ages with those certs/vhosts etc..u fixed this in a half day