I got a problem with a certificate with one of my subdomains. But first, the filled out preset
I ran this command: certbot --apache
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Which names would you like to activate HTTPS for?
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Certificate not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
What would you like to do?
1: Attempt to reinstall this existing certificate
2: Renew & replace the certificate (may be subject to CA rate limits)
No matter what I choose here, the result is always "everythings fine now".
My web server is (include version): Apache 2.4.29
The operating system my web server runs on is (include version): Ubuntu 18.04.6 LTS
My hosting provider, if applicable, is: Plutex.de
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no, every change is made over ssh
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot): 1.20.0
The problem is:
If you look here: https://decoder.link/sslchecker/api.luxaround.de/443 you can see, that the site states, that there is a Problem with the certificate-chain. The API-domain has an additional cert-file in its config.
SSL-config for every domain except api.luxaround.de:
SSL-config for api.luxaround.de:
If I remove the cert.pem line, the apache won't start at all, the log says "Fatal error initialising mod_ssl".
Same error occurs if I add the "Include /etc/letsencrypt/options-ssl-apache.conf" line to the api-config.
Question: How do I fix this? I am pretty new to all this config stuff and would appreciate it very much, if this community could help me out If you need any additional information, I will provide it happily