"Certificate name mismatch" and certificate installation errors -- help! :-)


#1

My domain is: wealthychef.net

I ran this command:
certbot-auto --apache

It produced the below output. The logfile output is also useful and included below. It’s looong. But I think it’s important to include it all.

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?


1: wealthychef.net
2: blog.wealthychef.net
3-5: (redacted)
6: www.wealthychef.net


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel):
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn’t close to expiry.
(ref: /etc/letsencrypt/renewal/wealthychef.net.conf)

What would you like to do?


1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)


Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 1
Keeping the existing certificate
Created an SSL vhost at /etc/apache2/sites-available/wealthychef.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/wealthychef.net-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/wealthychef.net-le-ssl.conf
Created an SSL vhost at /etc/apache2/sites-available/wealthychef.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/wealthychef.net-le-ssl.conf
Created an SSL vhost at /etc/apache2/sites-available/wealthychef.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/wealthychef.net-le-ssl.conf
Created an SSL vhost at /etc/apache2/sites-available/wealthychef.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/wealthychef.net-le-ssl.conf
Created an SSL vhost at /etc/apache2/sites-available/wealthychef.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/wealthychef.net-le-ssl.conf
An unexpected error occurred:
ValueError: Unable to set value to path!
Please see the logfiles in /var/log/letsencrypt for more details.

IMPORTANT NOTES:

  • Unable to install the certificate
  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/wealthychef.net/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/wealthychef.net/privkey.pem
    Your cert will expire on 2019-05-01. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot-auto
    again with the “certonly” option. To non-interactively renew all
    of your certificates, run “certbot-auto renew”

Here are the logfile contents, which I have to paste because I’m not allowed to upload attachments, apologies:
2019-01-31 00:49:49,180:DEBUG:certbot.main:certbot version: 0.30.2
2019-01-31 00:49:49,181:DEBUG:certbot.main:Arguments: [’–apache’]
2019-01-31 00:49:49,181:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2019-01-31 00:49:49,198:DEBUG:certbot.log:Root logging level set at 20
2019-01-31 00:49:49,198:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2019-01-31 00:49:49,199:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2019-01-31 00:49:49,309:DEBUG:certbot_apache.configurator:Apache version is 2.4.10
2019-01-31 00:49:49,855:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0x7f4936c09d90>
Prep: True
2019-01-31 00:49:49,856:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_apache.override_debian.DebianConfigurator object at 0x7f4936c09d90> and installer <certbot_apache.override_debian.DebianConfigurator object at 0x7f4936c09d90>
2019-01-31 00:49:49,856:INFO:certbot.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2019-01-31 00:49:49,861:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(status=None, terms_of_service_agreed=None, agreement=None, only_return_existing=None, contact=(), key=None, external_account_binding=None), uri=u’https://acme-v02.api.letsencrypt.org/acme/acct/50584716’, new_authzr_uri=None, terms_of_service=None), 7e4ec05be372a305649db45f54356b9a, Meta(creation_host=u’linode.richcook.net’, creation_dt=datetime.datetime(2019, 1, 31, 7, 45, 18, tzinfo=)))>
2019-01-31 00:49:49,863:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2019-01-31 00:49:49,865:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2019-01-31 00:49:49,998:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “GET /directory HTTP/1.1” 200 658
2019-01-31 00:49:49,999:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 658
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Thu, 31 Jan 2019 08:49:49 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 31 Jan 2019 08:49:49 GMT
Connection: keep-alive

{
“BEQZQaQMJsQ”: “Adding random entries to the directory”,
“keyChange”: “https://acme-v02.api.letsencrypt.org/acme/key-change”,
“meta”: {
“caaIdentities”: [
letsencrypt.org
],
“termsOfService”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”,
“website”: “https://letsencrypt.org
},
“newAccount”: “https://acme-v02.api.letsencrypt.org/acme/new-acct”,
“newNonce”: “https://acme-v02.api.letsencrypt.org/acme/new-nonce”,
“newOrder”: “https://acme-v02.api.letsencrypt.org/acme/new-order”,
“revokeCert”: “https://acme-v02.api.letsencrypt.org/acme/revoke-cert
}
2019-01-31 00:50:01,970:INFO:certbot.renewal:Cert not yet due for renewal
2019-01-31 00:50:14,133:INFO:certbot.main:Keeping the existing certificate
2019-01-31 00:50:14,134:DEBUG:certbot.reporter:Reporting to user: Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/wealthychef.net/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/wealthychef.net/privkey.pem
Your cert will expire on 2019-05-01. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again with the “certonly” option. To non-interactively renew all of your certificates, run “certbot-auto renew”
2019-01-31 00:50:14,148:INFO:certbot_apache.configurator:Created an SSL vhost at /etc/apache2/sites-available/wealthychef.net-le-ssl.conf
2019-01-31 00:50:14,157:DEBUG:certbot.reverter:Creating backup of /etc/apache2/sites-available/wealthychef.net-le-ssl.conf
2019-01-31 00:50:14,284:INFO:certbot_apache.configurator:Deploying Certificate to VirtualHost /etc/apache2/sites-available/wealthychef.net-le-ssl.conf
2019-01-31 00:50:14,285:INFO:certbot_apache.override_debian:Enabling available site: /etc/apache2/sites-available/wealthychef.net-le-ssl.conf
2019-01-31 00:50:14,315:INFO:certbot_apache.configurator:Created an SSL vhost at /etc/apache2/sites-available/wealthychef.net-le-ssl.conf
2019-01-31 00:50:14,457:INFO:certbot_apache.configurator:Deploying Certificate to VirtualHost /etc/apache2/sites-available/wealthychef.net-le-ssl.conf
2019-01-31 00:50:14,492:INFO:certbot_apache.configurator:Created an SSL vhost at /etc/apache2/sites-available/wealthychef.net-le-ssl.conf
2019-01-31 00:50:14,642:INFO:certbot_apache.configurator:Deploying Certificate to VirtualHost /etc/apache2/sites-available/wealthychef.net-le-ssl.conf
2019-01-31 00:50:14,680:INFO:certbot_apache.configurator:Created an SSL vhost at /etc/apache2/sites-available/wealthychef.net-le-ssl.conf
2019-01-31 00:50:14,840:INFO:certbot_apache.configurator:Deploying Certificate to VirtualHost /etc/apache2/sites-available/wealthychef.net-le-ssl.conf
2019-01-31 00:50:14,884:INFO:certbot_apache.configurator:Created an SSL vhost at /etc/apache2/sites-available/wealthychef.net-le-ssl.conf
2019-01-31 00:50:15,065:INFO:certbot_apache.configurator:Deploying Certificate to VirtualHost /etc/apache2/sites-available/wealthychef.net-le-ssl.conf
2019-01-31 00:50:15,151:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py”, line 516, in deploy_certificate
fullchain_path=fullchain_path)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot_apache/configurator.py”, line 334, in deploy_cert
vhosts = self.choose_vhosts(domain)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot_apache/configurator.py”, line 358, in choose_vhosts
return [self.choose_vhost(domain, create_if_no_ssl)]
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot_apache/configurator.py”, line 542, in choose_vhost
self._add_servername_alias(target_name, vhost)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot_apache/configurator.py”, line 1449, in _add_servername_alias
self.parser.add_dir(vh_path, “ServerAlias”, target_name)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot_apache/parser.py”, line 329, in add_dir
self.aug.set(aug_conf_path + “/directive[last() + 1]”, directive)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/augeas.py”, line 187, in set
raise ValueError(“Unable to set value to path!”)
ValueError: Unable to set value to path!

2019-01-31 00:50:15,151:DEBUG:certbot.error_handler:Calling registered functions
2019-01-31 00:50:15,152:DEBUG:certbot.reporter:Reporting to user: Unable to install the certificate
2019-01-31 00:50:15,153:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/bin/letsencrypt”, line 11, in
sys.exit(main())
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py”, line 1364, in main
return config.func(config, plugins)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py”, line 1125, in run
_install_cert(config, le_client, domains, new_lineage)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py”, line 759, in _install_cert
path_provider.cert_path, path_provider.chain_path, path_provider.fullchain_path)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py”, line 516, in deploy_certificate
fullchain_path=fullchain_path)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot_apache/configurator.py”, line 334, in deploy_cert
vhosts = self.choose_vhosts(domain)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot_apache/configurator.py”, line 358, in choose_vhosts
return [self.choose_vhost(domain, create_if_no_ssl)]
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot_apache/configurator.py”, line 542, in choose_vhost
self._add_servername_alias(target_name, vhost)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot_apache/configurator.py”, line 1449, in _add_servername_alias
self.parser.add_dir(vh_path, “ServerAlias”, target_name)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot_apache/parser.py”, line 329, in add_dir
self.aug.set(aug_conf_path + “/directive[last() + 1]”, directive)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/augeas.py”, line 187, in set
raise ValueError(“Unable to set value to path!”)
ValueError: Unable to set value to path!
2019-01-31 00:50:15,153:ERROR:certbot.log:An unexpected error occurred:
(EOF)

My web server is (include version):
Package: apache2 2.4.10-10+deb8u13

The operating system my web server runs on is (include version):
Debian 8 Jesse

My hosting provider, if applicable, is:
linode

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.30.2


#2

:worried: . Looks like Certbot is not managing to properly understand your Apache configuration.

There’s an issue open about this and the best workaround seems to be to split up your Apache virtual hosts into all separate files.

This workaround might also work, to try install them one domain at a time:

certbot-auto --apache -d wealthychef.net

#3

Thank you, you are correct, your modification to the command fixed what I wanted, going domain by domain.

certbot-auto --apache -d wealthychef.net

closed #4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.