Certification Renewal Issue

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: lab.addmoreroutes.com

I ran this command: certbot-auto -d lab.addmoreroutes.com

It produced this output:

Upgrading certbot-auto 0.36.0 to 0.39.0…
Replacing certbot-auto…
Creating virtual environment…
Installing Python packages…
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for lab.addmoreroutes.com
Waiting for verification…
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/unetlab-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/unetlab-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/unetlab-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.

1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you’re confident your site works on HTTPS. You can undo this
change by editing your web server’s configuration.

Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Added an HTTP->HTTPS rewrite in addition to other RewriteRules; you may wish to check for overall consistency.
Redirecting vhost in /etc/apache2/sites-enabled/unetlab.conf to ssl vhost in /etc/apache2/sites-available/unetlab-le-ssl.conf

Your existing certificate has been successfully renewed, and the new certificate
has been installed.

The new certificate covers the following domains: https://lab.addmoreroutes.com

You should test your configuration at:


  • Congratulations! Your certificate and chain have been saved at:
    Your key file has been saved at:
    Your cert will expire on 2020-02-02. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot-auto
    again with the “certonly” option. To non-interactively renew all
    of your certificates, run “certbot-auto renew”

  • Some rewrite rules copied from
    /etc/apache2/sites-enabled/unetlab.conf were disabled in the vhost
    for your HTTPS site located at
    /etc/apache2/sites-available/unetlab-le-ssl.conf because they have
    the potential to create redirection loops.

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

My web server is (include version):
N/A or Guacamole/EVE-NG
The operating system my web server runs on is (include version):
Ubuntu 16.04.6 LTS
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.39.0

I was trying to issue a renewal and mistakenly hit option #2 and now not able to get to the server locally/remotely using the url address. I can still access the server via root on ip address. How can I restore the configuration to an earlier date/time etc ??

Could you please elaborate on this issue?
Your website is accessible from external IP, but opened with a default page.

If you want to, please share your virtual host configuration files...

Thank you

<IfModule mod_ssl.c>
<VirtualHost *:443>
RewriteEngine On
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.

# RewriteCond %{HTTPS} !=on
# RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] 
ServerName lab.addmoreroutes.com
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/lab.addmoreroutes.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/lab.addmoreroutes.com/privkey.pem
<IfModule mod_ssl.c>
<VirtualHost *:80>
RewriteEngine On
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.

# RewriteCond %{HTTPS} !=on
# RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] 
"unetlab-le-ssl.conf" 24L, 836C

There is no document root statement in either block.
The port 80 block in basically empty.

sorry how do I fix this ?

The easiest way may be to review a default file and change it to fit use your needs.
[cert files, ServerName, DocumentRoot, etc.],

You should find some type of “default file” in /etc/apache2/sites-available/
Otherwise you can also search the web for a ‘default apache vhost config file’.

There is your second topic.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.