Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:perot.org.il
I ran this command: certbot renew
It produced this output: Cert not yet due for renewal
My web server is (include version): apache 2.4.18 Server built: 2019-09-16T13:13:53
The operating system my web server runs on is (include version): Ubuntu 16.04.4 LTS
My hosting provider, if applicable, is: Amazon Web Services
I can login to a root shell on my machine (yes or no, or I donât know): YES
Iâm using a control panel to manage my site (no, or provide the name and version of the control panel): NO
The version of my client is (e.g. output of certbot --version or certbot-auto --version if youâre using Certbot):certbot 0.31.0
Hi,
I have a Drupal multisite on AWS server.
I have install certbot and requested SSL certificate for all the domains at once
The setup contains a virtual host arrangement under âbluetlv.comâ.
the particular domain (out of this group) was new.perot.org.il and for this domain, I got certify and still am.
the base domain: âperot.org.ilâ was hosted elsewhere.
Now, at last, the new.perot.org.il needs to become the actual site so I change the DNS to point to this server and change the details in the âvirtual hostâ file in the hope that new certificate will be generatedâ to my disappointment it did not.
the virtual host file was and still is named âperot.org.il.confâ
The inside was:
RewriteEngine on
RewriteCond %{SERVER_NAME} =new.perot.org.il
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
vim: syntax=apache ts=4 sw=4 sts=4 sr noet
I have changed all new.perot.org.il to perot.org.il and ran âcertbot renewâ
Obviously this did not work.
My question is: what do I need to do in order to create a certificate for âperot.org.ilâ
Thanks in advanced
Shimon Dekel
Hi,
Thanks for your help, but I not there yet.
As I mansion before the Virtual host files where named perot.org.il.conf but the site certify was new.perot.org.il.
I edited the file to reflect the name perot.org.il and I deleted the perot.org.il-le-ssl.conf to reflect a new site.
I ran âsudo a2ensite perot.org.il.confâ and restarted the apache2
I then tried generating a new certificate doing"âsudo certbot --apache -d perot.org.il -d www.perot.org.ilâ
and this is what I got:
root@ip-172-31-17-193:/etc/apache2# sudo certbot --apache -d perot.org.il -d www.perot.org.il
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Cert not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isnât close to expiry.
(ref: /etc/letsencrypt/renewal/perot.org.il.conf)
What would you like to do?
1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)
Select the appropriate number [1-2] then [enter] (press âcâ to cancel): 1
Keeping the existing certificate
Created an SSL vhost at /etc/apache2/sites-available/perot.org.il-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/perot.org.il-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/perot.org.il-le-ssl.conf
We were unable to find a vhost with a ServerName or Address of www.perot.org.il.
Which virtual host would you like to choose?
Select the appropriate number [1-13] then [enter] (press âcâ to cancel): 1
The selected vhost would conflict with other HTTPS VirtualHosts within Apache. Please select another vhost or add ServerNames to your configuration.
VirtualHost not able to be selected.
IMPORTANT NOTES:
Unable to install the certificate
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/perot.org.il/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/perot.org.il/privkey.pem
Your cert will expire on 2020-08-10. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the âcertonlyâ option. To non-interactively renew all of
your certificates, run âcertbot renewâ
Some rewrite rules copied from
/etc/apache2/sites-enabled/perot.org.il.conf were disabled in the
vhost for your HTTPS site located at
/etc/apache2/sites-available/perot.org.il-le-ssl.conf because they
have the potential to create redirection loops.
root@ip-172-31-17-193:/etc/apache2#
==========================================
I am lost here what should I do?
Thanks in advance for any help.
Shimon Dekel
Thanks for your help.
I ran the âsudo apachectl -Sâ
I got this: note that perot.org.il is showing under port 80 and not under port 443
root@ip-172-31-17-193:/etc/apache2# sudo apachectl -S
VirtualHost configuration:
*:443 is a NameVirtualHost
default server bluetlv.com (/etc/apache2/sites-enabled/bluetlv.com-le-ssl.conf:2)
port 443 namevhost bluetlv.com (/etc/apache2/sites-enabled/bluetlv.com-le-ssl.conf:2)
alias www.bluetlv.com
port 443 namevhost cafealma.co.il (/etc/apache2/sites-enabled/cafealma.co.il-le-ssl.conf:2)
alias www.cafealma.co.il
port 443 namevhost ip-172-31-17-193.eu-west-1.compute.internal (/etc/apache2/sites-enabled/default-ssl.conf:2)
port 443 namevhost invoice.gidan.com (/etc/apache2/sites-enabled/gidan.com-le-ssl.conf:2)
port 443 namevhost hobbygap.com (/etc/apache2/sites-enabled/hobbygap.com-le-ssl.conf:2)
alias www.hobbygap.com
port 443 namevhost winflow.net (/etc/apache2/sites-enabled/winflow.net-le-ssl.conf:2)
alias demo.winflow.net
*:80 is a NameVirtualHost
default server bluetlv.com (/etc/apache2/sites-enabled/bluetlv.com.conf:1)
port 80 namevhost bluetlv.com (/etc/apache2/sites-enabled/bluetlv.com.conf:1)
alias www.bluetlv.com
port 80 namevhost cafealma.co.il (/etc/apache2/sites-enabled/cafealma.co.il.conf:1)
alias www.cafealma.co.il
port 80 namevhost invoice.gidan.com (/etc/apache2/sites-enabled/gidan.com.conf:1)
port 80 namevhost hobbygap.com (/etc/apache2/sites-enabled/hobbygap.com.conf:1)
alias www.hobbygap.com
port 80 namevhost perot.org.il (/etc/apache2/sites-enabled/perot.org.il.conf:1)
port 80 namevhost winflow.net (/etc/apache2/sites-enabled/winflow.net.conf:1)
alias demo.winflow.net
ServerRoot: â/etc/apache2â
Main DocumentRoot: â/var/www/htmlâ
Main ErrorLog: â/var/log/apache2/error.logâ
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/lock/apache2" mechanism=fcntl
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
PidFile: â/var/run/apache2/apache2.pidâ
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=âwww-dataâ id=33
Group: name=âwww-dataâ id=33
We need to see these files.
I suspect one is good and one is not. cat /etc/letsencrypt/renewal/new.perot.org.il.conf cat /etc/letsencrypt/renewal/perot.org.il.conf
oops! I corrected this but I can only retry this at night as the DNS now pointing to the old site
I will be able to retry in about 11 hours
What about the missing file?