if it’s not there should we create one?
It is somewhere.
And already in use.
I am not sure’ I think I deleted it assuming (wrongly) the the registration process using certbot will create it again (I do not remember creating it in the first place)
You shouldn't have to wait 11 hours.
You already have a cert for those names:
Certbot will see that and ask you if you just want to reinstall it.
That will create the 443 config file for those names.
can I run it now despite the fact that the DNS is pointing to another IP?
Do I run: “sudo certbot --apache -d perot.org.il -d www.perot.org.il”?
Yes.
It should just use the existing cert without need for revalidation.
And then ask you if you want to it create the config file for you: Say yes to that.
What would you like to do?
1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)
root@ip-172-31-17-193:/etc/apache2/sites-available#
root@ip-172-31-17-193:/etc/apache2/sites-available# You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/perot.org.il.conf)
What would you like to do?
1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):
1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)
Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 1
Keeping the existing certificate
Created an SSL vhost at /etc/apache2/sites-available/perot.org.il-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/perot.org.il-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/perot.org.il-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/perot.org.il-le-ssl.conf
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you’re confident your site works on HTTPS. You can undo this
change by editing your web server’s configuration.
Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Enhancement redirect was already set.
Enhancement redirect was already set.
Congratulations! You have successfully enabled https://perot.org.il and
https://www.perot.org.il
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=perot.org.il
https://www.ssllabs.com/ssltest/analyze.html?d=www.perot.org.il
IMPORTANT NOTES:
-
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/perot.org.il/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/perot.org.il/privkey.pem
Your cert will expire on 2020-08-10. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the “certonly” option. To non-interactively renew all of
your certificates, run “certbot renew” -
Some rewrite rules copied from
/etc/apache2/sites-enabled/perot.org.il.conf were disabled in the
vhost for your HTTPS site located at
/etc/apache2/sites-available/perot.org.il-le-ssl.conf because they
have the potential to create redirection loops. -
If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
root@ip-172-31-17-193:/etc/apache2/sites-available#
was this successful???
To confirm, reissue:
apachectl -S
And compare with the previous one.
Looks good would you like to see it?
here it is:
root@ip-172-31-17-193:/etc/apache2/sites-available# apachectl -S
VirtualHost configuration:
*:443 is a NameVirtualHost
default server bluetlv.com (/etc/apache2/sites-enabled/bluetlv.com-le-ssl.conf:2)
port 443 namevhost bluetlv.com (/etc/apache2/sites-enabled/bluetlv.com-le-ssl.conf:2)
alias www.bluetlv.com
port 443 namevhost cafealma.co.il (/etc/apache2/sites-enabled/cafealma.co.il-le-ssl.conf:2)
alias www.cafealma.co.il
port 443 namevhost ip-172-31-17-193.eu-west-1.compute.internal (/etc/apache2/sites-enabled/default-ssl.conf:2)
port 443 namevhost invoice.gidan.com (/etc/apache2/sites-enabled/gidan.com-le-ssl.conf:2)
port 443 namevhost hobbygap.com (/etc/apache2/sites-enabled/hobbygap.com-le-ssl.conf:2)
alias www.hobbygap.com
port 443 namevhost perot.org.il (/etc/apache2/sites-enabled/perot.org.il-le-ssl.conf:2)
alias www.perot.org.il
port 443 namevhost winflow.net (/etc/apache2/sites-enabled/winflow.net-le-ssl.conf:2)
alias demo.winflow.net
*:80 is a NameVirtualHost
default server bluetlv.com (/etc/apache2/sites-enabled/bluetlv.com.conf:1)
port 80 namevhost bluetlv.com (/etc/apache2/sites-enabled/bluetlv.com.conf:1)
alias www.bluetlv.com
port 80 namevhost cafealma.co.il (/etc/apache2/sites-enabled/cafealma.co.il.conf:1)
alias www.cafealma.co.il
port 80 namevhost invoice.gidan.com (/etc/apache2/sites-enabled/gidan.com.conf:1)
port 80 namevhost hobbygap.com (/etc/apache2/sites-enabled/hobbygap.com.conf:1)
alias www.hobbygap.com
port 80 namevhost perot.org.il (/etc/apache2/sites-enabled/perot.org.il.conf:1)
alias www.perot.org.il
port 80 namevhost winflow.net (/etc/apache2/sites-enabled/winflow.net.conf:1)
alias demo.winflow.net
ServerRoot: “/etc/apache2”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/var/log/apache2/error.log”
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/lock/apache2" mechanism=fcntl
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
PidFile: “/var/run/apache2/apache2.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“www-data” id=33
Group: name=“www-data” id=33
root@ip-172-31-17-193:/etc/apache2/sites-available#
A live test would be in 11 hours I hope it will pass.
I cannot express my gratitude’ You where so helpful I thanks from the bottom of my heart
1 Like
Yes it now looks ready:
port 443 namevhost perot.org.il (/etc/apache2/sites-enabled/perot.org.il-le-ssl.conf:2)
alias www.perot.org.il
port 80 namevhost perot.org.il (/etc/apache2/sites-enabled/perot.org.il.conf:1)
alias www.perot.org.il
It worked just fine, and I am grateful.
I am going to open another problem now.
When will I learn?
1 Like
Never stop learning!
Cheers from Miami 
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.