Conflict in domain name when renewing certificat

Help
1

I have several Let's encrypt certificates on my server, but when I try to renew them, I get the error below:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/actualite.housseniawriting.com-0001.conf

Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for dream-islam.com
http-01 challenge for www.dream-islam.com
Waiting for verification...
Challenge failed for domain dream-islam.com
Challenge failed for domain www.dream-islam.com
http-01 challenge for dream-islam.com
http-01 challenge for www.dream-islam.com
Cleaning up challenges
Attempting to renew cert (actualite.housseniawriting.com-0001) from /etc/letsencrypt/renewal/actualite.housseniawriting.com-0001.conf produced an unexpected error: Some challenges have failed.. Skipping.
-------------------------------------

Knowing that the domain name dream-islam.com, I no longer use it and it has expired and I deleted its certificates in directories such as live, archive and renewal, but the certbot command seems to associate the certificate of domain name actualite.housseniawriting.com at dream-islam. I also checked the conf files and they don't have the old domain name, but certbot keeps finding it.

I used the grep command to find occurrences of the expired domain name and found some in the archive in a privkey file full of valid domain names and not the expired domain.

My valid domain names (which cannot be renewed):

actualite.housseniawriting.com
vapotage.org
wwww.vapotage.org

Is there a way to delete all occurrences or redo new clean certificates for valid domain names?

2

Hi @HoussenMoshine, and welcome to the LE community forum :slight_smile:

Removing the certs and starting over won't generally fix any of the errors that are causing the certs to fail their renewals.

We should start by having at look at the output of these two commands:

    1. certbot certificates
    1. sudo apachectl -t -D DUMP_VHOSTS
3 Likes
3

FYI, you should read the documentation on how to remove a certificate:
User Guide — Certbot 2.10.0.dev0 documentation (eff-certbot.readthedocs.io)
image

2 Likes
4

Hi, cerbot certificat output this :

---------------------------------------
Attempting to parse the version 1.8.0 renewal configuration file found at /etc/l                                                                              etsencrypt/renewal/vapotage.org.conf with version 0.40.0 of Certbot. This might                                                                               not work.
Renewal configuration file /etc/letsencrypt/renewal/vapotage.org.conf produced a                                                                              n unexpected error: expected /etc/letsencrypt/live/vapotage.org/cert.pem to be a                                                                               symlink. Skipping.
Attempting to parse the version 1.8.0 renewal configuration file found at /etc/l                                                                              etsencrypt/renewal/www.vapotage.org.conf with version 0.40.0 of Certbot. This mi                                                                              ght not work.
Renewal configuration file /etc/letsencrypt/renewal/www.vapotage.org.conf produc                                                                              ed an unexpected error: expected /etc/letsencrypt/live/www.vapotage.org/cert.pem                                                                               to be a symlink. Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: actualite.housseniawriting.com-0001
    Domains: actualite.housseniawriting.com dream-islam.com vapotage.org www.dre                                                                              am-islam.com www.vapotage.org
    Expiry Date: 2024-03-03 09:56:17+00:00 (VALID: 6 days)
    Certificate Path: /etc/letsencrypt/live/actualite.housseniawriting.com-0001/                                                                              fullchain.pem
    Private Key Path: /etc/letsencrypt/live/actualite.housseniawriting.com-0001/                                                                              privkey.pem
  Certificate Name: annuaire.vapotage.org
    Domains: annuaire.vapotage.org
    Expiry Date: 2024-05-13 09:23:56+00:00 (VALID: 77 days)
    Certificate Path: /etc/letsencrypt/live/annuaire.vapotage.org/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/annuaire.vapotage.org/privkey.pem
  Certificate Name: vapotage.org-0001
    Domains: vapotage.org www.vapotage.org
    Expiry Date: 2024-05-13 09:24:03+00:00 (VALID: 77 days)
    Certificate Path: /etc/letsencrypt/live/vapotage.org-0001/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/vapotage.org-0001/privkey.pem

The following renewal configurations were invalid:
  /etc/letsencrypt/renewal/vapotage.org.conf
  /etc/letsencrypt/renewal/www.vapotage.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

I'm using nginx and the expired domain don't show in them when I use nginx -T

The problem with certbot delete is that that I have delete the conf file of the expired domain :

sudo certbot delete --cert-name dream-islam.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
No certificate found with name dream-islam.com (expected /etc/letsencrypt/renewal/dream-islam.com.conf).
5

I hear an Apache web server responding:

curl -Ii dream-islam.com
HTTP/1.1 302 Found
date: Mon, 26 Feb 2024 04:33:15 GMT
server: Apache      <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
set-cookie: __tad=1708921995.5236622; expires=Thu, 23-Feb-2034 04:33:15 GMT; Max-Age=315360000
location: http://ww25.dream-islam.com/?subid1=20240226-1533-1543-a965-c3e6324a0956
content-type: text/html; charset=UTF-8
connection: close
2 Likes
6

It may be the page of the expired domain bought by a registrar.

1 Like
7

Please show:
ls -l /etc/letsencrypt/renewal/

1 Like
8

-rw-r--r-- 1 root root 642 Dec 4 11:56 actualite.housseniawriting.com-0001.conf
-rw-r--r-- 1 root root 572 Feb 13 11:23 annuaire.vapotage.org.conf
-rw-r--r-- 1 root root 552 Feb 13 11:24 vapotage.org-0001.conf
-rw-r--r-- 1 root root 503 Sep 15 2020 vapotage.org.conf
-rw-r--r-- 1 root root 523 Sep 15 2020 www.vapotage.org.conf

9

The first one contains both names.
So, the other two aren't needed and can safely be removed.
[Given that your web server is no longer using their certs]

Note:

1 Like
10

What shows?:
nginx -T | grep fullchain

2 Likes
11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.