My domain is: autolider.org
I ran this command: /usr/local/bin/certbot-auto --apache
It produced this output: I got working SSL-certificate, but then problems started. Described below
My web server is (include version): Apache/2.2.15 (Unix)
The operating system my web server runs on is (include version): CentOS release 6.8 (Final)
My hosting provider, if applicable, is: VPS
I can login to a root shell on my machine (yes or no, or I don’t know): yes (sudo su)
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot): 0.37.1
After making the necessary settings directly on the site, HTTPS worked properly. But broken HTTP.
I don’t work like that, and I began to figure out what the problem was.
The first request for HTTP, I received “too many redirects”, Next requests added to my address bar a lot of extra parts of ‘install’ - the format is approximately the following:
http://autolider.org/install/install/install/.../install/install.php
When I tried any movement on the site, I received an error 404 (caching excluded).
First, I tried to manually roll back the httpd.conf file - and as a result, I received the source code of the scripts in the browser that I requested for execution from the browser.
When I began to suspect that the web server settings files were corrupted, I decided to roll back to the backup that I created right before the start of all the work of switching to HTTPS.
What exactly was corrupted - I still did not understand.
But before a complete rollback, I saved all the data from the “/etc/letsencrypt” folder, and also created a copy of the existing “almost working” httpd.conf file.
After the backup was restored - I saved the keys, certificates and VirtualHost parameters to the correct places, manually.
After all these manipulations, the site worked well on both HTTP and HTTPS.
Now i can’t have a command “certbot” or “certbot-auto”.
Next certificate renewals (after 90 days) will require repeating all of these procedures:
0 - backup of the server;
1 - execute instruction https://certbot.eff.org/lets-encrypt/centos6-apache;
2 - it is known that the web server settings will be corrupted;
3 - download new data from the “/etc/letsencrypt” folder;
4 - restore the backup copy of the server;
5 - upload new files of keys and certificates.
Main problem in all this is - points 0 and 4, only it will take about 2 hours of waiting.
Question: if I have the opportunity to manually retrieve the necessary data to be loaded into “/etc/letsencrypt” ?