Hi I am not able to install the certificate on my server. It always fails with the error:
Could not be found to be deleted /etc/apache2/sites-available/000-default-le-ssl.conf - Certbot probably shut down unexpectedly
An unexpected error occurred:
StopIteration
Please see the logfiles in /var/log/letsencrypt for more details.
The certificate is saved though.
IMPORTANT NOTES:
Unable to install the certificate
Congratulations! Your certificate and chain have been saved at:
…
My domain is: dev.efaith.co.in
I ran this command: sudo ./certbot-auto --apache
It produced this output:
Could not be found to be deleted /etc/apache2/sites-available/000-default-le-ssl.conf - Certbot probably shut down unexpectedly
An unexpected error occurred:
StopIteration
Please see the logfiles in /var/log/letsencrypt for more details.
My web server is (include version): Server version: Apache/2.4.18 (Ubuntu)
The operating system my web server runs on is (include version): Ubuntu 16.04
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): NO
Here is the contents of letsencrypt.loh. Please help
Your key file has been saved at:
/etc/letsencrypt/live/dev.efaith.co.in/privkey.pem
Your cert will expire on 2018-09-09. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the “certonly” option. To non-interactively renew all of your certificates, run “certbot renew”
2018-06-11 15:28:45,797:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 442, in deploy_certificate
fullchain_path=fullchain_path)
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 302, in deploy_cert
vhosts = self.choose_vhosts(domain)
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 326, in choose_vhosts
return [self.choose_vhost(domain)]
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 501, in choose_vhost
vhost = self.make_vhost_ssl(vhost)
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 1074, in make_vhost_ssl
self._copy_create_ssl_vhost_skeleton(nonssl_vhost, ssl_fp)
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 1220, in _copy_create_ssl_vhost_skeleton
ssl_vh_contents, sift = self._sift_rewrite_rules(orig_contents)
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 1292, in _sift_rewrite_rules
line = next(contents)
StopIteration
Could not be found to be deleted /etc/apache2/sites-available/000-default-le-ssl.conf - Certbot probably shut down unexpectedly
2018-06-11 15:28:45,798:DEBUG:certbot.reporter:Reporting to user: Unable to install the certificate
2018-06-11 15:28:45,798:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.22.2’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1266, in main
return config.func(config, plugins)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1038, in run
_install_cert(config, le_client, domains, new_lineage)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 760, in _install_cert
path_provider.cert_path, path_provider.chain_path, path_provider.fullchain_path)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 442, in deploy_certificate
fullchain_path=fullchain_path)
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 302, in deploy_cert
vhosts = self.choose_vhosts(domain)
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 326, in choose_vhosts
return [self.choose_vhost(domain)]
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 501, in choose_vhost
vhost = self.make_vhost_ssl(vhost)
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 1074, in make_vhost_ssl
self._copy_create_ssl_vhost_skeleton(nonssl_vhost, ssl_fp)
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 1220, in _copy_create_ssl_vhost_skeleton
ssl_vh_contents, sift = self._sift_rewrite_rules(orig_contents)
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 1292, in _sift_rewrite_rules
line = next(contents)
StopIteration
2018-06-11 15:28:45,799:ERROR:certbot.log:An unexpected error occurred:
@bmw Thanks. that fixed the issue.
One more question. I had tried to install the certificate so many times, so I was getting this error:
Error creating new cert :: too many certificates already issued for exact set of domains:
Therefore I was trying to install using --staging option.
Now that it is working, How should I move to production?
installing again without --staging will work?
certbot-auto --apache?
That is a correct way to use the production server, but the problem reported by the error message is real.
In this case Certbot crashed after obtaining the certificates, so the valid certificates already do exist (and the rate limit legitimately applies to this situation). Perhaps you could use the existing valid certificates on your system. You can view the status with certbot certificates and potentially re-run just the installer with certbot install.
@schoen Thank you.
I actually deleted the certificates. In the process of trying. So certbot certificates just list the test certificate
Found the following certs:
Certificate Name: dev.efaith.co.in
Domains: dev.efaith.co.in
Expiry Date: 2018-09-09 13:56:29+00:00 (INVALID: TEST_CERT)
Certificate Path: /path/to/fullchain.pem
Private Key Path: /path/to/privkey.pem
Maybe If I try after one week, I’ll be able to install?
If you need to set things up sooner, you might have a backup of the private keys in /etc/letsencrypt/keys and you could get the certificates from https://crt.sh/. However, this means a lot more work on your part compared to waiting for the expiry.
Did you ever use --break-my-certs to switch from a production cert to a test cert?
There’s also an option if you have another subdomain that you could add to the certificate when reissuing (since this isn’t considered an identical certificate, it’s not affected by this particular rate limit).