Could not reverse map the HTTPS VirtualHost to the original : Ubuntu 18.04.1 LTS (BIONIC)

Help
1

Hi everyone and thank you in advance for your help !

My domain is: geolocaliseip.com
Subdomaines (They all work):
http://cms.geolocaliseip.com
http://postfixadmin.geolocaliseip.com
http://www.geolocaliseip.com
http://webmail.geolocaliseip.com
http://phpmyadmin.geolocaliseip.com

I ran this command:
certbot --authenticator standalone --installer apache -d geolocaliseip.com -d www.geolocaliseip.com -d cms.geolocaliseip.com -d newsletter.geolocaliseip.com -d phpmyadmin.geolocaliseip.com -d postfixadmin.geolocaliseip.com -d webmail.geolocaliseip.com --pre-hook ā€œservice apache2 stopā€ --post-hook ā€œservice apache2 startā€

It produced this output:
root@s1:~# certbot --authenticator standalone --installer apache -d geolocaliseip.com -d www.geolocaliseip.com -d cms.geolocaliseip.com -d newsletter.geolocaliseip.com -d phpmyadmin.geolocaliseip.com -d postfixadmin.geolocaliseip.com -d webmail.geolocaliseip.com --pre-hook ā€œservice apache2 stopā€ --post-hook ā€œservice apache2 startā€
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer apache
Running pre-hook command: service apache2 stop
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for cms.geolocaliseip.com
http-01 challenge for geolocaliseip.com
http-01 challenge for newsletter.geolocaliseip.com
http-01 challenge for phpmyadmin.geolocaliseip.com
http-01 challenge for postfixadmin.geolocaliseip.com
http-01 challenge for webmail.geolocaliseip.com
http-01 challenge for www.geolocaliseip.com
Waiting for verificationā€¦
Cleaning up challenges
Running post-hook command: service apache2 start
Could not reverse map the HTTPS VirtualHost to the original

IMPORTANT NOTES:

  • Unable to install the certificate
  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/geolocaliseip.com/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/geolocaliseip.com/privkey.pem
    Your cert will expire on 2019-01-16. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot again
    with the ā€œcertonlyā€ option. To non-interactively renew all of
    your certificates, run ā€œcertbot renewā€
    root@s1:~#

My web server is (include version):
root@s1:~# apache2 -v
Server version: Apache/2.4.29 (Ubuntu)
Server built: 2018-10-03T14:41:08

The operating system my web server runs on is (include version):
root@s1:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04.1 LTS
Release: 18.04
Codename: bionic

root@s1:~# uname -a
Linux s1.geolocaliseip.com 4.15.0-36-generic #39-Ubuntu SMP Mon Sep 24 16:19:09 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

root@s1:~# cat /proc/version
Linux version 4.15.0-36-generic (buildd@lgw01-amd64-031) (gcc version 7.3.0 (Ubuntu 7.3.0-16ubuntu3)) #39-Ubuntu SMP Mon Sep 24 16:19:09 UTC 2018

Iā€™m using a control panel to manage my site (no, or provide the name and version of the control panel):
WEBMIN is installed, but I prefer the command line.

So you have certainly understood that the generation of virtualhost is not happening.
So yes, I think I can write them manually, but CERBOT is supposed to write them. I would like to understand what is wrong with my configuration and help improve it if necessary, because it is a tool that saves a lot of time !

root@s1:~# ls -l /etc/apache2/sites-enabled/
total 0
lrwxrwxrwx 1 root root 47 oct.  10 11:52 geolocalise-ip.com.host.conf -> ../sites-available/geolocalise-ip.com.host.conf
lrwxrwxrwx 1 root root 46 oct.  10 11:52 geolocaliseip.com.host.conf -> ../sites-available/geolocaliseip.com.host.conf
lrwxrwxrwx 1 root root 46 oct.  10 11:52 geolocalise-ip.fr.host.conf -> ../sites-available/geolocalise-ip.fr.host.conf
lrwxrwxrwx 1 root root 45 oct.  10 11:52 geolocaliseip.fr.host.conf -> ../sites-available/geolocaliseip.fr.host.conf
lrwxrwxrwx 1 root root 47 oct.  10 11:52 geolocalise-ip.net.host.conf -> ../sites-available/geolocalise-ip.net.host.conf
lrwxrwxrwx 1 root root 46 oct.  10 11:52 geolocaliseip.net.host.conf -> ../sites-available/geolocaliseip.net.host.conf
lrwxrwxrwx 1 root root 47 oct.  10 11:52 geolocation-ip.com.host.conf -> ../sites-available/geolocation-ip.com.host.conf
lrwxrwxrwx 1 root root 47 oct.  10 11:52 geolocation-ip.net.host.conf -> ../sites-available/geolocation-ip.net.host.conf

mcedit -d /etc/apache2/sites-available/geolocaliseip.com.host.conf

geolocaliseip.com.host.conf.txt (3.4 KB)

Feel free to tell me if I forgot to give you any information
Thank you in advance

Thierry MIJSOOT

2

You seem to have eight files in /sites-enabled/ but the one file you showed contains all seven domain names.
Please show:
grep -Eri 'servername|serveralias|geolocaliseip' /etc/apache2/

3

Hi rg305 and thank you for your answer.

Youā€™re not right about everything. I have 8 files, but there is actually 1 file for each domain name. And for the moment I donā€™t want to protect by SSL only geolocaliseip.com.
This is the result of the command line:

root@s1:~# grep -Eri 'servername|serveralias|geolocaliseip' /etc/apache2/
/etc/apache2/conf-available/fqdn.conf:ServerName localhost
/etc/apache2/sites-available/geolocalise-ip.net.host.conf:    ServerName 81.28.96.181
/etc/apache2/sites-available/geolocalise-ip.net.host.conf:    ServerName geolocation-ip.net
/etc/apache2/sites-available/geolocalise-ip.net.host.conf:    ServerName www.geolocation-ip.net
/etc/apache2/sites-available/geolocalise-ip.net.host.conf:    ServerName phpmyadmin.geolocation-ip.net
/etc/apache2/sites-available/geolocalise-ip.net.host.conf:    ServerName cms.geolocation-ip.net
/etc/apache2/sites-available/geolocalise-ip.net.host.conf:    ServerName newsletter.geolocation-ip.net
/etc/apache2/sites-available/geolocalise-ip.net.host.conf:    ServerName webmail.geolocation-ip.net
/etc/apache2/sites-available/geolocalise-ip.net.host.conf:    ServerName postfixadmin.geolocation-ip.net
/etc/apache2/sites-available/geolocaliseip.com.host.conf:    ServerName 81.28.96.181
/etc/apache2/sites-available/geolocaliseip.com.host.conf:    ErrorLog /var/log/apache2/geoipuser_geolocaliseip.com-error.log
/etc/apache2/sites-available/geolocaliseip.com.host.conf:    CustomLog /var/log/apache2/geoipuser_geolocaliseip.com-access.log combined
/etc/apache2/sites-available/geolocaliseip.com.host.conf:    ServerName geolocaliseip.com
/etc/apache2/sites-available/geolocaliseip.com.host.conf:    ErrorLog /var/log/apache2/geolocaliseip.com-error.log
/etc/apache2/sites-available/geolocaliseip.com.host.conf:    CustomLog /var/log/apache2/geolocaliseip.com-access.log combined
/etc/apache2/sites-available/geolocaliseip.com.host.conf:    ServerName www.geolocaliseip.com
/etc/apache2/sites-available/geolocaliseip.com.host.conf:    ErrorLog /var/log/apache2/geolocaliseip.com-error.log
/etc/apache2/sites-available/geolocaliseip.com.host.conf:    CustomLog /var/log/apache2/geolocaliseip.com-access.log combined
/etc/apache2/sites-available/geolocaliseip.com.host.conf:    ServerName phpmyadmin.geolocaliseip.com
/etc/apache2/sites-available/geolocaliseip.com.host.conf:    ErrorLog /var/log/apache2/phpmyadmin.geolocaliseip.com-error.log
/etc/apache2/sites-available/geolocaliseip.com.host.conf:    CustomLog /var/log/apache2/phpmyadmin.geolocaliseip.com-access.log combined
/etc/apache2/sites-available/geolocaliseip.com.host.conf:    ServerName cms.geolocaliseip.com
/etc/apache2/sites-available/geolocaliseip.com.host.conf:    ErrorLog /var/log/apache2/cms.geolocaliseip.com-error.log
/etc/apache2/sites-available/geolocaliseip.com.host.conf:    CustomLog /var/log/apache2/cms.geolocaliseip.com-access.log combined
/etc/apache2/sites-available/geolocaliseip.com.host.conf:    ServerName newsletter.geolocaliseip.com
/etc/apache2/sites-available/geolocaliseip.com.host.conf:    ErrorLog /var/log/apache2/newsletter.geolocaliseip.com-error.log
/etc/apache2/sites-available/geolocaliseip.com.host.conf:    CustomLog /var/log/apache2/newsletter.geolocaliseip.com-access.log combined
/etc/apache2/sites-available/geolocaliseip.com.host.conf:    ServerName webmail.geolocaliseip.com
/etc/apache2/sites-available/geolocaliseip.com.host.conf:    ErrorLog /var/log/apache2/webmail.geolocaliseip.com-error.log
/etc/apache2/sites-available/geolocaliseip.com.host.conf:    CustomLog /var/log/apache2/webmail.geolocaliseip.com-access.log combined
/etc/apache2/sites-available/geolocaliseip.com.host.conf:    ServerName postfixadmin.geolocaliseip.com
/etc/apache2/sites-available/geolocaliseip.com.host.conf:    ErrorLog /var/log/apache2/postfixadmin.geolocaliseip.com-error.log
/etc/apache2/sites-available/geolocaliseip.com.host.conf:    CustomLog /var/log/apache2/postfixadmin.geolocaliseip.com-access.log combined
/etc/apache2/sites-available/000-default.conf:  # The ServerName directive sets the request scheme, hostname and port that
/etc/apache2/sites-available/000-default.conf:  # redirection URLs. In the context of virtual hosts, the ServerName
/etc/apache2/sites-available/000-default.conf:  #ServerName www.example.com
/etc/apache2/sites-available/geolocaliseip.fr.host.conf:    ServerName 81.28.96.181
/etc/apache2/sites-available/geolocaliseip.fr.host.conf:    ErrorLog /var/log/apache2/geoipuser_geolocaliseip.fr-error.log
/etc/apache2/sites-available/geolocaliseip.fr.host.conf:    CustomLog /var/log/apache2/geoipuser_geolocaliseip.fr-access.log combined
/etc/apache2/sites-available/geolocaliseip.fr.host.conf:    ServerName geolocaliseip.fr
/etc/apache2/sites-available/geolocaliseip.fr.host.conf:    ErrorLog /var/log/apache2/geolocaliseip.fr-error.log
/etc/apache2/sites-available/geolocaliseip.fr.host.conf:    CustomLog /var/log/apache2/geolocaliseip.fr-access.log combined
/etc/apache2/sites-available/geolocaliseip.fr.host.conf:    ServerName www.geolocaliseip.fr
/etc/apache2/sites-available/geolocaliseip.fr.host.conf:    ErrorLog /var/log/apache2/geolocaliseip.fr-error.log
/etc/apache2/sites-available/geolocaliseip.fr.host.conf:    CustomLog /var/log/apache2/geolocaliseip.fr-access.log combined
/etc/apache2/sites-available/geolocaliseip.fr.host.conf:    ServerName phpmyadmin.geolocaliseip.fr
/etc/apache2/sites-available/geolocaliseip.fr.host.conf:    ErrorLog /var/log/apache2/phpmyadmin.geolocaliseip.fr-error.log
/etc/apache2/sites-available/geolocaliseip.fr.host.conf:    CustomLog /var/log/apache2/phpmyadmin.geolocaliseip.fr-access.log combined
/etc/apache2/sites-available/geolocaliseip.fr.host.conf:    ServerName cms.geolocaliseip.fr
/etc/apache2/sites-available/geolocaliseip.fr.host.conf:    ErrorLog /var/log/apache2/cms.geolocaliseip.fr-error.log
/etc/apache2/sites-available/geolocaliseip.fr.host.conf:    CustomLog /var/log/apache2/cms.geolocaliseip.fr-access.log combined
/etc/apache2/sites-available/geolocaliseip.fr.host.conf:    ServerName newsletter.geolocaliseip.fr
/etc/apache2/sites-available/geolocaliseip.fr.host.conf:    ErrorLog /var/log/apache2/newsletter.geolocaliseip.fr-error.log
/etc/apache2/sites-available/geolocaliseip.fr.host.conf:    CustomLog /var/log/apache2/newsletter.geolocaliseip.fr-access.log combined
/etc/apache2/sites-available/geolocaliseip.fr.host.conf:    ServerName webmail.geolocaliseip.fr
/etc/apache2/sites-available/geolocaliseip.fr.host.conf:    ErrorLog /var/log/apache2/webmail.geolocaliseip.fr-error.log
/etc/apache2/sites-available/geolocaliseip.fr.host.conf:    CustomLog /var/log/apache2/webmail.geolocaliseip.fr-access.log combined
/etc/apache2/sites-available/geolocaliseip.fr.host.conf:    ServerName postfixadmin.geolocaliseip.fr
/etc/apache2/sites-available/geolocaliseip.fr.host.conf:    ErrorLog /var/log/apache2/postfixadmin.geolocaliseip.fr-error.log
/etc/apache2/sites-available/geolocaliseip.fr.host.conf:    CustomLog /var/log/apache2/postfixadmin.geolocaliseip.fr-access.log combined
/etc/apache2/sites-available/geolocalise-ip.com.host.conf:    ServerName 81.28.96.181
/etc/apache2/sites-available/geolocalise-ip.com.host.conf:    ServerName geolocalise-ip.com
/etc/apache2/sites-available/geolocalise-ip.com.host.conf:    ServerName www.geolocalise-ip.com
/etc/apache2/sites-available/geolocalise-ip.com.host.conf:    ServerName phpmyadmin.geolocalise-ip.com
/etc/apache2/sites-available/geolocalise-ip.com.host.conf:    ServerName cms.geolocalise-ip.com
/etc/apache2/sites-available/geolocalise-ip.com.host.conf:    ServerName newsletter.geolocalise-ip.com
/etc/apache2/sites-available/geolocalise-ip.com.host.conf:    ServerName webmail.geolocalise-ip.com
/etc/apache2/sites-available/geolocalise-ip.com.host.conf:    ServerName postfixadmin.geolocalise-ip.com
/etc/apache2/sites-available/geolocation-ip.com.host.conf:    ServerName 81.28.96.181
/etc/apache2/sites-available/geolocation-ip.com.host.conf:    ServerName geolocation-ip.com
/etc/apache2/sites-available/geolocation-ip.com.host.conf:    ServerName www.geolocation-ip.com
/etc/apache2/sites-available/geolocation-ip.com.host.conf:    ServerName phpmyadmin.geolocation-ip.com
/etc/apache2/sites-available/geolocation-ip.com.host.conf:    ServerName cms.geolocation-ip.com
/etc/apache2/sites-available/geolocation-ip.com.host.conf:    ServerName newsletter.geolocation-ip.com
/etc/apache2/sites-available/geolocation-ip.com.host.conf:    ServerName webmail.geolocation-ip.com
/etc/apache2/sites-available/geolocation-ip.com.host.conf:    ServerName postfixadmin.geolocation-ip.com
/etc/apache2/sites-available/geolocation-ip.net.host.conf:    ServerName 81.28.96.181
/etc/apache2/sites-available/geolocation-ip.net.host.conf:    ServerName geolocation-ip.net
/etc/apache2/sites-available/geolocation-ip.net.host.conf:    ServerName www.geolocation-ip.net
/etc/apache2/sites-available/geolocation-ip.net.host.conf:    ServerName phpmyadmin.geolocation-ip.net
/etc/apache2/sites-available/geolocation-ip.net.host.conf:    ServerName cms.geolocation-ip.net
/etc/apache2/sites-available/geolocation-ip.net.host.conf:    ServerName newsletter.geolocation-ip.net
/etc/apache2/sites-available/geolocation-ip.net.host.conf:    ServerName webmail.geolocation-ip.net
/etc/apache2/sites-available/geolocation-ip.net.host.conf:    ServerName postfixadmin.geolocation-ip.net
/etc/apache2/sites-available/geolocaliseip.net.host.conf:    ServerName geolocaliseip.net
/etc/apache2/sites-available/geolocaliseip.net.host.conf:    ServerName www.geolocaliseip.net
/etc/apache2/sites-available/geolocaliseip.net.host.conf:    ServerName cms.geolocaliseip.net
/etc/apache2/sites-available/geolocaliseip.net.host.conf:    ServerName newsletter.geolocaliseip.net
/etc/apache2/sites-available/geolocalise-ip.fr.host.conf:    ServerName 81.28.96.181
/etc/apache2/sites-available/geolocalise-ip.fr.host.conf:    ServerName geolocalise-ip.fr
/etc/apache2/sites-available/geolocalise-ip.fr.host.conf:    ServerName www.geolocalise-ip.fr
/etc/apache2/sites-available/geolocalise-ip.fr.host.conf:    ServerName phpmyadmin.geolocalise-ip.fr
/etc/apache2/sites-available/geolocalise-ip.fr.host.conf:    ServerName cms.geolocalise-ip.fr
/etc/apache2/sites-available/geolocalise-ip.fr.host.conf:    ServerName newsletter.geolocalise-ip.fr
/etc/apache2/sites-available/geolocalise-ip.fr.host.conf:    ServerName webmail.geolocalise-ip.fr
/etc/apache2/sites-available/geolocalise-ip.fr.host.conf:    ServerName postfixadmin.geolocalise-ip.fr
/etc/apache2/mods-available/info.conf:  #  http://servername/server-info (requires that mod_info.c be loaded).
/etc/apache2/mods-available/status.conf:        # with the URL of http://servername/server-status
4

I wanted to try without the other areas, so :

root@s1:~# a2dissite geolocalise-ip.com.host.conf
Site geolocalise-ip.com.host disabled.
To activate the new configuration, you need to run:
  systemctl reload apache2
root@s1:~# a2dissite geolocalise-ip.fr.host.conf
Site geolocalise-ip.fr.host disabled.
To activate the new configuration, you need to run:
  systemctl reload apache2
root@s1:~# a2dissite geolocaliseip.fr.host.conf
Site geolocaliseip.fr.host disabled.
To activate the new configuration, you need to run:
  systemctl reload apache2
root@s1:~# a2dissite geolocalise-ip.net.host.conf
Site geolocalise-ip.net.host disabled.
To activate the new configuration, you need to run:
  systemctl reload apache2
root@s1:~# a2dissite geolocaliseip.net.host.conf
Site geolocaliseip.net.host disabled.
To activate the new configuration, you need to run:
  systemctl reload apache2
root@s1:~# a2dissite geolocation-ip.com.host.conf
Site geolocation-ip.com.host disabled.
To activate the new configuration, you need to run:
  systemctl reload apache2
root@s1:~# a2dissite geolocation-ip.net.host.conf
Site geolocation-ip.net.host disabled.
To activate the new configuration, you need to run:
  systemctl reload apache2
root@s1:~# ls -l /etc/apache2/sites-enabled/
total 0
lrwxrwxrwx 1 root root 46 oct.  10 11:52 geolocaliseip.com.host.conf -> ../sites-available/geolocaliseip.com.host.conf

So i restart Apache and iā€™ve revoked the certificate and i clean the log

root@s1:~# systemctl reload apache2
root@s1:~# certbot revoke --cert-path /etc/letsencrypt/archive/geolocaliseip.com/cert1.pem
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you like to delete the cert(s) you just revoked?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es (recommended)/(N)o: Y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Deleted all files relating to certificate geolocaliseip.com.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully revoked the certificate that was located
at /etc/letsencrypt/archive/geolocaliseip.com/cert1.pem

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
root@s1:~# > /var/log/letsencrypt/letsencrypt.log

And i try again to renew the operation, but ā€¦

root@s1:~# certbot --authenticator standalone --installer apache -d geolocaliseip.com -d www.geolocaliseip.com -d cms.geolocaliseip.com -d newsletter.geolocaliseip.com -d phpmyadmin.geolocaliseip.com -d postfixadmin.geolocaliseip.com -d webmail.geolocaliseip.com --pre-hook "service apache2 stop" --post-hook "service apache2 start"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer apache
Running pre-hook command: service apache2 stop
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for cms.geolocaliseip.com
http-01 challenge for geolocaliseip.com
http-01 challenge for newsletter.geolocaliseip.com
http-01 challenge for phpmyadmin.geolocaliseip.com
http-01 challenge for postfixadmin.geolocaliseip.com
http-01 challenge for webmail.geolocaliseip.com
http-01 challenge for www.geolocaliseip.com
Waiting for verification...
Cleaning up challenges
Running post-hook command: service apache2 start
An unexpected error occurred:
There were too many requests of a given type :: Error finalizing order :: too many certificates already issued for exact set of domains: cms.geolocaliseip.com,geolocaliseip.com,newsletter.geolocaliseip.com,phpmyadmin.geolocaliseip.com,postfixadmin.geolocaliseip.com,webmail.geolocaliseip.com,www.geolocaliseip.com: see https://letsencrypt.org/docs/rate-limits/
Please see the logfiles in /var/log/letsencrypt for more details.

Can this limit be unlocked in an exceptional way?

Thanks

5

You seem to have similar names in multiple files:

geolocalise-ip.net.host.conf: ServerName cms.geolocation-ip.net
geolocalise-ip.net.host.conf: ServerName geolocation-ip.net
geolocalise-ip.net.host.conf: ServerName newsletter.geolocation-ip.net
geolocalise-ip.net.host.conf: ServerName phpmyadmin.geolocation-ip.net
geolocalise-ip.net.host.conf: ServerName postfixadmin.geolocation-ip.net
geolocalise-ip.net.host.conf: ServerName webmail.geolocation-ip.net
geolocalise-ip.net.host.conf: ServerName www.geolocation-ip.net

geolocation-ip.net.host.conf: ServerName cms.geolocation-ip.net
geolocation-ip.net.host.conf: ServerName geolocation-ip.net
geolocation-ip.net.host.conf: ServerName newsletter.geolocation-ip.net
geolocation-ip.net.host.conf: ServerName phpmyadmin.geolocation-ip.net
geolocation-ip.net.host.conf: ServerName postfixadmin.geolocation-ip.net
geolocation-ip.net.host.conf: ServerName webmail.geolocation-ip.net
geolocation-ip.net.host.conf: ServerName www.geolocation-ip.net

1 Like
6

You already had the cert, you should not have deleted it (over and over again: crt.sh | geolocaliseip.com)

Only time can fix this.

1 Like
7

Indeed, I have duplicatesā€¦ Iā€™m sorry I didnā€™t explore this possibility because I thought these domain names were not concernedā€¦
Iā€™m very sorry, but Apache didnā€™t give any mistakes so I didnā€™t pay attention.
I just corrected it, thank you.

And for the renewal, I didnā€™t know there was a limit (now itā€™s done, I read it well: https://letsencrypt.org/docs/rate-limits/), and especially I didnā€™t see how to replay the scenario for the automatic generation of Virtualhosts.

In short, I thank you very much, and I will wait patiently next Wednesday to renew the operation and I will come back here to say if it worked!

Thanks again
Thierry

8

Please check to see if you still have any of the recently issued certs:
certbot certificates
ls -l /etc/letsencrypt/live/
ls -l /etc/letsencrypt/archive/

1 Like
9

No i have nothing ā€¦ Because i used

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you like to delete the cert(s) you just revoked?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es (recommended)/(N)o: Y 


root@s1:~# ls -l /etc/letsencrypt/live/
total 0
root@s1:~# ls -l /etc/letsencrypt/archive/
total 0

I thought about it for a momentā€¦ but noā€¦ :cry:

10

You can wait a few days or you can also separate the single request for 6 names into multiple requests for less names on each request and possibly get those certs right away.

Try just two names:
certbot --authenticator standalone --installer apache -d geolocaliseip.com -d www.geolocaliseip.com --pre-hook ā€œservice apache2 stopā€ --post-hook ā€œservice apache2 startā€

1 Like
11

Ah, thatā€™s a good idea!
I tried removing cms.geolocaliseip.com and newsletter.geolocaliseip.com (i donā€™t use them right away), but unfortunately it doesnā€™t workā€¦

root@s1:~# certbot --authenticator standalone --installer apache -d geolocaliseip.com -d www.geolocaliseip.com -d phpmyadmin.geolocaliseip.com -d postfixadmin.geolocaliseip.com -d webmail.geolocaliseip.com --pre-hook "service apache2 stop" --post-hook "service apache2 start"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer apache
Running pre-hook command: service apache2 stop
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for geolocaliseip.com
http-01 challenge for phpmyadmin.geolocaliseip.com
http-01 challenge for postfixadmin.geolocaliseip.com
http-01 challenge for webmail.geolocaliseip.com
http-01 challenge for www.geolocaliseip.com
Waiting for verification...
Cleaning up challenges
Running post-hook command: service apache2 start
Could not reverse map the HTTPS VirtualHost to the original

IMPORTANT NOTES:
 - Unable to install the certificate
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/geolocaliseip.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/geolocaliseip.com/privkey.pem
   Your cert will expire on 2019-01-16. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"

And in the log the same problem :

2018-10-18 14:54:20,248:DEBUG:certbot.reporter:Reporting to user: Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/geolocaliseip.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/geolocaliseip.com/privkey.pem
Your cert will expire on 2019-01-16. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew"
2018-10-18 14:54:20,281:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 497, in deploy_certificate
    fullchain_path=fullchain_path)
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 304, in deploy_cert
    vhosts = self.choose_vhosts(domain)
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 328, in choose_vhosts
    return [self.choose_vhost(domain, create_if_no_ssl)]
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 510, in choose_vhost
    vhost = self.make_vhost_ssl(vhost)
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 1108, in make_vhost_ssl
    "Could not reverse map the HTTPS VirtualHost to the original")
certbot.errors.PluginError: Could not reverse map the HTTPS VirtualHost to the original

2018-10-18 14:54:20,282:DEBUG:certbot.error_handler:Calling registered functions
2018-10-18 14:54:20,285:DEBUG:certbot.reporter:Reporting to user: Unable to install the certificate
2018-10-18 14:54:20,285:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.26.1', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1364, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1131, in run
    _install_cert(config, le_client, domains, new_lineage)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 772, in _install_cert
    path_provider.cert_path, path_provider.chain_path, path_provider.fullchain_path)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 497, in deploy_certificate
    fullchain_path=fullchain_path)
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 304, in deploy_cert
    vhosts = self.choose_vhosts(domain)
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 328, in choose_vhosts
    return [self.choose_vhost(domain, create_if_no_ssl)]
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 510, in choose_vhost
    vhost = self.make_vhost_ssl(vhost)
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 1108, in make_vhost_ssl
    "Could not reverse map the HTTPS VirtualHost to the original")
certbot.errors.PluginError: Could not reverse map the HTTPS VirtualHost to the original

I have :
root@s1:~# ls -l /etc/apache2/sites-enabled/
total 0
lrwxrwxrwx 1 root root 46 oct. 10 11:52 geolocaliseip.com.host.conf -> ā€¦/sites-available/geolocaliseip.com.host.conf

Thatā€™s too bad itā€™s not that.

12

Please show:
grep ':443' /etc/apache2/

Also, is there a reason why you stop/start the apache web server (and run a new standalone server) to do the authentication? (that is not the preferred method)
Ideally, you would only restart the web server when a certificate is updated/renewed. And most of the daily renewal attempts would have no effect at all.

13

Certainly, I keep this from an old version because there was an incompatibility: Solution: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA

Otherwise here is the result :

root@s1:~# grep -r ā€˜:443ā€™ /etc/apache2/
/etc/apache2/sites-available/default-ssl.conf: VirtualHost default:443

14

Hello, everyone,
Does anyone have any ideas?
For information I created the virtualhosts manually to be able to progress on the rest of the installation, but I would really like to understand where the problem comes from.

Thank you in advance for any idea

15

Please show all files in use:
ls -l /etc/apache2/sites-enabled/

16

Hi rg305, sorry for the wait ā€¦

The result :
root@s1:~# ls -l /etc/apache2/sites-enabled/
total 0
lrwxrwxrwx 1 root root 46 oct. 10 11:52 geolocaliseip.com.host.conf -> ā€¦/sites-available/geolocaliseip.com.host.conf
lrwxrwxrwx 1 root root 53 oct. 18 16:21 geolocaliseip.com.host-le-ssl.conf -> ā€¦/sites-available/geolocaliseip.com.host-le-ssl.conf

But itā€™s me that I created file geolocaliseip.com.host-le-ssl.conf.txt (4.6 KB)

And thereā€™s nothing else ā€¦

17

The uploaded file shows 7 vhosts that all share the same certificate.
The first two even share the same DocumentRoot - they can easily be combined.
As for the other 5ā€¦
I think you may do better by separating the vhosts into individual files or maybe also using individual certs.
Something is confusing the systemā€¦
Most likely that confusion stems from all vhosts being in one IFMODULE block:
<IfModule mod_ssl.c>
[vhost config #1]
[vhost config #2]
ā€¦
[vhost config #7]
</IfModule>

So, I would first try separating each vhost into itsā€™ own file:

File #1:
<IfModule mod_ssl.c>
[vhost config #1]
</IfModule>

File #2:
<IfModule mod_ssl.c>
[vhost config #2]
</IfModule>
ā€¦
File #7:
<IfModule mod_ssl.c>
[vhost config #7]
</IfModule>

OR
Try temporaily removing the IFMODULE block - since you know you are using it.
Just change those two lines to:
#<IfModule mod_ssl.c>
#</IfModule>

18

Hi rg305, thank you for your answer. However, I sincerely think that the problem doesnā€™t come from that or itā€™s a new Bug. I say this because I use this kind of configuration on almost all my servers and Iā€™ve done 4 recently and they all workā€¦
These are sub-domains so in principle they are managed in the same file.

19

I have simmilar issue after upgrading from 14.04 to 18.04
certbot stopped creating ssl vhost files with

Could not reverse map the HTTPS VirtualHost to the original

20

This is probably either Ubuntu, or Apache, has been upgraded and now is handling the default, or all, vhosts in a slightly different manner - one in which certbot canā€™t ā€œunderstandā€.
Iā€™m thinking Apache has replaced the default Apache conf and it no longer makes ā€œsenseā€.
If you have anyway to compare the before conf to the current conf, you may find the trouble their.
Otherwise, I would try removing the <IfModule mod_ssl.c> block wrapper.
And also look for any overlapping vhost names:
grep -Eri 'servername|serveralias' /etc/apache2/