Coundn't create SSL when I setup Sites-enabled as symlink from /opt/


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: parthi.planetchennai.com

I ran this command: certbot --apache --redirect --renew-by-default -d parthi.planetchennai.com

It produced this output: Created an SSL vhost at /opt/sites-enabled/parthi-le-ssl.conf

Deploying Certificate to VirtualHost /opt/sites-enabled/parthi-le-ssl.conf

Could not symlink /etc/apache2/sites-enabled/parthi-le-ssl.conf to /opt/sites-enabled/parthi-le-ssl.conf, got error: File exists

File:

  • Could not be found to be deleted /etc/apache2/sites-enabled/parthi-le-ssl.conf - Certbot probably shut down unexpectedly

Encountered error while trying to enable a newly created VirtualHost located at /opt/sites-enabled/parthi-le-ssl.conf by linking to it from /etc/apache2/sites-enabled/parthi-le-ssl.conf

My web server is (include version): Apache/2.4.18 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 16.04.5 LTS

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no


#2

Lets compare:
ls -l /etc/apache2/sites-enabled/
ls -l /opt/sites-enabled/

and also show:
/etc/apache2/apache2.conf

and maybe try it with sudo:
sudo certbot --apache --redirect --renew-by-default -d parthi.planetchennai.com


#3

root@ip-172-31-5-39:/etc/apache2# ls -l /etc/apache2/sites-enabled/
total 20
-rwxr-xr-x 1 root root 1466 Nov 10 17:08 000-default.conf
lrwxrwxrwx 1 root root 52 Nov 10 17:08 000-default-le-ssl.conf -> /etc/apache2/sites-available/000-default-le-ssl.conf
-rwxr-xr-x 1 root root 897 Oct 24 09:31 parthe.conf
-rwxr-xr-x 1 root root 897 Nov 10 17:08 parthee.conf
-rwxr-xr-x 1 root root 897 Nov 10 17:08 parthi.conf
-rwxr-xr-x 1 root root 988 Nov 10 17:08 sreesaai.conf
-rwxr-xr-x 1 root root 0 Nov 10 17:08 test
root@ip-172-31-5-39:/etc/apache2# ls -l /opt/sites-enabled/
total 20
-rwxr-xr-x 1 root root 1466 Nov 10 17:08 000-default.conf
lrwxrwxrwx 1 root root 52 Nov 10 17:08 000-default-le-ssl.conf -> /etc/apache2/sites-available/000-default-le-ssl.conf
-rwxr-xr-x 1 root root 897 Oct 24 09:31 parthe.conf
-rwxr-xr-x 1 root root 897 Nov 10 17:08 parthee.conf
-rwxr-xr-x 1 root root 897 Nov 10 17:08 parthi.conf
-rwxr-xr-x 1 root root 988 Nov 10 17:08 sreesaai.conf
-rwxr-xr-x 1 root root 0 Nov 10 17:08 test

here is the result for ls -lh for both path… still it gives the error message.

"

root@ip-172-31-5-39:/etc/apache2# sudo certbot --apache --redirect --renew-by-default -d parthi.planetchennai.com
sudo: unable to resolve host ip-172-31-5-39
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for parthi.planetchennai.com
Waiting for verification…
Cleaning up challenges
Created an SSL vhost at /opt/sites-enabled/parthi-le-ssl.conf
Deploying Certificate to VirtualHost /opt/sites-enabled/parthi-le-ssl.conf
Could not symlink /etc/apache2/sites-enabled/parthi-le-ssl.conf to /opt/sites-enabled/parthi-le-ssl.conf, got error: File exists
File:

  • Could not be found to be deleted /etc/apache2/sites-enabled/parthi-le-ssl.conf - Certbot probably shut down unexpectedly
    Encountered error while trying to enable a newly created VirtualHost located at /opt/sites-enabled/parthi-le-ssl.conf by linking to it from /etc/apache2/sites-enabled/parthi-le-ssl.conf

IMPORTANT NOTES:

  • Unable to install the certificate
  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/parthi.planetchennai.com/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/parthi.planetchennai.com/privkey.pem
    Your cert will expire on 2019-02-08. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot again
    with the “certonly” option. To non-interactively renew all of
    your certificates, run “certbot renew”
  • Some rewrite rules copied from
    /etc/apache2/sites-enabled/parthi.conf were disabled in the vhost
    for your HTTPS site located at
    /opt/sites-enabled/parthi-le-ssl.conf because they have the
    potential to create redirection loops. "

#4

Hi @sparthe123

you have one certificate created today:

https://transparencyreport.google.com/https/certificates/YDyIG4fVF7Ljiylyjc9Ex30jyKQLeoG2DqfgBTo7b%2BE%3D

So this part works.

Checking

https://parthi.planetchennai.com/

via browser: SSL_ERROR_BAD_CERT_DOMAIN, the certificate has the name sreesaaiandco.in.

Is this your domain? Perhaps this is the default ssl vHost. So what’s the content of

/opt/sites-enabled/parthi-le-ssl.conf

So check if you can manual add something like

<VirtualHost *:443>
    ServerName www.example.com
    SSLEngine on
    SSLCertificateFile "/path/to/www.example.com.cert"
    SSLCertificateKeyFile "/path/to/www.example.com.key"
</VirtualHost>

https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html

with your two files

Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/parthi.planetchennai.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/parthi.planetchennai.com/privkey.pem