Deleted older GIT letsencrypt now Apache will not start


#1

Early in the year I setup letsencrypt from GIT. It never updated automatically. At the time there was no apt package for Debian Jessie but since there is now I decided to remove letsencrypt and reinstall from apt-get. I followed the instructions from the forum as follows:

"Warning: This will delete ALL certificates (including private keys), account keys, renewal configuration and log files. Don’t run this unless you have a good reason to!
You might also be interested in the config_changes or rollback subcommands for the apache plugin, allowing you to view or revert changes made to your apache configuration.

Off the top of my head, this should remove any traces:

rm -rf /path/to/your/git/clone/directory
rm -rf ~/.local/share/letsencrypt
rm -rf /etc/letsencrypt
rm -rf /var/log/letsencrypt
rm -rf /var/lib/letsencrypt
(Let me know if I missed anything!)"

After removing I installed letsencrypt from apt-get and now apache will not start. I get the following error when I try to start apache:

root@LinuxServer:/etc/letsencrypt/live# service apache2 start
Job for apache2.service failed. See ‘systemctl status apache2.service’ and ‘journalctl -xn’ for details.
root@LinuxServer:/etc/letsencrypt/live# journalctl -xn
– Logs begin at Fri 2016-10-21 18:00:36 EDT, end at Wed 2016-11-09 19:18:37 EST. –
Nov 09 19:18:37 LinuxServer systemd[1]: Starting LSB: Apache2 web server…
– Subject: Unit apache2.service has begun with start-up
– Defined-By: systemd
– Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

– Unit apache2.service has begun starting up.
Nov 09 19:18:37 LinuxServer apache2[25571]: Starting web server: apache2 failed!
Nov 09 19:18:37 LinuxServer apache2[25571]: The apache2 configtest failed. … (warning).
Nov 09 19:18:37 LinuxServer apache2[25571]: Output of config test was:
Nov 09 19:18:37 LinuxServer apache2[25571]: apache2: Syntax error on line 140 of /etc/apache2/apache2.conf: Syntax error on line 1 of /etc/apache2/mods-enabled/php5.load: Cannot load /usr/lib/a
Nov 09 19:18:37 LinuxServer apache2[25571]: Action ‘configtest’ failed.
Nov 09 19:18:37 LinuxServer apache2[25571]: The Apache error log may have more information.
Nov 09 19:18:37 LinuxServer systemd[1]: apache2.service: control process exited, code=exited status=1
Nov 09 19:18:37 LinuxServer systemd[1]: Failed to start LSB: Apache2 web server.
– Subject: Unit apache2.service has failed
– Defined-By: systemd
– Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

– Unit apache2.service has failed.

– The result is failed.
Nov 09 19:18:37 LinuxServer systemd[1]: Unit apache2.service entered failed state.

I am not an expert with using Linux so any concise help would be greatly appreciated.

Thanks…
Dave

I am still in a but of a quandary as to how I can fix my issue. Since my config is looking for nonexistent certs now and apache2 will not start thus letsencrypt can’t get to the requested domains and a new replacement cert will not be delivered I feel that I am between a rock and a hard place. I know that the fact that I am an amateur and need something like “configuring apache for dummies” is not getting me to a solution quick. If anyone can point me as to how I can get my server started to offer letsencrypt the domains I’d be very grateful.


#2

Like the output says, check the apache error log to get more detailed information. It’s possible that your configuration is pointing to the deleted certificates or other files that are now missing.


#3

Yeah, the most likely reason is that Apache was configured with a certificate in /etc/letsencrypt/live which was deleted when you did the rm -rf on that directory. That doesn’t mean the instructions were wrong, but they don’t cover removing certificates from a web server config, so the web server config may continue to refer to certificates that you no longer have.

If you used the default Apache support in the letsencrypt client, you might simply have a file like

/etc/apache2/sites-available/something-le-ssl.conf
and a symbolic link to it from
/etc/apache2/sites-enabled/something-le-ssl.conf

(where something is based on the name of the unencrypted version of the site) that you could remove and then no longer have any references to the HTTPS version of your site using your old Let’s Encrypt cert.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.