Deploying certificate but Could not install certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: hemovigilancia.ar

I ran this command: certbot

It produced this output:
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/hemovigilancia.ar/fullchain.pem
Key is saved at: /etc/letsencrypt/live/hemovigilancia.ar/privkey.pem
This certificate expires on 2024-12-16.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Could not install certificate
An unexpected error occurred:
StopIteration

My web server is (include version):
Server version: Apache/2.4.62 (Debian)
Server built: 2024-08-15T01:18:37

The operating system my web server runs on is (include version):
PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
NAME="Debian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=debian

My hosting provider, if applicable, is: Hostinger VPS

I can login to a root shell on my machine (yes or no, or I don't know): YES

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.11.0

Be fore i create this topic , find solution, but the sugest are with server ngix but i have apache2.
My english is not good, when you're respond to me , i translate with google the answer.
thanks so much

1 Like

Hello @ggomez, welcome to the Let's Encrypt community. :slightly_smiling_face:

Investigation information: here is a list of issued certificates crt.sh | hemovigilancia.ar
The certificate issued to day, crt.sh | 14587705424, is for the domain name hemovigilancia.ar,
previous issued certificates were for www.hemovigilancia.ar;
one even for both hemovigilancia.ar and www.hemovigilancia.ar

Edit
Also the presently being served certificate, https://decoder.link/sslchecker/hemovigilancia.ar/443, is for hemotrans.com.ar. crt.sh | 14108049833

4 Likes

Please show the output of:
sudo apachectl -t -D DUMP_VHOSTS

3 Likes

ok, the ouput is
sudo apachectl -t -D DUMP_VHOSTS
VirtualHost configuration:
*:443 is a NameVirtualHost
default server hemotrans.com.ar (/etc/apache2/sites-enabled/01-hemotrans-le-ssl.conf:2)
port 443 namevhost hemotrans.com.ar (/etc/apache2/sites-enabled/01-hemotrans-le-ssl.conf:2)
alias www.hemotrans.com.ar
port 443 namevhost api.hemotrans.com.ar (/etc/apache2/sites-enabled/03-apis-le-ssl.conf:2)
port 443 namevhost asoc.hemotrans.com.ar (/etc/apache2/sites-enabled/09-apis-asoc-le-ssl.conf:2)
*:80 is a NameVirtualHost
default server localhost (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost localhost (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost hemotrans.com.ar (/etc/apache2/sites-enabled/01-hemotrans.conf:1)
alias www.hemotrans.com.ar
port 80 namevhost hemotransweb.com.ar (/etc/apache2/sites-enabled/02-hemotransweb.conf:1)
alias www.hemotransweb.com.ar
port 80 namevhost api.hemotrans.com.ar (/etc/apache2/sites-enabled/03-apis.conf:1)
port 80 namevhost hemovigilancia.ar (/etc/apache2/sites-enabled/04-hemovigilancia.conf:1)
alias www.hemovigilancia.ar
port 80 namevhost asoc.hemotrans.com.ar (/etc/apache2/sites-enabled/09-apis-asoc.conf:1)

/etc/apache2/sites-available# ls -al
total 140
drwxr-xr-x 2 root root 4096 Sep 17 17:19 .
drwxr-xr-x 9 root root 4096 Sep 17 17:19 ..
-rw-r--r-- 1 root root 1560 Feb 12 2024 000-default.conf
-rw-r--r-- 1 root root 732 Apr 10 18:07 01-hemotrans-le-ssl.conf
-rw-r--r-- 1 root root 691 Feb 22 2024 01-hemotrans.conf
-rw-r--r-- 1 root root 833 Jun 5 19:28 02-hemotransweb.conf
-rw-r--r-- 1 root root 330 Feb 11 2024 02-prod.bkp
-rw-r--r-- 1 root root 606 Feb 22 2024 03-apis-le-ssl.conf
-rw-r--r-- 1 root root 507 Feb 22 2024 03-apis.conf
-rw-r--r-- 1 root root 770 Apr 14 01:04 04-hemovigilancia-le-ssl.conf
-rw-r--r-- 1 root root 764 Apr 13 22:43 04-hemovigilancia.conf
-rw-r--r-- 1 root root 609 Feb 22 2024 09-apis-asoc-le-ssl.conf
-rw-r--r-- 1 root root 509 Feb 22 2024 09-apis-asoc.conf

It looks like you have a VirtualHost for HTTPS in sites-available. But, it is not active in sites-enabled because we do not see it under port 443 in your DUMP_VHOSTS output

Would you show us?

ls -l /etc/apache2/sites-enabled

And the contents of 04-hemovigilancia-le-ssl.conf

2 Likes

Hi Mike McQ
Sorry for the late reply, I've had some health issues.
ls -l /etc/apache2/sites-enabled

total 0
lrwxrwxrwx 1 root root 35 Jun 20  2023 000-default.conf -> ../sites-available/000-default.conf
lrwxrwxrwx 1 root root 53 Feb 22  2024 01-hemotrans-le-ssl.conf -> /etc/apache2/sites-available/01-hemotrans-le-ssl.conf
lrwxrwxrwx 1 root root 36 Feb 11  2024 01-hemotrans.conf -> ../sites-available/01-hemotrans.conf
lrwxrwxrwx 1 root root 39 Jun  5 19:29 02-hemotransweb.conf -> ../sites-available/02-hemotransweb.conf
lrwxrwxrwx 1 root root 31 Feb 11  2024 02-prod.conf -> ../sites-available/02-prod.conf
lrwxrwxrwx 1 root root 48 Feb 22  2024 03-apis-le-ssl.conf -> /etc/apache2/sites-available/03-apis-le-ssl.conf
lrwxrwxrwx 1 root root 31 Feb 11  2024 03-apis.conf -> ../sites-available/03-apis.conf
lrwxrwxrwx 1 root root 41 Feb 11  2024 04-hemovigilancia.conf -> ../sites-available/04-hemovigilancia.conf
lrwxrwxrwx 1 root root 53 Feb 22  2024 09-apis-asoc-le-ssl.conf -> /etc/apache2/sites-available/09-apis-asoc-le-ssl.conf
lrwxrwxrwx 1 root root 

cat 04-hemovigilancia-le-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin webmaster@hemotrans.com.ar
        ServerName hemovigilancia.com.ar
        ServerAlias www.hemovigilancia.com.ar
        DocumentRoot /var/www/html/hemovigilancia/

        <Directory /var/www/html/hemovigilancia/>
                Options Indexes FollowSymLinks
                AllowOverride All
                Require all granted
        </Directory>
        # Especificar el tipo MIME para archivos JavaScript
        <Files "*.js">
                AddType text/javascript .js
        </Files>


        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined


Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/www.hemovigilancia.com.ar/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.hemovigilancia.com.ar/privkey.pem
</VirtualHost>
</IfModule>

i belive, i found an problem.
in the file 04-hemovigilancia-le-ssl.conf, the server name is hemovigilancia.com.ar but mast to be hemovigilancia.ar

1 Like

I am sorry to hear that. Hope things are better.

Did changing those names fix the problem?

If not please show output of this again.

sudo apachectl -t -D DUMP_VHOSTS
2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

I re-opened this thread. The OP DM'd me they were away for personal reasons but wanted to resume getting this fixed. I thought it easier to continue in this prior thread.

Below is the info @ggomez provided in the DM

=================================================

I managed to make the corrections you were indicating to me but I still have the error, the last indication you gave me was to run the command "apachectl -t -D DUMP_VHOSTS" which gave this output: apachectl -t -D DUMP_VHOSTS

VirtualHost configuration:
*:443 is a NameVirtualHost
default server hemotrans.com.ar (/etc/apache2/sites-enabled/01-hemotrans-le-ssl.conf:2)
port 443 namevhost hemotrans.com.ar (/etc/apache2/sites-enabled/01-hemotrans-le-ssl.conf:2)
alias www.hemotrans.com.ar
port 443 namevhost api.hemotrans.com.ar (/etc/apache2/sites-enabled/03-apis-le-ssl.conf:2)
port 443 namevhost asoc.hemotrans.com.ar (/etc/apache2/sites-enabled/09-apis-asoc-le-ssl.conf:2)
*:80 is a NameVirtualHost
default server localhost (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost localhost (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost hemotrans.com.ar (/etc/apache2/sites-enabled/01-hemotrans.conf:1)
alias www.hemotrans.com.ar
port 80 namevhost hemotransweb.com.ar (/etc/apache2/sites-enabled/02-hemotransweb.conf:1)
alias www.hemotransweb.com.ar
port 80 namevhost api.hemotrans.com.ar (/etc/apache2/sites-enabled/03-apis.conf:1)
port 80 namevhost hemovigilancia.ar (/etc/apache2/sites-enabled/04-hemovigilancia.conf:1)
alias www.hemovigilancia.ar
port 80 namevhost asoc.hemotrans.com.ar (/etc/apache2/sites-enabled/09-apis-asoc.conf:1)

Thank you so much for all the help you've given me so far

1 Like

Which directory is that file in? Because I don't see hemovigilancia.ar in your latest DUMP_VHOSTS output in port 443 section.

1 Like

It seems to me that there is a lack of symbolic link
/sites-available# ls -al
total 140
drwxr-xr-x 2 root root 4096 Jan 9 17:06 .
drwxr-xr-x 9 root root 4096 Jan 9 16:45 ..
-rw-r--r-- 1 root root 1560 Feb 12 2024 000-default.conf
-rw-r--r-- 1 root root 732 Apr 10 2024 01-hemotrans-le-ssl.conf
-rw-r--r-- 1 root root 691 Feb 22 2024 01-hemotrans.conf
-rw-r--r-- 1 root root 833 Jun 5 2024 02-hemotransweb.conf
-rw-r--r-- 1 root root 330 Feb 11 2024 02-prod.bkp
-rw-r--r-- 1 root root 606 Feb 22 2024 03-apis-le-ssl.conf
-rw-r--r-- 1 root root 507 Feb 22 2024 03-apis.conf
-rw-r--r-- 1 root root 945 Jan 9 16:40 04-hemovigilancia-le-ssl.conf
-rw-r--r-- 1 root root 764 Apr 13 2024 04-hemovigilancia.conf
-rw-r--r-- 1 root root 609 Feb 22 2024 09-apis-asoc-le-ssl.conf
-rw-r--r-- 1 root root 509 Feb 22 2024 09-apis-asoc.conf
-rw-r--r-- 1 root root 623 Feb 14 2024 10-desa.conf
-rw-r--r-- 1 root root 1133 Feb 9 2024 apis.bkp
-rw-r--r-- 1 root root 6342 Feb 10 2024 default-ssl.conf
-rw-r--r-- 1 root root 327 Aug 13 2023 hemo.bkp
-rw-r--r-- 1 root root 71 Feb 18 2024 well-known

root@hemotrans:/etc/apache2/sites-enabled# ls -la
total 8
drwxr-xr-x 2 root root 4096 Jun 5 2024 .
drwxr-xr-x 9 root root 4096 Jan 9 16:45 ..
lrwxrwxrwx 1 root root 35 Jun 20 2023 000-default.conf -> ../sites-available/000-default.conf
lrwxrwxrwx 1 root root 53 Feb 22 2024 01-hemotrans-le-ssl.conf -> /etc/apache2/sites-available/01-hemotrans-le-ssl.conf
lrwxrwxrwx 1 root root 36 Feb 11 2024 01-hemotrans.conf -> ../sites-available/01-hemotrans.conf
lrwxrwxrwx 1 root root 39 Jun 5 2024 02-hemotransweb.conf -> ../sites-available/02-hemotransweb.conf
lrwxrwxrwx 1 root root 31 Feb 11 2024 02-prod.conf -> ../sites-available/02-prod.conf
lrwxrwxrwx 1 root root 48 Feb 22 2024 03-apis-le-ssl.conf -> /etc/apache2/sites-available/03-apis-le-ssl.conf
lrwxrwxrwx 1 root root 31 Feb 11 2024 03-apis.conf -> ../sites-available/03-apis.conf
lrwxrwxrwx 1 root root 41 Feb 11 2024 04-hemovigilancia.conf -> ../sites-available/04-hemovigilancia.conf
lrwxrwxrwx 1 root root 53 Feb 22 2024 09-apis-asoc-le-ssl.conf -> /etc/apache2/sites-available/09-apis-asoc-le-ssl.conf
lrwxrwxrwx 1 root root 36 Feb 19 2024 09-apis-asoc.conf -> ../sites-available/09-apis-asoc.conf

You can use commands a2ensite and a2dissite to create and remove symlinks. After running a2ensite re-run the DUMP_VHOSTS to make sure it looks correct. Then let us know if there are any problems.

https://manpages.debian.org/bullseye/apache2/a2ensite.8.en.html

1 Like

Thanks, I ran the command A2ensite 04-hemovigilance-le-ssl.conf and systemctl reload apache2, then I was able to install the certificate.
Deploying certificate
Successfully deployed certificate for hemovigilancia.ar to /etc/apache2/sites-enabled/04-hemovigilancia-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://hemovigilancia.ar

1 Like

Terrific. Looks good here too: SSL Server Test: hemovigilancia.ar (Powered by Qualys SSL Labs)

If you no longer use hemotransweb.com.ar you could remove that from your active VHosts with a2dissite. It is not required. I just noticed that you have one for port 80 and not for port 443.

2 Likes