Domain is inaccessible after a revoke


#1

My domain is: rinex.org.rw

I ran this command: certbot revoke --cert-path /etc/letsencrypt/archive/rinex.org.rw/cert1.pem

It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log


Would you like to delete the cert(s) you just revoked?


(Y)es (recommended)/(N)o: Y


Deleted all files relating to certificate rinex.org.rw.



Congratulations! You have successfully revoked the certificate that was located

at /etc/letsencrypt/archive/rinex.org.rw/cert1.pem

My web server is (include version): apache

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

i can not install certbot again, it gives this error:
certbot --apache -d rinex.org.rw

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Error while running apache2ctl configtest.

Action ‘configtest’ failed.

The Apache error log may have more information.

AH00526: Syntax error on line 46 of /etc/apache2/sites-enabled/rinex.org.rw-le-ssl.conf:

SSLCertificateFile: file ‘/etc/letsencrypt/live/rinex.org.rw/cert.pem’ does not exist or is empty

The apache plugin is not working; there may be problems with your existing configuration.

The error was: MisconfigurationError(“Error while running apache2ctl configtest.\nAction ‘configtest’ failed.\nThe Apache error log may have more information.\n\nAH00526: Syntax error on line 46 of /etc/apache2/sites-enabled/rinex.org.rw-le-ssl.conf:\nSSLCertificateFile: file ‘/etc/letsencrypt/live/rinex.org.rw/cert.pem’ does not exist or is empty\n”,)

and apache logs shows this
[Thu Aug 30 14:11:09.719352 2018] [ssl:emerg] [pid 5067] AH02240: Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)

[Thu Aug 30 14:11:09.719534 2018] [ssl:emerg] [pid 5067] AH02312: Fatal error initialising mod_ssl, exiting.

[Thu Aug 30 14:11:09.988332 2018] [ssl:emerg] [pid 5074] AH02240: Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)

[Thu Aug 30 14:11:09.988506 2018] [ssl:emerg] [pid 5074] AH02312: Fatal error initialising mod_ssl, exiting.


#2

When you revoked the certificate and told Certbot to delete it, you removed files that Apache is expecting to be there. You’ll need to go into your Apache configs and remove the lines referencing your now-deleted certificate.

In the future, I’d recommend not deleting the certificate until you get a new one to take its place. Or, really, just force renewing it to overwrite instead of deleting. That option is more geared for situations in which you no longer own/control that domain name.


#3

Jared Thanks for the reply, actually i did i an error by deleting, which is not the best option.
i commented below lines under /etc/apache2/sites-enabled/rinex.org.rw.conf

RewriteEngine on
RewriteCond %{SERVER_NAME} =rinex.org.rw [OR]
RewriteCond %{SERVER_NAME} =www.rinex.org.rw
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

and also commented below lines
#Include /etc/letsencrypt/options-ssl-apache.conf
#SSLCertificateFile /etc/letsencrypt/live/rinex.org.rw/cert.pem
#SSLCertificateKeyFile /etc/letsencrypt/live/rinex.org.rw/privkey.pem
#SSLCertificateChainFile /etc/letsencrypt/live/rinex.org.rw/chain.pem

but still apache2 failed to start with same log errors

tail -f /var/log/apache2/error.log

[Thu Aug 30 14:11:09.988332 2018] [ssl:emerg] [pid 5074] AH02240: Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)

[Thu Aug 30 14:11:09.988506 2018] [ssl:emerg] [pid 5074] AH02312: Fatal error initialising mod_ssl, exiting.

[Thu Aug 30 14:13:47.798361 2018] [ssl:emerg] [pid 5110] AH02240: Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)

[Thu Aug 30 14:13:47.798536 2018] [ssl:emerg] [pid 5110] AH02312: Fatal error initialising mod_ssl, exiting.


#4

Hi @rwakagabo

so remove your 443 - part complete, then you can start your Apache.

Then create a new certificate - and install it.

If you use a certificate, you should never revoke it if you don’t have a new certificate.


#5

Thank you all, issue solved by removing all 443 - part.

Thanks for the support


#6

Yep, now your http - version works. Now create a new certificate and add it. :wink:


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.