Domain is inaccessible after a revoke

rwakagabo · August 30, 2018, 1:13pm

My domain is: rinex.org.rw

I ran this command: certbot revoke --cert-path /etc/letsencrypt/archive/rinex.org.rw/cert1.pem

It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log

Would you like to delete the cert(s) you just revoked?

(Y)es (recommended)/(N)o: Y

Deleted all files relating to certificate rinex.org.rw.

Congratulations! You have successfully revoked the certificate that was located

at /etc/letsencrypt/archive/rinex.org.rw/cert1.pem

My web server is (include version): apache

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

i can not install certbot again, it gives this error:
certbot --apache -d rinex.org.rw

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Error while running apache2ctl configtest.

Action ‘configtest’ failed.

The Apache error log may have more information.

AH00526: Syntax error on line 46 of /etc/apache2/sites-enabled/rinex.org.rw-le-ssl.conf:

SSLCertificateFile: file ‘/etc/letsencrypt/live/rinex.org.rw/cert.pem’ does not exist or is empty

The apache plugin is not working; there may be problems with your existing configuration.

The error was: MisconfigurationError(“Error while running apache2ctl configtest.\nAction ‘configtest’ failed.\nThe Apache error log may have more information.\n\nAH00526: Syntax error on line 46 of /etc/apache2/sites-enabled/rinex.org.rw-le-ssl.conf:\nSSLCertificateFile: file ‘/etc/letsencrypt/live/rinex.org.rw/cert.pem’ does not exist or is empty\n”,)

and apache logs shows this
[Thu Aug 30 14:11:09.719352 2018] [ssl:emerg] [pid 5067] AH02240: Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)

[Thu Aug 30 14:11:09.719534 2018] [ssl:emerg] [pid 5067] AH02312: Fatal error initialising mod_ssl, exiting.

[Thu Aug 30 14:11:09.988332 2018] [ssl:emerg] [pid 5074] AH02240: Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)

[Thu Aug 30 14:11:09.988506 2018] [ssl:emerg] [pid 5074] AH02312: Fatal error initialising mod_ssl, exiting.

jared.m · August 30, 2018, 1:18pm

When you revoked the certificate and told Certbot to delete it, you removed files that Apache is expecting to be there. You’ll need to go into your Apache configs and remove the lines referencing your now-deleted certificate.

In the future, I’d recommend not deleting the certificate until you get a new one to take its place. Or, really, just force renewing it to overwrite instead of deleting. That option is more geared for situations in which you no longer own/control that domain name.

rwakagabo · August 30, 2018, 1:40pm

Jared Thanks for the reply, actually i did i an error by deleting, which is not the best option.
i commented below lines under /etc/apache2/sites-enabled/rinex.org.rw.conf

RewriteEngine on
RewriteCond %{SERVER_NAME} =rinex.org.rw [OR]
RewriteCond %{SERVER_NAME} =www.rinex.org.rw
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

and also commented below lines
#Include /etc/letsencrypt/options-ssl-apache.conf
#SSLCertificateFile /etc/letsencrypt/live/rinex.org.rw/cert.pem
#SSLCertificateKeyFile /etc/letsencrypt/live/rinex.org.rw/privkey.pem
#SSLCertificateChainFile /etc/letsencrypt/live/rinex.org.rw/chain.pem

but still apache2 failed to start with same log errors

tail -f /var/log/apache2/error.log

[Thu Aug 30 14:11:09.988332 2018] [ssl:emerg] [pid 5074] AH02240: Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)

[Thu Aug 30 14:11:09.988506 2018] [ssl:emerg] [pid 5074] AH02312: Fatal error initialising mod_ssl, exiting.

[Thu Aug 30 14:13:47.798361 2018] [ssl:emerg] [pid 5110] AH02240: Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)

[Thu Aug 30 14:13:47.798536 2018] [ssl:emerg] [pid 5110] AH02312: Fatal error initialising mod_ssl, exiting.

JuergenAuer · August 30, 2018, 2:36pm

Hi @rwakagabo

so remove your 443 - part complete, then you can start your Apache.

Then create a new certificate - and install it.

If you use a certificate, you should never revoke it if you don’t have a new certificate.

rwakagabo · August 30, 2018, 3:01pm

Thank you all, issue solved by removing all 443 - part.

Thanks for the support

JuergenAuer · August 30, 2018, 3:09pm

Yep, now your http - version works. Now create a new certificate and add it.

system · September 29, 2018, 3:24pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Revoked certificate problem Help	6	987	December 18, 2020
Tried to remove and replace a Let's Encrypt cert, can't use certbot to reinstall cert and can't restart Apache Help	4	1123	October 9, 2019
Changed the domain - Revoked and tried to renew certificate - Error message Help	12	518	December 29, 2023
Unable to restart apache after removing domain Help	15	1805	September 9, 2019
Apache is munged by uninstalling Certbot Server	13	1372	February 3, 2019

Domain is inaccessible after a revoke

Related topics