Error 500 after install Certbot

Help
1

root@159:~# sudo apt-get install certbot python-certbot-apache

Reading package lists… Done

Building dependency tree

Reading state information… Done

certbot is already the newest version (0.31.0-1+ubuntu18.04.1+certbot+1).

python-certbot-apache is already the newest version (0.31.0-1+ubuntu18.04.1+certbot+1).

The following package was automatically installed and is no longer required:

grub-pc-bin

Use ‘sudo apt autoremove’ to remove it.

0 upgraded, 0 newly installed, 0 to remove and 14 not upgraded.

root@159:~# sudo certbot --apache

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?

1: www.159.65.***

2: shishando.com.br

3: www.shishando.com.br

4: markimpacto.com

5: www.markimpacto.com

Select the appropriate numbers separated by commas and/or spaces, or leave input

blank to select all options shown (Enter ‘c’ to cancel):

Attempting to parse the version 0.38.0 renewal configuration file found at /etc/letsencrypt/renewal/shishando.com.br.conf with version 0.31.0 of Certbot. This might not work.

You have an existing certificate that contains a portion of the domains you

requested (ref: /etc/letsencrypt/renewal/shishando.com.br.conf)

It contains these names: shishando.com.br, www.shishando.com.br

You requested these names for the new certificate: www.159.65.***,

shishando.com.br, www.shishando.com.br, markimpacto.com, www.markimpacto.com.

Do you want to expand and replace this existing certificate with the new

certificate?

(E)xpand/©ancel: e

Renewing an existing certificate

An unexpected error occurred:

Error creating new order :: Cannot issue for “www.159.65.***”: Name does not end in a public suffix

Please see the logfiles in /var/log/letsencrypt for more details.

NOW MY SITE IS LIKE THIS

https://markimpacto.com/ or http://markimpacto.com/ or https://shishando.com.br/ or http://shishando.com.br/

500

Internal Server Error

Sorry, something went wrong :frowning:

1 Like
2

Hi @jdemarch

that's not a Certbot installation problem. You have already certificates - https://check-your-website.server-daten.de/?q=markimpacto.com

Issuer not before not after Domain names LE-Duplicate next LE
Let's Encrypt Authority X3 2019-10-14 2020-01-12 markimpacto.com, shishando.com.br, www.markimpacto.com, www.shishando.com.br - 4 entries duplicate nr. 1
Let's Encrypt Authority X3 2019-10-11 2020-01-09 markimpacto.com, www.markimpacto.com - 2 entries duplicate nr. 1
Let's Encrypt Authority X3 2019-10-05 2020-01-03 markimpacto.com, www.markimpacto.com - 2 entries

But you had certificates with two domain names, then you have created one certificate with four domain names.

Or five - but the last name is wrong:

You can't create a certificate with www.159.65.248.193 as domain name.

Now you have a Bad Gateway error. So what's running in the backend?

The markimpacto.com has the certificate of the shishando.com.br, so your nginx vHost configuration may be wrong.

1 Like
3

Hey @JuergenAuer

Thanks for the answer! Yes, I believe I have set it wrong.

Well, I don’t really understand about servers and certificates, but as I need for a job, so I learned on the internet.

Is there any way to delete the certificates and redo them the right way?

I restored my droplet to make it work again.

Take a look: https://shishando.com.br/store/

But I have another site https://markimpacto.com/ (thats not working)

Can you help me please?

4

I discovered this when I tried to access my dashboard (159.65.248.193:8083)

1 Like
5

The site works. There is only the wrong certificate.

But you have a new certificate with that domain name:

Issuer not before not after Domain names LE-Duplicate next LE
Let's Encrypt Authority X3 2019-10-14 2020-01-12 markimpacto.com, shishando.com.br, www.markimpacto.com, www.shishando.com.br - 4 entries duplicate nr. 1
Let's Encrypt Authority X3 2019-10-11 2020-01-09 markimpacto.com, www.markimpacto.com - 2 entries duplicate nr. 1
Let's Encrypt Authority X3 2019-10-05 2020-01-03 markimpacto.com, www.markimpacto.com - 2 entries

What's your vHost configuration?

nginx -T

If your vHost config is ok, what says

certbot certificates
6 
root@159:~# nginx -T
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
# Server globals
user                    www-data;
worker_processes        auto;
worker_rlimit_nofile    65535;
error_log               /var/log/nginx/error.log;
pid                     /var/run/nginx.pid;


# Worker config
events {
    worker_connections  1024;
    use                 epoll;
    multi_accept        on;
}


http {
# Main settings
sendfile                        on;
tcp_nopush                      on;
tcp_nodelay                     on;
client_header_timeout           60s;
client_body_timeout             60s;
client_header_buffer_size       2k;
client_body_buffer_size         256k;
client_max_body_size            256m;
large_client_header_buffers     4 8k;
send_timeout                    60s;
keepalive_timeout               30s;
reset_timedout_connection       on;
server_tokens                   off;
server_name_in_redirect         off;
server_names_hash_max_size      512;
server_names_hash_bucket_size   512;


# Log format
log_format  main    '$remote_addr - $remote_user [$time_local] $request '
                    '"$status" $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';
log_format  bytes   '$body_bytes_sent';
#access_log          /var/log/nginx/access.log main;
access_log off;


# Mime settings
include             /etc/nginx/mime.types;
default_type        application/octet-stream;


# Compression
gzip                on;
gzip_static         on;
gzip_vary           on;
gzip_comp_level     6;
gzip_min_length     1024;
gzip_buffers        16 8k;
gzip_types          text/plain text/css text/javascript text/js text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss application/x-font-ttf image/svg+xml font/opentype;
gzip_proxied        any;
gzip_disable        "MSIE [1-6]\.";

# Proxy settings
proxy_redirect      off;
proxy_set_header    Host            $host;
proxy_set_header    X-Real-IP       $remote_addr;
proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_header   Set-Cookie;
proxy_buffers       32 4k;
proxy_connect_timeout   30s;
proxy_send_timeout  90s;
proxy_read_timeout  90s;

    
# Cloudflare https://www.cloudflare.com/ips
set_real_ip_from   103.21.244.0/22;
set_real_ip_from   103.22.200.0/22;
set_real_ip_from   103.31.4.0/22;
set_real_ip_from   104.16.0.0/12;
set_real_ip_from   108.162.192.0/18;
set_real_ip_from   131.0.72.0/22;
set_real_ip_from   141.101.64.0/18;
set_real_ip_from   162.158.0.0/15;
set_real_ip_from   172.64.0.0/13;
set_real_ip_from   173.245.48.0/20;
set_real_ip_from   188.114.96.0/20;
set_real_ip_from   190.93.240.0/20;
set_real_ip_from   197.234.240.0/22;
set_real_ip_from   198.41.128.0/17;
#set_real_ip_from   2400:cb00::/32;
#set_real_ip_from   2606:4700::/32;
#set_real_ip_from   2803:f800::/32;
#set_real_ip_from   2405:b500::/32;
#set_real_ip_from   2405:8100::/32;
#set_real_ip_from   2c0f:f248::/32;
#set_real_ip_from   2a06:98c0::/29;
real_ip_header     CF-Connecting-IP;


# SSL PCI Compliance
ssl_session_cache   shared:SSL:10m;
ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers        "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";


# Error pages
error_page          403          /error/403.html;
error_page          404          /error/404.html;
error_page          502 503 504  /error/50x.html;


# Cache settings
proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=1024m;
proxy_cache_key "$host$request_uri $cookie_user";
proxy_temp_path  /var/cache/nginx/temp;
proxy_ignore_headers Expires Cache-Control;
proxy_cache_use_stale error timeout invalid_header http_502;
proxy_cache_valid any 1d;


# Cache bypass
map $http_cookie $no_cache {
    default 0;
    ~SESS 1;
    ~wordpress_logged_in 1;
}


# File cache settings
open_file_cache          max=10000 inactive=30s;
open_file_cache_valid    60s;
open_file_cache_min_uses 2;
open_file_cache_errors   off;


# Wildcard include
include             /etc/nginx/conf.d/*.conf;
}

# configuration file /etc/nginx/mime.types:

types {
text/html                                        html htm shtml;
text/css                                         css;
text/xml                                         xml;
image/gif                                        gif;
image/jpeg                                       jpeg jpg;
application/javascript                           js;
application/atom+xml                             atom;
application/rss+xml                              rss;

text/mathml                                      mml;
text/plain                                       txt;
text/vnd.sun.j2me.app-descriptor                 jad;
text/vnd.wap.wml                                 wml;
text/x-component                                 htc;

image/png                                        png;
image/svg+xml                                    svg svgz;
image/tiff                                       tif tiff;
image/vnd.wap.wbmp                               wbmp;
image/webp                                       webp;
image/x-icon                                     ico;
image/x-jng                                      jng;
image/x-ms-bmp                                   bmp;

font/woff                                        woff;
font/woff2                                       woff2;

application/java-archive                         jar war ear;
application/json                                 json;
application/mac-binhex40                         hqx;
application/msword                               doc;
application/pdf                                  pdf;
application/postscript                           ps eps ai;
application/rtf                                  rtf;
application/vnd.apple.mpegurl                    m3u8;
application/vnd.google-earth.kml+xml             kml;
application/vnd.google-earth.kmz                 kmz;
application/vnd.ms-excel                         xls;
application/vnd.ms-fontobject                    eot;
application/vnd.ms-powerpoint                    ppt;
application/vnd.oasis.opendocument.graphics      odg;
application/vnd.oasis.opendocument.presentation  odp;
application/vnd.oasis.opendocument.spreadsheet   ods;
application/vnd.oasis.opendocument.text          odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
                                                 pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
                                                 xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
                                                 docx;
application/vnd.wap.wmlc                         wmlc;
application/x-7z-compressed                      7z;
application/x-cocoa                              cco;
application/x-java-archive-diff                  jardiff;
application/x-java-jnlp-file                     jnlp;
application/x-makeself                           run;
application/x-perl                               pl pm;
application/x-pilot                              prc pdb;
application/x-rar-compressed                     rar;
application/x-redhat-package-manager             rpm;
application/x-sea                                sea;
application/x-shockwave-flash                    swf;
application/x-stuffit                            sit;
application/x-tcl                                tcl tk;
application/x-x509-ca-cert                       der pem crt;
application/x-xpinstall                          xpi;
application/xhtml+xml                            xhtml;
application/xspf+xml                             xspf;
application/zip                                  zip;

application/octet-stream                         bin exe dll;
application/octet-stream                         deb;
application/octet-stream                         dmg;
application/octet-stream                         iso img;
application/octet-stream                         msi msp msm;

audio/midi                                       mid midi kar;
audio/mpeg                                       mp3;
audio/ogg                                        ogg;
audio/x-m4a                                      m4a;
audio/x-realaudio                                ra;

video/3gpp                                       3gpp 3gp;
video/mp2t                                       ts;
video/mp4                                        mp4;
video/mpeg                                       mpeg mpg;
video/quicktime                                  mov;
video/webm                                       webm;
video/x-flv                                      flv;
video/x-m4v                                      m4v;
video/x-mng                                      mng;
video/x-ms-asf                                   asx asf;
video/x-ms-wmv                                   wmv;
video/x-msvideo                                  avi;
}

# configuration file /etc/nginx/conf.d/159.65.248.193.conf:
server {
listen       159.65.248.193:80 default;
server_name  _;
#access_log  /var/log/nginx/159.65.248.193.log main;
location / {
    proxy_pass  http://159.65.248.193:8080;
   }
}


# configuration file /etc/nginx/conf.d/status.conf:
server {
listen       127.0.0.1:8084 default;
server_name  _;
server_name_in_redirect  off;
location / {
    stub_status on;
    access_log   off;
   }
}

# configuration file /etc/nginx/conf.d/vesta.conf:

include /home/admin/conf/web/159.65.248.193.nginx.conf;
include /home/admin/conf/web/shishando.com.br.nginx.conf;
include /home/admin/conf/web/shishando.com.br.nginx.ssl.conf;
include /home/admin/conf/web/markimpacto.com.nginx.conf;

# configuration file /home/admin/conf/web/159.65.248.193.nginx.conf:
server {
listen      159.65.248.193:80;
server_name 159.65.248.193 www.159.65.248.193;
error_log  /var/log/apache2/domains/159.65.248.193.error.log error;

location / {
    proxy_pass      http://159.65.248.193:8080;
    location ~* ^.+\.(jpg|jpeg|gif|png|ico|svg|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|odt|ods|odp|odf|tar|wav|bmp|rtf|js|mp3|avi|mpeg|flv|html|htm)$ {
        root           /home/admin/web/159.65.248.193/public_html;
        access_log     /var/log/apache2/domains/159.65.248.193.log combined;
        access_log     /var/log/apache2/domains/159.65.248.193.bytes bytes;
        expires        max;
        try_files      $uri @fallback;
    }
}

location /error/ {
    alias   /home/admin/web/159.65.248.193/document_errors/;
}

location @fallback {
    proxy_pass      http://159.65.248.193:8080;
}

location ~ /\.ht    {return 404;}
location ~ /\.svn/  {return 404;}
location ~ /\.git/  {return 404;}
location ~ /\.hg/   {return 404;}
location ~ /\.bzr/  {return 404;}

include /home/admin/conf/web/nginx.159.65.248.193.conf*;
}


# configuration file /home/admin/conf/web/shishando.com.br.nginx.conf:
server {
listen      159.65.248.193:80;
server_name shishando.com.br www.shishando.com.br;
error_log  /var/log/apache2/domains/shishando.com.br.error.log error;

location / {
    proxy_pass      http://159.65.248.193:8080;
    location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|tif|tiff|css|js|htm|html|ttf|otf|webp|woff|txt|csv|rtf|doc|docx|xls|xlsx|ppt|pptx|odf|odp|ods|odt|pdf|psd|ai|eot|eps|ps|zip|tar|tgz|gz|rar|bz2|7z|aac|m4a|mp3|mp4|ogg|wav|wma|3gp|avi|flv|m4v|mkv|mov|mpeg|mpg|wmv|exe|iso|dmg|swf)$ {
        root           /home/admin/web/shishando.com.br/public_html;
        access_log     /var/log/apache2/domains/shishando.com.br.log combined;
        access_log     /var/log/apache2/domains/shishando.com.br.bytes bytes;
        expires        max;
        try_files      $uri @fallback;
    }
}

location /error/ {
    alias   /home/admin/web/shishando.com.br/document_errors/;
}

location @fallback {
    proxy_pass      http://159.65.248.193:8080;
}

location ~ /\.ht    {return 404;}
location ~ /\.svn/  {return 404;}
location ~ /\.git/  {return 404;}
location ~ /\.hg/   {return 404;}
location ~ /\.bzr/  {return 404;}

include /home/admin/conf/web/nginx.shishando.com.br.conf*;
}


# configuration file /home/admin/conf/web/shishando.com.br.nginx.ssl.conf:
server {
listen      159.65.248.193:443 ssl;
server_name shishando.com.br www.shishando.com.br;
ssl_certificate      /home/admin/conf/web/ssl.shishando.com.br.pem;
ssl_certificate_key  /home/admin/conf/web/ssl.shishando.com.br.key;
error_log  /var/log/apache2/domains/shishando.com.br.error.log error;

location / {
    proxy_pass      https://159.65.248.193:8443;
    location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|tif|tiff|css|js|htm|html|ttf|otf|webp|woff|txt|csv|rtf|doc|docx|xls|xlsx|ppt|pptx|odf|odp|ods|odt|pdf|psd|ai|eot|eps|ps|zip|tar|tgz|gz|rar|bz2|7z|aac|m4a|mp3|mp4|ogg|wav|wma|3gp|avi|flv|m4v|mkv|mov|mpeg|mpg|wmv|exe|iso|dmg|swf)$ {
        root           /home/admin/web/shishando.com.br/public_html;
        access_log     /var/log/apache2/domains/shishando.com.br.log combined;
        access_log     /var/log/apache2/domains/shishando.com.br.bytes bytes;
        expires        max;
        try_files      $uri @fallback;
    }
}

location /error/ {
    alias   /home/admin/web/shishando.com.br/document_errors/;
}

location @fallback {
    proxy_pass      https://159.65.248.193:8443;
}

location ~ /\.ht    {return 404;}
location ~ /\.svn/  {return 404;}
location ~ /\.git/  {return 404;}
location ~ /\.hg/   {return 404;}
location ~ /\.bzr/  {return 404;}

include /home/admin/conf/web/snginx.shishando.com.br.conf*;
}


# configuration file /home/admin/conf/web/markimpacto.com.nginx.conf:
server {
listen      159.65.248.193:80;
server_name markimpacto.com www.markimpacto.com;
error_log  /var/log/apache2/domains/markimpacto.com.error.log error;

location / {
    proxy_pass      http://159.65.248.193:8080;
    location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|tif|tiff|css|js|htm|html|ttf|otf|webp|woff|txt|csv|rtf|doc|docx|xls|xlsx|ppt|pptx|odf|odp|ods|odt|pdf|psd|ai|eot|eps|ps|zip|tar|tgz|gz|rar|bz2|7z|aac|m4a|mp3|mp4|ogg|wav|wma|3gp|avi|flv|m4v|mkv|mov|mpeg|mpg|wmv|exe|iso|dmg|swf)$ {
        root           /home/admin/web/markimpacto.com/public_html;
        access_log     /var/log/apache2/domains/markimpacto.com.log combined;
        access_log     /var/log/apache2/domains/markimpacto.com.bytes bytes;
        expires        max;
        try_files      $uri @fallback;
    }
}

location /error/ {
    alias   /home/admin/web/markimpacto.com/document_errors/;
}

location @fallback {
    proxy_pass      http://159.65.248.193:8080;
}

location ~ /\.ht    {return 404;}
location ~ /\.svn/  {return 404;}
location ~ /\.git/  {return 404;}
location ~ /\.hg/   {return 404;}
location ~ /\.bzr/  {return 404;}

include /home/admin/conf/web/nginx.markimpacto.com.conf*;
}


root@159:~# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Attempting to parse the version 0.38.0 renewal configuration file found at /etc/letsencrypt/renewal/shishando.com.br.conf with version 0.31.0 of Certbot. This might not work.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: markimpacto.com
Domains: markimpacto.com
Expiry Date: 2020-01-12 16:12:11+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/markimpacto.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/markimpacto.com/privkey.pem
  Certificate Name: shishando.com.br
Domains: shishando.com.br www.shishando.com.br
Expiry Date: 2019-12-26 10:37:29+00:00 (VALID: 72 days)
Certificate Path: /etc/letsencrypt/live/shishando.com.br/fullchain.pem
Private Key Path: /etc/letsencrypt/live/shishando.com.br/privkey.pem
  Certificate Name: www.markimpacto.com
Domains: www.markimpacto.com
Expiry Date: 2020-01-12 16:12:35+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/www.markimpacto.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.markimpacto.com/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
root@159:~#
1 Like
7

If you use VestaCP (yep, the VestaCP port answers with a login - https://markimpacto.com:8083/login/ ) - you should never use Certbot directly.

That's always bad.

Raw client OR Control panel, but never both.

Use only your VestaCP to fix that.

PS: Mixing a raw client and a control panel - a crash or a http status 500 is expected.

1 Like
8

Well, ok. How can I remove certbot from raw client?

1 Like
9

Read some basics:

Certbot is a client.

Don't use Certbot. Certbot may be used by VestaCP, but then VestaCP knows what to do and knows how to install the certificate and how to configure the websites.

So if you use Certbot manual

Certbot may not be able to change the VestaCP configuration -> that crashes.

1 Like
10

@JuergenAuer What do you recommend?

11

Use your VestaCP, not Certbot.

12

Well… Thank you for everything, really…

But I really don’t know how to do that.

So, I export my database and save files from server to localhost.

Now, I just want to create a new droplet and reinstall vestacp

Buuuuut…

I registered a new domain and create a new droplet markid.com.br

I connected via ssh and install vesta.

Nothing more. Just that.

And: https://167.99.151.212:8083
Or https://markid.com.br:8083/

Just work without SSL and :8083

I am really tired =(

13

That's the standard VestaCP - port. That port works with http and https. https -> looks like a standard self signed certificate.

14

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.