Error performing automatic renewal with certbot

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: esencialhost.com

I ran this command: certbot --apache

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

Which names would you like to activate HTTPS for?

1: grupoaurora.com.co
2: admin.grupoaurora.com.co
3: autoconfig.grupoaurora.com.co
4: autodiscover.grupoaurora.com.co
5: mail.grupoaurora.com.co
6: webmail.grupoaurora.com.co
7: www.grupoaurora.com.co
8: dulcevitamoda.com
9: admin.dulcevitamoda.com
10: autoconfig.dulcevitamoda.com
11: autodiscover.dulcevitamoda.com
12: mail.dulcevitamoda.com
13: webmail.dulcevitamoda.com
14: www.dulcevitamoda.com
15: esencialbyte.com
16: admin.esencialbyte.com
17: autoconfig.esencialbyte.com
18: autodiscover.esencialbyte.com
19: mail.esencialbyte.com
20: webmail.esencialbyte.com
21: www.esencialbyte.com
22: esencialhost.com
23: admin.esencialhost.com
24: autoconfig.esencialhost.com
25: autodiscover.esencialhost.com
26: mail.esencialhost.com
27: webmail.esencialhost.com
28: www.esencialhost.com
29: estiloweb.co
30: admin.estiloweb.co
31: autoconfig.estiloweb.co
32: autodiscover.estiloweb.co
33: mail.estiloweb.co
34: webmail.estiloweb.co
35: www.estiloweb.co
36: jkworld.co
37: admin.jkworld.co
38: autoconfig.jkworld.co
39: autodiscover.jkworld.co
40: mail.jkworld.co
41: webmail.jkworld.co
42: www.jkworld.co

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): An unexpected error occurred:
EOFError
Please see the logfiles in /var/log/letsencrypt for more details.

Checking the log file:
2020-08-11 18:59:37,649:DEBUG:certbot._internal.main:certbot version: 1.6.0
2020-08-11 18:59:37,653:DEBUG:certbot._internal.main:Arguments: [’–apache’]
2020-08-11 18:59:37,653:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2020-08-11 18:59:37,755:DEBUG:certbot._internal.log:Root logging level set at 20
2020-08-11 18:59:37,755:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2020-08-11 18:59:37,761:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2020-08-11 18:59:38,502:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.6
2020-08-11 18:59:42,507:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f32c477d890>
Prep: True
2020-08-11 18:59:42,513:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f32c477d890> and installer <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f32c477d890>
2020-08-11 18:59:42,514:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2020-08-11 18:59:42,724:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(status=None, terms_of_service_agreed=None, agreement=None, only_return_existing=None, contact=(), key=None, external_account_binding=None), uri=u’https://acme-v02.api.letsencrypt.org/acme/acct/84725689’, new_authzr_uri=None, terms_of_service=None), 9b4a4fba0911e455eef3bdca34451bd3, Meta(creation_host=u’csw.esencialhots.com’, register_to_eff=None, creation_dt=datetime.datetime(2020, 4, 28, 20, 46, 24, tzinfo=)))>
2020-08-11 18:59:42,749:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2020-08-11 18:59:42,799:INFO:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2020-08-11 18:59:46,803:DEBUG:urllib3.connectionpool:“GET /directory HTTP/1.1” 200 658
2020-08-11 18:59:46,804:DEBUG:acme.client:Received response:
HTTP 200
content-length: 658
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
cache-control: public, max-age=0, no-cache
date: Tue, 11 Aug 2020 23:59:46 GMT
x-frame-options: DENY
content-type: application/json

{
“izy71If8m8c”: “Adding random entries to the directory”,
“keyChange”: “https://acme-v02.api.letsencrypt.org/acme/key-change”,
“meta”: {
“caaIdentities”: [
letsencrypt.org
],
“termsOfService”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”,
“website”: “https://letsencrypt.org
},
“newAccount”: “https://acme-v02.api.letsencrypt.org/acme/new-acct”,
“newNonce”: “https://acme-v02.api.letsencrypt.org/acme/new-nonce”,
“newOrder”: “https://acme-v02.api.letsencrypt.org/acme/new-order”,
“revokeCert”: “https://acme-v02.api.letsencrypt.org/acme/revoke-cert
}
2020-08-11 18:59:46,811:DEBUG:certbot.util:Not suggesting name “csw”
Traceback (most recent call last):
File “/usr/lib/python2.7/site-packages/certbot/util.py”, line 304, in get_filtered_names
filtered_names.add(enforce_le_validity(name))
File “/usr/lib/python2.7/site-packages/certbot/util.py”, line 493, in enforce_le_validity
“{0} needs at least two labels”.format(domain))
ConfigurationError: csw needs at least two labels
2020-08-11 18:59:46,819:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File “/bin/certbot”, line 9, in
load_entry_point(‘certbot==1.6.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 15, in main
return internal_main.main(cli_args)
File “/usr/lib/python2.7/site-packages/certbot/_internal/main.py”, line 1353, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/site-packages/certbot/_internal/main.py”, line 1096, in run
domains, certname = _find_domains_or_certname(config, installer)
File “/usr/lib/python2.7/site-packages/certbot/_internal/main.py”, line 419, in _find_domains_or_certname
domains = display_ops.choose_names(installer, question)
File “/usr/lib/python2.7/site-packages/certbot/display/ops.py”, line 128, in choose_names
code, names = _filter_names(names, question)
File “/usr/lib/python2.7/site-packages/certbot/display/ops.py”, line 179, in _filter_names
question, tags=sorted_names, cli_flag="–domains", force_interactive=True)
File “/usr/lib/python2.7/site-packages/certbot/display/util.py”, line 252, in checklist
force_interactive=True)
File “/usr/lib/python2.7/site-packages/certbot/display/util.py”, line 178, in input
ans = input_with_timeout(message)
File “/usr/lib/python2.7/site-packages/certbot/display/util.py”, line 85, in input_with_timeout
raise EOFError
EOFError
2020-08-11 18:59:46,826:ERROR:certbot._internal.log:An unexpected error occurred:
2020-08-11 18:59:46,827:ERROR:certbot._internal.log:EOFError

My web server is (include version): Server version: Apache/2.4.6 (CentOS)

The operating system my web server runs on is (include version): CentOS 7

My hosting provider, if applicable, is: own

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): yes, I am using Webmin with Virtualmin

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): yes, certbot 1.6.0

1 Like
2

Please show the output of:
apachectl -S

1 Like
3

Is there a servername "csw" ?

1 Like
4

Thanks for the help

the result it shows me is:

AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using csw.esencialhost.com. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
192.178.45.90:80 is a NameVirtualHost
default server esencialbyte.com (/etc/httpd/conf/httpd.conf:359)
port 80 namevhost esencialbyte.com (/etc/httpd/conf/httpd.conf:359)
alias www.esencialbyte.com
alias mail.esencialbyte.com
alias webmail.esencialbyte.com
alias admin.esencialbyte.com
alias autoconfig.esencialbyte.com
alias autodiscover.esencialbyte.com
port 80 namevhost grupoaurora.com.co (/etc/httpd/conf/httpd.conf:444)
alias www.grupoaurora.com.co
alias mail.grupoaurora.com.co
alias webmail.grupoaurora.com.co
alias admin.grupoaurora.com.co
alias autoconfig.grupoaurora.com.co
alias autodiscover.grupoaurora.com.co
port 80 namevhost estiloweb.co (/etc/httpd/conf/httpd.conf:512)
alias www.estiloweb.co
alias mail.estiloweb.co
alias webmail.estiloweb.co
alias admin.estiloweb.co
alias autoconfig.estiloweb.co
alias autodiscover.estiloweb.co
port 80 namevhost esencialhost.com (/etc/httpd/conf/httpd.conf:665)
alias www.esencialhost.com
alias mail.esencialhost.com
alias webmail.esencialhost.com
alias admin.esencialhost.com
alias autoconfig.esencialhost.com
alias autodiscover.esencialhost.com
port 80 namevhost dulcevitamoda.com (/etc/httpd/conf/httpd.conf:951)
alias www.dulcevitamoda.com
alias mail.dulcevitamoda.com
alias webmail.dulcevitamoda.com
alias admin.dulcevitamoda.com
alias autoconfig.dulcevitamoda.com
alias autodiscover.dulcevitamoda.com
port 80 namevhost jkworld.co (/etc/httpd/conf/httpd.conf:1092)
alias www.jkworld.co
alias mail.jkworld.co
alias webmail.jkworld.co
alias admin.jkworld.co
alias autoconfig.jkworld.co
alias autodiscover.jkworld.co
192.178.45.90:443 is a NameVirtualHost
default server esencialbyte.com (/etc/httpd/conf/httpd.conf:580)
port 443 namevhost esencialbyte.com (/etc/httpd/conf/httpd.conf:580)
alias www.esencialbyte.com
alias mail.esencialbyte.com
alias webmail.esencialbyte.com
alias admin.esencialbyte.com
alias autoconfig.esencialbyte.com
alias autodiscover.esencialbyte.com
port 443 namevhost esencialhost.com (/etc/httpd/conf/httpd.conf:733)
alias www.esencialhost.com
alias mail.esencialhost.com
alias webmail.esencialhost.com
alias admin.esencialhost.com
alias autoconfig.esencialhost.com
alias autodiscover.esencialhost.com
port 443 namevhost estiloweb.co (/etc/httpd/conf/httpd.conf:806)
alias www.estiloweb.co
alias mail.estiloweb.co
alias webmail.estiloweb.co
alias admin.estiloweb.co
alias autoconfig.estiloweb.co
alias autodiscover.estiloweb.co
port 443 namevhost grupoaurora.com.co (/etc/httpd/conf/httpd.conf:879)
alias www.grupoaurora.com.co
alias mail.grupoaurora.com.co
alias webmail.grupoaurora.com.co
alias admin.grupoaurora.com.co
alias autoconfig.grupoaurora.com.co
alias autodiscover.grupoaurora.com.co
port 443 namevhost dulcevitamoda.com (/etc/httpd/conf/httpd.conf:1019)
alias www.dulcevitamoda.com
alias mail.dulcevitamoda.com
alias webmail.dulcevitamoda.com
alias admin.dulcevitamoda.com
alias autoconfig.dulcevitamoda.com
alias autodiscover.dulcevitamoda.com
port 443 namevhost jkworld.co (/etc/httpd/conf/httpd.conf:1161)
alias www.jkworld.co
alias mail.jkworld.co
alias webmail.jkworld.co
alias admin.jkworld.co
alias autoconfig.jkworld.co
alias autodiscover.jkworld.co
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex authdigest-opaque: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex fcgid-proctbl: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex fcgid-pipe: using_defaults
PidFile: "/run/httpd/httpd.pid"
Define: _RH_HAS_HTTPPROTOCOLOPTIONS
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48

1 Like
5

that’s right, my main server is virtualized in proxmox and the CentOS machine name is “CWS”

1 Like
6

I don’t really see any obvious problem… but really? one config file? >1161 lines?

Even though Apache doesn’t find anything wrong (enough) with it to complain, perhaps there are some things that certbot just can’t get around… Like maybe some extra “)” or “}”
Difficult to say at this point (with any certainty).

1 Like
7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.