Error running certbot

My domain is: computerrepairleeds.uk and www.computerrepairleeds.uk

I ran this command: sudo certbot --apache
and...
sudo certbot -d www.computerrepairleeds.uk, computerrepairleeds.uk --apache

It produced this output:
An unexpected error occurred:
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x733ebfd0>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution'))

and...

Requested domain is not a FQDN because it contains an empty label.

My web server is (include version): Server version: Apache/2.4.52 (Raspbian)
Server built: 2022-01-03T21:27:14

The operating system my web server runs on is (include version): No LSB modules are available.
Distributor ID: Raspbian
Description: Raspbian GNU/Linux 11 (bullseye)
Release: 11
Codename: bullseye

My hosting provider, if applicable, is: godaddy.com

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.6.0

I have 2 domains already registered with certbot, which are www.severindouble.com and severindouble.com. I am wanting to ssl the domains www.computerrepairleeds.uk and computerrepairleeds.uk, but just leave www.severindouble.com and severindouble.com as they already have a certificate, but also allow access to the same site with computerrepairleeds.uk and www.computerrepairleeds.uk

Thanks for your help beforehand

That's a DNS issue.
What shows?
nslookup acme-v02.api.letsencrypt.org
cat /etc/resolv.conf

mmmm. Cheers for getting back to us. On running the command: nslookup acme-v02.api.letsencrypt.orgI get the response: -bash: nslookup: command not found

Upon running the command: cat /etc/resolv.confI get: nameserver 192.168.0.10.

I think I do vaguely remember messing about with this file and the hostname file as (if I remember correctly) I was trying to get sendmail working with a relay server, or at least trying to get emails sent from the raspberry pi box into (at the very least) the spam box of gmail

Thanks again

How about?:
dig +short acme-v02.api.letsencrypt.org

I think that part might be to remove the space after the comma. e.g. -d www.computerrepairleeds.uk,computerrepairleeds.uk - I think they're other syntax variations you can use like -d www.computerrepairleeds.uk -d computerrepairleeds.uk

Surprisingly, this worked! Certbot is now asking which virtual server configuration I want to use. I have tried all 3, but I get the following:

sudo certbot -d www.computerrepairleeds.uk,computerrepairleeds.uk --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Certificate not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/www.computerrepairleeds.uk.conf)

What would you like to do?

1: Attempt to reinstall this existing certificate
2: Renew & replace the certificate (may be subject to CA rate limits)

Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Deploying certificate

We were unable to find a vhost with a ServerName or Address of www.computerrepairleeds.uk.
Which virtual host would you like to choose?

1: 000-default-le-ssl.conf | Multiple Names | HTTPS | Enabled
2: 000-default-le-ssl.conf | www.severindouble.com | | Enabled
3: 000-default.conf | www.severindouble.com | | Enabled

Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 1
Successfully deployed certificate for www.computerrepairleeds.uk to /etc/apache2/sites-enabled/000-default-le-ssl.conf

We were unable to find a vhost with a ServerName or Address of computerrepairleeds.uk.
Which virtual host would you like to choose?

1: 000-default-le-ssl.conf | Multiple Names | HTTPS | Enabled
2: 000-default-le-ssl.conf | www.severindouble.com | | Enabled
3: 000-default.conf | www.severindouble.com | | Enabled

Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 2
The selected vhost would conflict with other HTTPS VirtualHosts within Apache. Please select another vhost or add ServerNames to your configuration.
Could not install certificate

NEXT STEPS:

• The certificate was saved, but could not be installed (installer: apache). After fixing the error shown below, try installing it again by running:
  certbot install --cert-name www.computerrepairleeds.uk

VirtualHost not able to be selected.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

I then added the following lines in /etc/apache2/sites-enabled/000-default.conf and got the following:

RewriteCond %{SERVER_NAME} =computerrepairleeds.uk
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
ServerAlias www.computerrepairleeds.uk

sudo certbot -d www.computerrepairleeds.uk,computerrepairleeds.uk --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Certificate not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/www.computerrepairleeds.uk.conf)

What would you like to do?

1: Attempt to reinstall this existing certificate
2: Renew & replace the certificate (may be subject to CA rate limits)

Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Deploying certificate
Some rewrite rules copied from /etc/apache2/sites-enabled/000-default.conf were disabled in the vhost for your HTTPS site located at /etc/apache2/sites-available/000-default-le-ssl.conf because they have the potential to create redirection loops.
Successfully deployed certificate for www.computerrepairleeds.uk to /etc/apache2/sites-available/000-default-le-ssl.conf

We were unable to find a vhost with a ServerName or Address of computerrepairleeds.uk.
Which virtual host would you like to choose?

1: 000-default.conf | Multiple Names | | Enabled
2: 000-default-le-ssl.conf | Multiple Names | HTTPS | Enabled

Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Successfully deployed certificate for computerrepairleeds.uk to /etc/apache2/sites-available/000-default-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://www.computerrepairleeds.uk and https://computerrepairleeds.uk

If you like Certbot, please consider supporting our work by:

• Donating to ISRG / Let's Encrypt: Donate - Let's Encrypt
• Donating to EFF: Support EFF's Work on Let's Encrypt | Electronic Frontier Foundation

...but I now get a "security risk ahead" warning when I try and access https://severindouble.com. Also I have added the following lines to .htaccess:

RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^(www.)?computerrepairleeds.uk
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

...and that does the trick of redirecting computerrepairleeds.uk and www.computerrepairleeds.uk to https://

Thanks for all your help thus far and beforehand

Sorry. I forgot to say, basically I want www.severindouble.com, severindouble.com, www.computerrepairleeds.uk and computerrepairleeds.uk all to point at the same web site and have ssl certificates. Cheers

sorry command not found again

Hi there again. I have sorted it! I just ran the certbot command with all the domain names, thus:

sudo certbot -d www.computerrepairleeds.uk,computerrepairleeds.uk,www.severindouble.com,severindouble.com --apache

Cheers

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.