I have been using letsencrypt for a while, but renew fails now. i switched to the certbot system, installed as per the instructions, and failure.
My domain is: www.valters.net
I ran this command: certbot renew --apache --dryrun
It produced this output:
My web server is (include version): Apache 2.4.18
The operating system my web server runs on is (include version): Ubuntu 16.04
My hosting provider, if applicable, is: Digital Ocean
I can login to a root shell on my machine YES
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.28.0
Osiris
February 3, 2019, 4:08pm
2
Could you please provide all your Apache configuration files? If your server is directly connected to the internet (i.e., without any reverse proxy between the server and the internet), this should work.
Perhaps you have some kind of Apache configuration which is interfering with the temporary Apache configuration file used by certbot for the authentication.
main config has some folder restrictions
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
I used to have this all in one file, but thought that may be the issue, so have 2 sites enabled across 2 confs
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ServerName valters.net
ServerAlias www.valters.net
RewriteEngine on
RewriteCond %{SERVER_NAME} =valters.net [OR]
RewriteCond %{SERVER_NAME} =www.valters.net
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ServerName valters.net
ServerAlias www.valters.net
SSLCertificateFile /etc/letsencrypt/live/valters.net/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/valters.net/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/valters.net/chain.pem
</VirtualHost>
</IfModule>
Hi @wvalters
I see, you have already tested your domain via https://check-your-website.server-daten.de/?q=valters.net
There
is a 404 reported, not a 403. The 404 is good, port 80 answers.
So try to find your "DocumentRoot" in your VirtualHost, then use it.
certbot certonly -a webroot -w /var/www/html -d valters.net -d www.valters.net --dry-run
Your certificate is already expired, so you need a new.
certbot run -a webroot -i apache -w /var/www/html -d valters.net -d www.valters.net
that was it… so, use the same when doing the certbot-auto?
1 Like
Osiris
February 3, 2019, 4:45pm
6
You said you have "regular" certbot 0.28.0. There's no specific need to use certbot-auto.
Happy to see now you have a new certificate:
CN=valters.net
03.02.2019
04.05.2019
valters.net, www.valters.net - 2 entries
Yes, certbot-auto should run with the same command. Later "renew" should be enough.
sorry. meant “automating” vie crontab. Thanks for the quick help!
system
March 5, 2019, 4:59pm
9
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.