Failed to configure at least one certificate and key for

Help
1

My domain is:

frederik.huijse.com

I ran this command:
certbot --apache

It produced this output:

Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.


Unable to restart apache using ['apache2ctl', 'graceful']
Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.


Unable to restart apache using ['apache2ctl', 'graceful']
Encountered exception during recovery: certbot.errors.MisconfigurationError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.
Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.

[Mon Dec 12 13:37:11.073165 2022] [ssl:emerg] [pid 32587] AH02572: Failed to configure at least one certificate and key for frederik.huijse.com:443
[Mon Dec 12 13:37:11.073236 2022] [ssl:emerg] [pid 32587] SSL Library Error: error:0909006C:PEM routines:get_name:no start line (Expecting: DH PARAMETERS) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?
[Mon Dec 12 13:37:11.073245 2022] [ssl:emerg] [pid 32587] SSL Library Error: error:0909006C:PEM routines:get_name:no start line (Expecting: EC PARAMETERS) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?
[Mon Dec 12 13:37:11.073255 2022] [ssl:emerg] [pid 32587] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Mon Dec 12 13:37:11.073260 2022] [ssl:emerg] [pid 32587] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
AH00016: Configuration Failed

My web server is (include version):
apache2

The operating system my web server runs on is (include version):
ubuntu 18.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.32.1

2

You need to have a working HTTP site before getting a cert using the --apache plug-in. I don't see port 80 open to your domain. And, there is no response to an HTTP request.

Can you show output of this?

apache2ctl -t -D DUMP_VHOSTS
3 Likes
3

Hi it is:

AH00526: Syntax error on line 25 of /etc/apache2/sites-enabled/huijse.nl-le-ssl.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/huijse.nl/fullchain.pem' does not exist or is empty
Action '-t -D DUMP_VHOSTS' failed.
The Apache error log may have more information.
4

I can't start apache anymore, so that is why my site is not working anymore.

5

Do you need to use sudo in front of that?

And, show

(sudo) certbot certificates
3 Likes
6

Do you need to use sudo in front of that?

No I didn't. But I needed it for the following command:

(sudo) certbot certificates

Some of the output is:

Certificate Name: frederik.huijse.com
    Serial Number: 4f25ff965f744ad66956ddfe6fb41ff734c
    Key Type: RSA
    Domains: frederik.huijse.com
    Expiry Date: 2023-03-02 09:45:36+00:00 (VALID: 79 days)
    Certificate Path: /etc/letsencrypt/live/frederik.huijse.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/frederik.huijse.com/privkey.pem
  Certificate Name: frederik.huijse.nl
    Serial Number: 4dbec7ea2f9c1bf433be84295de9cccd9a3
    Key Type: RSA
    Domains: frederik.huijse.nl www.frederik.huijse.nl
    Expiry Date: 2021-02-22 07:43:26+00:00 (INVALID: EXPIRED)
    Certificate Path: /etc/letsencrypt/live/frederik.huijse.nl/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/frederik.huijse.nl/privkey.pem
7

Please show this file:

3 Likes
8

What happened to that cert? The certbot certificates did not show this one only domains starting with frederik

You may have to run a2disable a2dissite for your huijse.nl-le-ssl.conf so you can re-create that cert if you still need it

3 Likes
9

OP deleted it for some reason, as was noted in Failed to configure at least one certificate and key for - #4 by Freddy1 before the edit. @Freddy1, for some reason, you deleted a certificate and key file that you've told Apache to require. You'll need to either restore those files, or tell Apache to no longer require them.

4 Likes
10

OP deleted it for some reason, as was noted in Failed to configure at least one certificate and key for - #4 by Freddy1 before the edit. @Freddy1, for some reason, you deleted a certificate and key file that you've told Apache to require. You'll need to either restore those files, or tell Apache to no longer require them.

How do I restore them? I see an:
frederik.huijse-le-ssl.conf and an:
huijse.nl-le-ssl.conf in the sites-available folder.

Or how do I tell apache not to require them?

11

From a backup.

3 Likes
12

Use a2dissite to disable. a2ensite to enable. Per the error, huijse.nl-le-ssl is the only one failing.

Sorry, I said a2disable earlier

3 Likes
13

Use a2dissite to disable. a2ensite to enable. Per the error, huijse.nl-le-ssl is the only one failing.

Thanks it works now!

I disabled the site. But I did not know I also had to disable the huijse.nl-ssl.conf file. I also did that. Why is it necesairy?

1 Like
14

Because there are two VirtualHosts. One processing HTTP requests and the other HTTPS requests.

The conf file with SSL in the name has the VHost for HTTPS (on your system)

Does that answer your question?

3 Likes
15

Does that answer your question?

Yes that makes it clear. Thank you.

2 Likes
16

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.