Failing renewal

spd2612 · February 15, 2023, 7:03pm

Well I am either a total Dumba** or your a genius
All I did was remove 'RewriteEngine off' from 'hurricanepub.conf' restart apache, then I tested all works
I did not put the RewriteEngine statement in there so I assumed it had to be ON or OFF as long as Apache dose not put it back.

sudo certbot renew --dry-run
[sudo] password for web: 
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/aquaprographix.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Simulating renewal of an existing certificate for aquaprographix.com and 9 more domains

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all simulated renewals succeeded: 
  /etc/letsencrypt/live/aquaprographix.com/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

rg305 · February 15, 2023, 7:09pm

That doesn't follow:

spd2612:

*:80                   is a NameVirtualHost
         default server 192.168.4.13 (/etc/apache2/sites-enabled/000-local.conf:1)
         port 80 namevhost 192.168.4.13 (/etc/apache2/sites-enabled/000-local.conf:1)
                 alias 192.168.4.13
                 wild alias 192.168.4.*
         port 80 namevhost aquaprographix.com (/etc/apache2/sites-enabled/aquaprographix.com.conf:1)
                 alias www.aquaprographix.com
         port 80 namevhost colasprint.com (/etc/apache2/sites-enabled/colasprint.com.conf:1)
                 alias www.colasprint.com
         port 80 namevhost hurricanepub.com (/etc/apache2/sites-enabled/hurricanepub.conf:1)
                 alias www.hurricanepub.com
         port 80 namevhost speed-stream.com (/etc/apache2/sites-enabled/speed-stream.com.conf:1)
                 alias www.speed-stream.com
         port 80 namevhost tricountycamaroswfl.com (/etc/apache2/sites-enabled/tricountycamaroswfl.com.conf:1)
                 alias www.tricountycamaroswfl.com

Where each name has its' own vhost.
OR
I just don't understand what you mean by "attached to".

spd2612 · February 15, 2023, 7:25pm

if I look at the certificate for any of those sites it shows all of them as Aquaprographix (wildcard)
I meen look at them from the lock in the web browser I just assumed thats how letsencrypt does it
does that make sence
If you use a browser and go to hurricanepub.com, click on the lock and view the cert

rg305 · February 15, 2023, 7:27pm

OK.
That just means that you are using one single cert for all your sites.
[one cert can contain up to 100 names]

But the sites themselves are not connected in any way.
Thus, the HTTP challenge request to site X must be satisfied by site X.

MikeMcQ · February 15, 2023, 8:17pm

Both could be true (sorry, couldn't resist)

No worries.

rg305 · February 15, 2023, 8:49pm

Neither could also be true (sorry, couldn't resist)
LOL

MikeMcQ · February 15, 2023, 9:00pm

My best laugh today !

spd2612 · February 15, 2023, 9:46pm

No Worries thanks for your help I changed hurricanepub.conf to have no rewrite and allowed htaccess that site is very complex and takes a lot of tweaking I retested letsencrypt and fingers crossed im good to go now

system · March 17, 2023, 9:46pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certificate renewal failed Help	6	115	January 1, 2025
Failed to renew - Some challenges have failed Help	3	622	January 9, 2022
All renewal attempts failed Help	7	1644	June 1, 2021
Renewal Failure - worked previously Help	9	643	April 17, 2022
Certificate renewal fails Help	10	641	July 13, 2024

Failing renewal

Related topics