Forgot to delete cert after I deleted virtual host

Help
1

Hi,

I have a LAMP stack with multiple virtual hosts. I deleted a virtual host with a website on and forgot to delete the cert, and now the remaining sites are down. There are two other sites and on both the front page works and the rest gives a 404.

Later on, I deleted the cert from the deleted website with certbot delete --cert-name example.com, without luck. The cert is deleted but the situation is the same.

certbot certificates

Found the following certs:
Certificate Name: example1.com
Serial Number: 47a090373xxxxxxxxxxxxxxx966e0e0
Key Type: RSA
Domains: example.net example1.com www.example.net www.example1.com
Expiry Date: 2023-12-31 18:00:23+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/example1.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/example1.com/privkey.pem
Certificate Name: www.example.net
Serial Number: 3e1e2fxxxxxxxxxxxxxxxxxxxbf4d0
Key Type: RSA
Domains: example.net www.example.net
Expiry Date: 2023-12-15 17:25:44+00:00 (VALID: 73 days)
Certificate Path: /etc/letsencrypt/live/www.example.net/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.example.net/privkey.pem

It looks as the two certs are mixed somehow?

Any other suggestions on how to troubleshot this are more than welcome, thanks!

2

Yes, looks like you have multiple domain names in the same cert which is totally fine. But, does require extra care when making changes. I personally prefer one cert for all the names in one VirtualHost for this reason. But, others prefer a combined cert.

As for troubleshooting, maybe someone else will help with just example names but my experience says we would need the actual domain names to provide help.

The generic help for generic names is just to issue a new cert for the names you need and then delete the certs you don't need. Don't delete them until all references are removed from Apache and anywhere else you might use them.

The Certbot docs have a section on safely deleting certs

3 Likes
3

Hi,

Thanks for the fast reply. The real domain names are https://www.keto-programs.com and https://www.a-c-d.net.

Thanks

1 Like
5

Actually, forget those commands in my previous (now deleted post) for now.

What is the problem? Because both of those domains return a valid cert issued yesterday.

Can you give example of what URL is giving a 404? Because I see valid "home" pages for all 4 domain names

3 Likes
6

Yes, all other pages and posts except the frontpages. Example: https://www.keto-programs.com/what-is-a-keto-diet/

Thanks again!

1 Like
7

That seems more like an Apache application problem and nothing to do with certs.

But, let's review the cert setup anyway. Please show the real output of:

certbot certificates

And this

sudo apache2ctl -t -D DUMP_VHOSTS

Depending on your system, you may need to use apachectl or httpd instead of apache2ctl

3 Likes
8

Found the following certs:
Certificate Name: keto-programs.com
Serial Number: 47a090373adcc6fa084e4c37bfa8966e0e0
Key Type: RSA
Domains: a-c-d.net keto-programs.com www.a-c-d.net www.keto-programs.com
Expiry Date: 2023-12-31 18:00:23+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/keto-programs.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/keto-programs.com/privkey.pem
Certificate Name: www.a-c-d.net
Serial Number: 3e1e2f778ccfd9dbe1284921833571bf4d0
Key Type: RSA
Domains: a-c-d.net www.a-c-d.net
Expiry Date: 2023-12-15 17:25:44+00:00 (VALID: 73 days)
Certificate Path: /etc/letsencrypt/live/www.a-c-d.net/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.a-c-d.net/privkey.pem

9 
VirtualHost configuration:
*:443                  is a NameVirtualHost
         default server www.a-c-d.net (/etc/apache2/sites-enabled/a-c-d.net-le-ssl.conf:2)
         port 443 namevhost www.a-c-d.net (/etc/apache2/sites-enabled/a-c-d.net-le-ssl.conf:2)
                 alias a-c-d.net
         port 443 namevhost www.keto-programs.com (/etc/apache2/sites-enabled/keto-programs.com-le-ssl.conf:2)
                 alias keto-programs.com
*:80                   is a NameVirtualHost
         default server www.a-c-d.net (/etc/apache2/sites-enabled/a-c-d.net.conf:1)
         port 80 namevhost www.a-c-d.net (/etc/apache2/sites-enabled/a-c-d.net.conf:1)
                 alias a-c-d.net
         port 80 namevhost www.keto-programs.com (/etc/apache2/sites-enabled/keto-programs.com.conf:1)
                 alias keto-programs.com
10

Can you show contents of both of those?

Please add 3 backticks before and after the output so that we see all the lines.

Like
```
contents
```

3 Likes
12

Those look like nuisance msgs possibly from bots or maybe friendly scanners checking your HTTPS.

The certs are fine but I think maybe your VirtualHosts got modified when you changed the cert layout. Please show the VirtualHost output from my previous post

3 Likes
13 
<IfModule mod_ssl.c>
<VirtualHost *:443>
  ServerName www.a-c-d.net
  ServerAlias a-c-d.net
  DocumentRoot /var/www/html/a-c-d.net/public_html
Include /etc/letsencrypt/options-ssl-apache.conf
Include /etc/letsencrypt/options-ssl-apache.conf
Protocols h2 http/1.1
SSLProtocol +TLSV1.2 +TLSv1.3
SSLCertificateFile /etc/letsencrypt/live/keto-programs.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/keto-programs.com/privkey.pem
</VirtualHost>
</IfModule>
14

Sorry about that one, it was from another server I am setting up. I deleted that post again.

1 Like
15 

<IfModule mod_ssl.c>
<VirtualHost *:443>
  ServerName www.keto-programs.com
  ServerAlias keto-programs.com
  DocumentRoot /var/www/html/keto-programs.com/public_html
RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.

# RewriteCond %{SERVER_NAME} =www.keto-programs.com [OR]
# RewriteCond %{SERVER_NAME} =keto-programs.com
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
Protocols h2 http/1.1
SSLProtocol +TLSV1.2 +TLSv1.3

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/keto-programs.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/keto-programs.com/privkey.pem
</VirtualHost>
</IfModule>
16

Please show:
ls -l /var/www/html/keto-programs.com/public_html/what-is-a-keto-diet/
And
sudo find / -name what-is-a-keto-diet

3 Likes
17

ls -l /var/www/html/keto-programs.com/public_html/what-is-a-keto-diet/
ls: cannot access '/var/www/html/keto-programs.com/public_html/what-is-a-keto-diet/': No such file or directory

18

sudo find / -name what-is-a-keto-diet has no output.

19

Where might it have gone?

Is there anything left in your DocumentRoot other than the home page?

ls -l /var/www/html/keto-programs.com/public_html
3 Likes
20

Are you doing something in the vhost [like for that location "/what-is-a-keto-diet/"] to handle those requests?

Did you copy this site from some other server [and forgot to get that folder]?

3 Likes
21

No. The weird thing is, it is the same thing with two sites at the same time. Both a-c-d.net and keto-programs.com only have the front page working and the rest is 404. Both sites have been on the same server for a long time. The only thing I did was delete another site and forget to delete the cert.

22

My only guess is that more than that was deleted.

3 Likes