I have a domain and some domain aliases… (for privacy reasons, I replaced the real name with the name “example”)
this is my apache vitual host config :
<VirtualHost *:80>
DocumentRoot "/var/www/vhosts/booking.example.it/ROOT"
ServerName booking.example.it
ServerAdmin info@example.com
ServerAlias my.example.it
ServerAlias www.example2.eu
ServerAlias www.example3.com
<Directory “/var/www/vhosts/booking.example.it/ROOT”>
allow from all
Options None
Require all granted
RewriteEngine on
RewriteCond %{SERVER_NAME} =booking.example.it [OR]
RewriteCond %{SERVER_NAME} =my.example.it [OR]
RewriteCond %{SERVER_NAME} =www.example2.eu [OR]
RewriteCond %{SERVER_NAME} =www.example3.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
this domain (booking.example.it) already have an https certificate but with TLS-SNI-01 challenge…
Now I want to update my certificates to http-01 validation with command :
./certbot-auto --authenticator webroot --webroot-path /var/www/vhosts/booking.example.it/ROOT --installer apache -d booking.example.it -d my.example.it -d www.example2.eu -d www.example3.com
so i get :
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for booking.example.it
http-01 challenge for my.example.it
http-01 challenge for www.example2.eu
http-01 challenge for www.example3.com
Using the webroot path /var/www/vhosts/booking.example.it/ROOT for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Deploying Certificate for booking.example.it to VirtualHost /etc/apache2/sites-enabled/booking.example.it-le-ssl.conf
Deploying Certificate for my.example.it to VirtualHost /etc/apache2/sites-enabled/booking.example.it-le-ssl.conf
Deploying Certificate for www.example2.eu to VirtualHost /etc/apache2/sites-enabled/booking.example.it-le-ssl.conf
Deploying Certificate for www.example3.com to VirtualHost /etc/apache2/sites-enabled/booking.example.it-le-ssl.conf
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you’re confident your site works on HTTPS. You can undo this
change by editing your web server’s configuration.
Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Failed redirect for booking.example.it
Unable to set enhancement redirect for booking.example.it
Unable to find corresponding HTTP vhost; Unable to create one as intended addresses conflict; Current configuration does not support automated redirection
IMPORTANT NOTES:
- We were unable to set up enhancement redirect for your server,
however, we successfully installed your certificate. - Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/booking.example.it/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/booking.example.it/privkey.pem
Your cert will expire on 2018-04-24. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again with the “certonly” option. To non-interactively renew all
of your certificates, run “certbot-auto renew”
I have also a cron job :
certbot renew
so …
- can i be sure that the certificates are installed (and work) correctly?
- what does it mean the red message “… Failed redirect for booking.example.it … Unable to set enhancement redirect for booking.example.it …”
- should i change the cron job command?