Having issues installing certbot certificates

lfrdfnscpsd · July 31, 2024, 7:35pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

tafeman.com

I ran this command:

(Followed instructions on Certbot Instructions | Certbot)
sudo yum install snapd
sudo systemctl enable --now snapd.socket
sudo ln -s /var/lib/snapd/snap /snap
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot --apache
sudo systemctl restart httpd

It produced this output:

No errors/messages were displayed, but I see no certificates being used.

My web server is (include version):

Server version: Apache/2.4.57 (CentOS Stream)
Server built: Feb 7 2024 00:00:00

The operating system my web server runs on is (include version):

CentOS Stream release 9

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

certbot 2.11.0

Osiris · July 31, 2024, 7:57pm

Please provide the output or, if not available any longer, the log at /var/log/letsencrypt/.

By the way, someone is getting certs for subdomains of the tafeman.com domain for years now: crt.sh | tafeman.com. What has changed?

lfrdfnscpsd · July 31, 2024, 9:15pm

Hi Osiris,

Thanks for your reply. Even though I have a user with root privileges, I cannot see /var/log/letsencrypt/ :

drwx------. 2 root root 129 Jul 31 05:29 letsencrypt

Is there a way to get access?

To your second question, yes, I've own tafeman.com for years. So long, that not very good practices have been implemented in the original server. For that reason, I decided to build the server again and continue using the same domain. That's what I am trying to set.

rg305 · July 31, 2024, 9:28pm

root user has access.

lfrdfnscpsd · July 31, 2024, 10:32pm

Thanks @rg305 !

Got these files:

-rw-r--r--. 1 root root 1246 Jul 31 05:29 letsencrypt.log
-rw-r--r--. 1 root root 1291 Jul 31 02:42 letsencrypt.log.1
-rw-r--r--. 1 root root 1263 Jul 31 02:21 letsencrypt.log.2
-rw-r--r--. 1 root root 19777 Jul 31 01:55 letsencrypt.log.3
-rw-r--r--. 1 root root 0 Jul 31 01:53 letsencrypt.log.4

The last one, letsencrypt.log.4:

2024-07-31 01:53:28,101:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2024-07-31 01:53:28,380:DEBUG:certbot._internal.main:certbot version: 2.11.0
2024-07-31 01:53:28,380:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/3834/bin/certbot
2024-07-31 01:53:28,380:DEBUG:certbot._internal.main:Arguments: ['--apache', '--preconfigured-renewal']
2024-07-31 01:53:28,393:DEBUG:certbot._internal.log:Root logging level set at 30
2024-07-31 01:53:28,395:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2024-07-31 01:53:28,533:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.57
2024-07-31 01:53:28,729:WARNING:certbot_apache._internal.configurator:Could not find ssl_module; not disabling session tickets.
2024-07-31 01:53:28,732:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: Authenticator, Installer, Plugin
Entry point: EntryPoint(name='apache', value='certbot_apache._internal.entrypoint:ENTRYPOINT', group='certbot.plugins')
Initialized: <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f91c586cc10>
Prep: True
2024-07-31 01:53:28,733:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2024-07-31 01:53:49,125:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2024-07-31 01:53:49,127:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2024-07-31 01:53:49,269:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 746
2024-07-31 01:53:49,269:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 31 Jul 2024 01:53:49 GMT
Content-Type: application/json
Content-Length: 746
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"1BJ9KW6oz1o": "Adding random entries to the directory",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf",
"website": "https://letsencrypt.org"
},
2024-07-31 01:54:01,415:DEBUG:acme.client:Requesting fresh nonce
2024-07-31 01:54:01,416:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2024-07-31 01:54:01,462:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2024-07-31 01:54:01,462:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 31 Jul 2024 01:54:01 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: Ac-XFLXVWv-8AoyOISVe05qPvLGPq6R8Zv9FPZlA8De4Qug7Oa4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
2024-07-31 01:53:28,101:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2024-07-31 01:53:28,380:DEBUG:certbot._internal.main:certbot version: 2.11.0
2024-07-31 01:53:28,380:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/3834/bin/certbot
2024-07-31 01:53:28,380:DEBUG:certbot._internal.main:Arguments: ['--apache', '--preconfigured-renewal']
2024-07-31 01:53:28,380:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2024-07-31 01:53:28,393:DEBUG:certbot._internal.log:Root logging level set at 30
2024-07-31 01:53:28,395:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2024-07-31 01:53:28,533:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.57
2024-07-31 01:53:28,729:WARNING:certbot_apache._internal.configurator:Could not find ssl_module; not disabling session tickets.
2024-07-31 01:53:28,732:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: Authenticator, Installer, Plugin
Entry point: EntryPoint(name='apache', value='certbot_apache._internal.entrypoint:ENTRYPOINT', group='certbot.plugins')
Initialized: <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f91c586cc10>
Prep: True
2024-07-31 01:53:28,732:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f91c586cc10> and installer <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f91c586cc10>
2024-07-31 01:53:28,733:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2024-07-31 01:53:49,125:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2024-07-31 01:53:49,127:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2024-07-31 01:53:49,269:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 746
2024-07-31 01:53:49,269:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 31 Jul 2024 01:53:49 GMT
2024-07-31 01:53:28,101:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2024-07-31 01:53:28,380:DEBUG:certbot._internal.main:certbot version: 2.11.0
2024-07-31 01:53:28,380:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/3834/bin/certbot
2024-07-31 01:53:28,380:DEBUG:certbot._internal.main:Arguments: ['--apache', '--preconfigured-renewal']
2024-07-31 01:53:28,380:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2024-07-31 01:53:28,393:DEBUG:certbot._internal.log:Root logging level set at 30
2024-07-31 01:53:28,395:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2024-07-31 01:53:28,533:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.57
2024-07-31 01:53:28,729:WARNING:certbot_apache._internal.configurator:Could not find ssl_module; not disabling session tickets.
2024-07-31 01:53:28,732:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: Authenticator, Installer, Plugin
Entry point: EntryPoint(name='apache', value='certbot_apache._internal.entrypoint:ENTRYPOINT', group='certbot.plugins')
Initialized: <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f91c586cc10>
Prep: True
2024-07-31 01:53:28,732:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f91c586cc10> and installer <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f91c586cc10>
2024-07-31 01:53:28,733:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2024-07-31 01:53:49,125:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2024-07-31 01:53:49,127:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2024-07-31 01:53:49,269:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 746
2024-07-31 01:53:49,269:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 31 Jul 2024 01:53:49 GMT
Content-Type: application/json
Content-Length: 746
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"1BJ9KW6oz1o": "Adding random entries to the directory",
2024-07-31 01:53:28,101:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2024-07-31 01:53:28,380:DEBUG:certbot._internal.main:certbot version: 2.11.0
2024-07-31 01:53:28,380:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/3834/bin/certbot
2024-07-31 01:53:28,380:DEBUG:certbot._internal.main:Arguments: ['--apache', '--preconfigured-renewal']
2024-07-31 01:53:28,380:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2024-07-31 01:53:28,393:DEBUG:certbot._internal.log:Root logging level set at 30
2024-07-31 01:53:28,395:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2024-07-31 01:53:28,533:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.57
2024-07-31 01:53:28,729:WARNING:certbot_apache._internal.configurator:Could not find ssl_module; not disabling session tickets.
2024-07-31 01:53:28,732:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: Authenticator, Installer, Plugin
Entry point: EntryPoint(name='apache', value='certbot_apache._internal.entrypoint:ENTRYPOINT', group='certbot.plugins')
Initialized: <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f91c586cc10>
Prep: True
2024-07-31 01:53:28,732:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f91c586cc10> and installer <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f91c586cc10>
2024-07-31 01:53:28,733:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2024-07-31 01:53:49,125:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2024-07-31 01:53:49,127:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2024-07-31 01:53:49,269:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 746
2024-07-31 01:53:49,269:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 31 Jul 2024 01:53:49 GMT
Content-Type: application/json
Content-Length: 746
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"1BJ9KW6oz1o": "Adding random entries to the directory",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
2024-07-31 01:53:28,101:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2024-07-31 01:53:28,380:DEBUG:certbot._internal.main:certbot version: 2.11.0
2024-07-31 01:53:28,380:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/3834/bin/certbot
2024-07-31 01:53:28,380:DEBUG:certbot._internal.main:Arguments: ['--apache', '--preconfigured-renewal']
2024-07-31 01:53:28,380:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2024-07-31 01:53:28,393:DEBUG:certbot._internal.log:Root logging level set at 30
2024-07-31 01:53:28,395:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2024-07-31 01:53:28,533:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.57
2024-07-31 01:53:28,729:WARNING:certbot_apache._internal.configurator:Could not find ssl_module; not disabling session tickets.
2024-07-31 01:53:28,732:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: Authenticator, Installer, Plugin
Entry point: EntryPoint(name='apache', value='certbot_apache._internal.entrypoint:ENTRYPOINT', group='certbot.plugins')
Initialized: <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f91c586cc10>
Prep: True
2024-07-31 01:53:28,732:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f91c586cc10> and installer <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f91c586cc10>
2024-07-31 01:53:28,733:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2024-07-31 01:53:49,125:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2024-07-31 01:53:49,127:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2024-07-31 01:53:49,269:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 746
2024-07-31 01:53:49,269:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 31 Jul 2024 01:53:49 GMT
Content-Type: application/json
Content-Length: 746
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"1BJ9KW6oz1o": "Adding random entries to the directory",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf",
"website": "https://letsencrypt.org"
},
2024-07-31 01:53:28,101:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2024-07-31 01:53:28,380:DEBUG:certbot._internal.main:certbot version: 2.11.0
2024-07-31 01:53:28,380:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/3834/bin/certbot
2024-07-31 01:53:28,380:DEBUG:certbot._internal.main:Arguments: ['--apache', '--preconfigured-renewal']
2024-07-31 01:53:28,380:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2024-07-31 01:53:28,393:DEBUG:certbot._internal.log:Root logging level set at 30
2024-07-31 01:53:28,395:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2024-07-31 01:53:28,533:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.57
2024-07-31 01:53:28,729:WARNING:certbot_apache._internal.configurator:Could not find ssl_module; not disabling session tickets.
2024-07-31 01:53:28,732:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: Authenticator, Installer, Plugin
Entry point: EntryPoint(name='apache', value='certbot_apache._internal.entrypoint:ENTRYPOINT', group='certbot.plugins')
Initialized: <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f91c586cc10>
Prep: True
2024-07-31 01:53:28,732:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f91c586cc10> and installer <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f91c586cc10>
2024-07-31 01:53:28,733:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2024-07-31 01:53:49,125:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2024-07-31 01:53:49,127:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2024-07-31 01:53:49,269:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 746
2024-07-31 01:53:49,269:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 31 Jul 2024 01:53:49 GMT
Content-Type: application/json
Content-Length: 746
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"1BJ9KW6oz1o": "Adding random entries to the directory",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-03/renewalInfo",
2024-07-31 01:53:28,101:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2024-07-31 01:53:28,380:DEBUG:certbot._internal.main:certbot version: 2.11.0
2024-07-31 01:53:28,380:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/3834/bin/certbot
2024-07-31 01:53:28,380:DEBUG:certbot._internal.main:Arguments: ['--apache', '--preconfigured-renewal']
2024-07-31 01:53:28,380:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2024-07-31 01:53:28,393:DEBUG:certbot._internal.log:Root logging level set at 30
2024-07-31 01:53:28,395:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2024-07-31 01:53:28,533:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.57
2024-07-31 01:53:28,729:WARNING:certbot_apache._internal.configurator:Could not find ssl_module; not disabling session tickets.
2024-07-31 01:53:28,732:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: Authenticator, Installer, Plugin
Entry point: EntryPoint(name='apache', value='certbot_apache._internal.entrypoint:ENTRYPOINT', group='certbot.plugins')
Initialized: <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f91c586cc10>
Prep: True
2024-07-31 01:53:28,732:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f91c586cc10> and installer <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f91c586cc10>
2024-07-31 01:53:28,733:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2024-07-31 01:53:49,125:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2024-07-31 01:53:49,127:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2024-07-31 01:53:49,269:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 746
2024-07-31 01:53:49,269:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 31 Jul 2024 01:53:49 GMT
Content-Type: application/json
Content-Length: 746
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"1BJ9KW6oz1o": "Adding random entries to the directory",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-03/renewalInfo",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2024-07-31 01:54:01,415:DEBUG:acme.client:Requesting fresh nonce
2024-07-31 01:54:01,416:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2024-07-31 01:53:28,101:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2024-07-31 01:53:28,380:DEBUG:certbot._internal.main:certbot version: 2.11.0
2024-07-31 01:53:28,380:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/3834/bin/certbot
2024-07-31 01:53:28,380:DEBUG:certbot._internal.main:Arguments: ['--apache', '--preconfigured-renewal']
2024-07-31 01:53:28,380:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2024-07-31 01:53:28,393:DEBUG:certbot._internal.log:Root logging level set at 30
2024-07-31 01:53:28,395:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2024-07-31 01:53:28,533:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.57
2024-07-31 01:53:28,729:WARNING:certbot_apache._internal.configurator:Could not find ssl_module; not disabling session tickets.
2024-07-31 01:53:28,732:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: Authenticator, Installer, Plugin
Entry point: EntryPoint(name='apache', value='certbot_apache._internal.entrypoint:ENTRYPOINT', group='certbot.plugins')
Initialized: <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f91c586cc10>
Prep: True
2024-07-31 01:53:28,732:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f91c586cc10> and installer <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f91c586cc10>
2024-07-31 01:53:28,733:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2024-07-31 01:53:49,125:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2024-07-31 01:53:49,127:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2024-07-31 01:53:49,269:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 746
2024-07-31 01:53:49,269:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 31 Jul 2024 01:53:49 GMT
Content-Type: application/json
Content-Length: 746
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"1BJ9KW6oz1o": "Adding random entries to the directory",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-03/renewalInfo",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2024-07-31 01:54:01,415:DEBUG:acme.client:Requesting fresh nonce
2024-07-31 01:54:01,416:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2024-07-31 01:54:01,462:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2024-07-31 01:54:01,462:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx

rg305 · August 1, 2024, 1:49am

The latest / most recent one is "letsencrypt.log".
[check their timestamps]

Please upload the entire file.

lfrdfnscpsd · August 1, 2024, 2:18am

Thanks Rudy,

Here it is letsencrypt.log:

2024-07-31 22:28:09,777:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2024-07-31 22:28:09,908:DEBUG:certbot._internal.main:certbot version: 2.11.0
2024-07-31 22:28:09,908:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/3834/bin/certbot
2024-07-31 22:28:09,908:DEBUG:certbot._internal.main:Arguments: ['-q', '--preconfigured-renewal']
2024-07-31 22:28:09,909:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2024-07-31 22:28:09,922:DEBUG:certbot._internal.log:Root logging level set at 40
2024-07-31 22:28:09,923:DEBUG:certbot._internal.display.obj:Notifying user:

2024-07-31 22:28:09,924:DEBUG:certbot._internal.display.obj:Notifying user: No renewals were attempted.
2024-07-31 22:28:09,924:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2024-07-31 22:28:09,924:DEBUG:certbot._internal.renewal:no renewal failures

MikeMcQ · August 1, 2024, 2:28am

Let's start at the beginning by reviewing your Apache config. This is often where such things go wrong. I don't see that you've gotten any certs for that domain but let's make sure.

Please show output of these commands

sudo apache2ctl -t -D DUMP_VHOSTS
sudo certbot certificates

Note: You may need to use httpd instead of apache2ctl in above command but options are the same

lfrdfnscpsd · August 1, 2024, 2:46am

Thanks @MikeMcQ !
sudo httpd -t -D DUMP_VHOSTS
VirtualHost configuration:
*:443 www.tafeman.com (/etc/httpd/conf.d/tafe.conf:1)
*:80 www.tafeman.com (/etc/httpd/conf.d/tafe.conf:9)

sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

No certificates found.

rg305 · August 1, 2024, 2:48am

Walk us through that step.

MikeMcQ · August 1, 2024, 2:49am

also please show contents of this file. You don't show any certs but already have a VirtualHost for port 443 (HTTPS) that needs one

rg305 · August 1, 2024, 2:50am

Also note:

Name:    tafeman.com
Address: 159.203.15.164

Name:    www.tafeman.com
Address: Non-existent domain

lfrdfnscpsd · August 1, 2024, 3:06am

This is /etc/httpd/conf.d/tafe.conf:

<VirtualHost *:443>
    ServerName www.tafeman.com
    ServerAlias tafeman.com
    DocumentRoot /var/www/html/foto
    ErrorLog /var/www/html/foto/error.log
    CustomLog /var/www/html/foto/requests.log combined
</VirtualHost>

<VirtualHost *:80>
    ServerName www.tafeman.com
    ServerAlias tafeman.com
    DocumentRoot /var/www/html/foto
    ErrorLog /var/www/html/foto/error.log
    CustomLog /var/www/html/foto/requests.log combined
</VirtualHost>

lfrdfnscpsd · August 1, 2024, 3:09am

[root@tafe conf.d]# sudo certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Could not find ssl_module; not disabling session tickets.

Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.

1: tafeman.com
2: www.tafeman.com

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Requesting a certificate for tafeman.com and www.tafeman.com

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: www.tafeman.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for www.tafeman.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for www.tafeman.com - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

MikeMcQ · August 1, 2024, 3:33am

As @rg305 pointed out, there is no DNS A record for that name like you have for the apex domain name. You need to make one (or a CNAME)

lfrdfnscpsd:

<VirtualHost *:443>
    ServerName www.tafeman.com
    ServerAlias tafeman.com
    DocumentRoot /var/www/html/foto
    ErrorLog /var/www/html/foto/error.log
    CustomLog /var/www/html/foto/requests.log combined
</VirtualHost>

I would also remove the above from that conf file. It is not a valid HTTPS VirtualHost. And, I'm not sure Certbot --apache plugin will set it up properly. It likely will but I've never had to test that.

lfrdfnscpsd · August 1, 2024, 1:33pm

Dear @rg305, @MikeMcQ and @Osiris,

Reading the logs, found out ssl was not enabled. Also, after creating the suggested A record, I managed to successfully install the certificates!

Thank you very much for all your help!

Amazing support Letsencrypt!!!

system · August 31, 2024, 1:34pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Cant do sudo certbot --apache Help	3	593	February 15, 2022
Unable to install certbot Help	37	1010	February 4, 2024
Issue installing Certbot Help	5	1753	January 7, 2021
Unable to install certbot in OPENSUSE 15.2 Help	2	890	December 24, 2021
Attempt two, use certbot to install certificates Help	3	758	March 12, 2020

Having issues installing certbot certificates

Related topics