Help me I cannot renew the SSL certificate of my website

What I did was deactivate the Varnish service and apparently now it rejects the connection to HTTP, I use Virtualmin and apparently Virtualmin by default does not bring the Varnish, I have to install it but I do not remember having installed it

After deactivating Varnish did you restart Apache? You should. I still cannot connect using http and your https connection works except for your expired cert.

What is the result of this command:

sudo netstat -pant | grep -Ei '80|443|apache|varnish'

I restarted apache and Connection Refused port 80 still appears

Ok, well, the VirtualHost you showed above is not listening on port 80. What does this command show?

sudo apachectl -t -D DUMP_VHOSTS

Are there any messages when you run:

sudo apachectl restart

Do you have this file? What is in it?

/etc/apache2/ports.conf 

Listen 8080
Listen 443

But if I activate the Varnish service again, port 80 appears with Varnish

Yeah. Do not do that Your Varnish is not working correctly with Apache. I cannot help you with that but I may be able to get your Apache working if you do not have Varnish running. How do you want to proceed?

I want to disable Varnish and work normally with apache

Ok, add a Listen 80 line to your ports.conf

Then restart Apache and show any messages from that command

sudo apachectl restart

I think it already works, when usingcurl -I http://masshopping.com.ve/.well-known/acme-challenge/Test-1234

HTTP/1.1 302 Found
Date: Tue, 30 Nov 2021 16:58:15 GMT
Server: Apache
Location: https://masshopping.com.ve/.well-known/acme-challenge/Test-1234
Content-Type: text/html; charset=iso-8859-1

Good. Now try your certbot renew

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: admin.masshopping.com.ve
   Type:   connection
   Detail: Fetching https://masshopping.com.ve:10000/: Invalid port in
   redirect target. Only ports 80 and 443 are supported, not 10000

   Domain: webmail.masshopping.com.ve
   Type:   connection
   Detail: Fetching https://masshopping.com.ve:20000/: Invalid port in
   redirect target. Only ports 80 and 443 are supported, not 20000

Ok, getting close but your redirects to your admin and mail servers in masshopping.com.ve.conf are not correct. They should not redirect requests for /.well-known/acme-challenge.

And, while the below can redirect it is best if it does not. It also uses similar rewrite syntax as your admin and mail so if you can get this to return a '200 OK' then do same change to the rewrites for mail and admin.

   You want this:
curl -i http://masshopping.com.ve/.well-known/acme-challenge/Test-1234

   To return this:
HTTP/1.1 200 OK
Date: Tue, 30 Nov 2021 17:10:30 GMT
Server: Apache
Last-Modified: Mon, 29 Nov 2021 19:17:38 GMT
ETag: "d-5d1f24b41c9be"
Accept-Ranges: bytes
Content-Length: 13
content-Security-Policy: upgrade-insecure-requests

testdata1234

Ok, for now I have to wait, I get this:

Attempting to renew cert (masshopping.com.ve) from /etc/letsencrypt/renewal/masshopping.com.ve.conf produced an unexpected error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/masshopping.com.ve/fullchain.pem (failure)

What could I change here to solve the problem?

<VirtualHost 193.34.144.174:80>
    SuexecUserGroup "#1002" "#1002"
    ServerName masshopping.com.ve
    ServerAlias www.masshopping.com.ve
    ServerAlias mail.masshopping.com.ve
    ServerAlias webmail.masshopping.com.ve
    ServerAlias admin.masshopping.com.ve
    ServerAlias *.masshopping.com.ve
    DocumentRoot /home/masshing/public_html
    ErrorLog /var/log/virtualmin/masshopping.com.ve_error_log
    CustomLog /var/log/virtualmin/masshopping.com.ve_access_log combined
    ScriptAlias /cgi-bin /home/masshing/public_html/cgi-bin
    DirectoryIndex index.php index.php4 index.php5 index.htm index.html
    <Directory /home/masshing/public_html>
    Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
    allow from all
    AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
    Require all granted
    AddType application/x-httpd-php .php
    #extra config to disable default index.html
    DirectoryIndex disabled
    DirectoryIndex index.php
    </Directory>
    <Directory /home/masshing/cgi-bin>
    allow from all
    AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
    #extra config to disable default index.html
    DirectoryIndex disabled
    DirectoryIndex index.php
    </Directory>
    RewriteEngine on
    RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [R]
    RewriteCond %{HTTP_HOST} =webmail.masshopping.com.ve
    RewriteRule ^(?!/.well-known)(.*) https://masshopping.com.ve:20000/ [R]
    RewriteCond %{HTTP_HOST} =admin.masshopping.com.ve
    RewriteRule ^(?!/.well-known)(.*) https://masshopping.com.ve:10000/ [R]
    RemoveHandler .php
    RemoveHandler .php7.4
<Files awstats.pl>
AuthName "masshopping.com.ve statistics"
AuthType Basic
AuthUserFile /home/masshing/.awstats-htpasswd
require valid-user
</Files>
RedirectMatch ^/(?!.well-known)(.*)$ https://masshopping.com.ve/$1
php_admin_value engine Off
<FilesMatch \.php$>
    SetHandler proxy:fcgi://localhost:8000
</FilesMatch>
</VirtualHost>
<VirtualHost 193.34.144.174:443>
    SuexecUserGroup "#1002" "#1002"
    ServerName masshopping.com.ve
    ServerAlias www.masshopping.com.ve
    ServerAlias mail.masshopping.com.ve
    ServerAlias webmail.masshopping.com.ve
    ServerAlias admin.masshopping.com.ve
    ServerAlias *.masshopping.com.ve
    DocumentRoot /home/masshing/public_html
    ErrorLog /var/log/virtualmin/masshopping.com.ve_error_log
    CustomLog /var/log/virtualmin/masshopping.com.ve_access_log combined
    ScriptAlias /cgi-bin /home/masshing/public_html/cgi-bin
    DirectoryIndex index.php index.php4 index.php5 index.htm index.html
    <Directory /home/masshing/public_html>
    Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
    allow from all
    AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
    Require all granted
    AddType application/x-httpd-php .php
    #extra config to disable default index.html
    DirectoryIndex disabled
    DirectoryIndex index.php
    </Directory>
    <Directory /home/masshing/cgi-bin>
    allow from all
    AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
    #extra config to disable default index.html
    DirectoryIndex disabled
    DirectoryIndex index.php
    </Directory>
    RewriteEngine on
    RewriteCond %{HTTP_HOST} =webmail.masshopping.com.ve
    RewriteRule ^(?!/.well-known)(.*) https://masshopping.com.ve:20000/ [R]
    RewriteCond %{HTTP_HOST} =admin.masshopping.com.ve
    RewriteRule ^(?!/.well-known)(.*) https://masshopping.com.ve:10000/ [R]
    RemoveHandler .php
    RemoveHandler .php7.4
<Files awstats.pl>
AuthName "masshopping.com.ve statistics"
AuthType Basic
AuthUserFile /home/masshing/.awstats-htpasswd
require valid-user
</Files>
SSLEngine on
SSLCertificateFile /home/masshing/ssl.cert
SSLCertificateKeyFile /home/masshing/ssl.key
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCACertificateFile /home/masshing/ssl.ca
php_admin_value engine Off
<FilesMatch \.php$>
    SetHandler proxy:fcgi://localhost:8000
</FilesMatch>
</VirtualHost>

That is redirecting redirecting requests to .well-known to https server. Similar syntax for you mail and admin rewrite rules. I do not have time right now to figure out why. I do not understand how those worked to get your certs originally.

You should fix this before trying certbot again

Ready, the certificate works, what I did was request for all domains except for webmail.masshopping.com.ve and admin.masshopping.com.ve

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.