Okay. I changed the www to the wildcard and then restarted Apache and the whole site and SSL certs are working again (without rerunning certbot).
Then:
sudo apachectl -S
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 173.230.154.79. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:443 clearpath.site (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
*:80 clearpath.site (/etc/apache2/sites-enabled/000-default.conf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33
1 Like
rg305
July 7, 2021, 1:39am
23
OK that is what I expected certbot certificates
2 Likes
Thanks for all the help!
sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewal configuration file /etc/letsencrypt/renewal/clearpath.site.conf produced an unexpected error: expected /etc/letsencrypt/live/clearpath.site/cert.pem to be a symlink. Skipping.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: clearpath.site-0001
Serial Number: 3f1e45713be97e1d1a7df5e057841350b36
Key Type: RSA
Domains: clearpath.site *.clearpath.site
Expiry Date: 2021-10-04 23:59:50+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/clearpath.site-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/clearpath.site-0001/privkey.pem
The following renewal configurations were invalid:
/etc/letsencrypt/renewal/clearpath.site.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Is there an easy way to turn on auto-renew for wildcards?
2 Likes
rg305
July 7, 2021, 1:44am
25
When (like in your case) you don't use --manual, then YES.normal.certbot renew
Actually, please check to see if one has already been created.
2 Likes
Yeah I will look around for one. Mainly asked to get an idea of what terms to search
1 Like
rg305
July 7, 2021, 1:49am
27
For root user:crontab -l
And, since you are using Ubuntu, also check:systemctl list-timers | grep certbot
[remember to mark one of these (many) replies as a solution to this topic]
2 Likes
Looks like things progressed.
1 Like
rg305
July 7, 2021, 1:57am
29
This is still annoying me:
1 Like
Yep. That's a problem.
Did you fix the live symlinks (or lack thereof) for the clearpath.site certificate?
1 Like
rg305
July 7, 2021, 2:01am
31
No, I was kinda hoping the renewal would fix things - but it hasn't.
1 Like
It looks like the clearpath.site certificate vanished!?
I didn't see a delete command listed anywhere.
Nope. It got skipped due to broken symlinks.
1 Like
@5starkarma
Remove the cruft.
sudo a2dissite 000-default.conf
sudo a2dissite 000-default-le-ssl.conf
sudo rm /etc/apache2/sites-available/000-default.conf
sudo rm /etc/apache2/sites-available/000-default-le-ssl.conf
sudo rm /etc/apache2/sites-available/000-default.conf.save
sudo certbot delete --cert-name clearpath.site
sudo certbot delete --cert-name clearpath.site-0001
Install the correct configuration file.
Download clearpath.site.conf.txt (973 Bytes)
Put it in /etc/apache2/sites-available
sudo mv /etc/apache2/sites-available/clearpath.site.conf.txt /etc/apache2/sites-available/clearpath.site.conf
sudo a2ensite clearpath.site.conf
Reload Apache.
sudo apachectl -k graceful
Acquire and install the correct certificate.
sudo certbot -a dns-linode --dns-linode-credentials /home/david/.secrets/certbot/linode.ini --dns-linode-propagation-seconds 120 -d "clearpath.site,*.clearpath.site" -i apache
1 Like
system
August 6, 2021, 2:54am
34
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
