Help to force new certificat not work?

hello I receive this message:
We recently discovered a bug in the Let’s Encrypt certificate authority code,
described here:

https: //community.letsencrypt. org / t / 2020-02-29-caa-recheckin g-bug / 114591

Unfortunately, this means that we have to revoke certificates that have been affected
by this bug, which includes one or more of your certificates. To avoid any
interruption, you will need to renew and replace your affected certificates by the
Wednesday, March 4, 2020. We sincerely apologize for the problem.

If you are not able to renew your certificate before March 4, when we must
revoke these certificates, visitors to your site will experience
safety warnings until you renew the certificate. Your ACME customer documentation
should explain how to renew.

If you use Certbot, the renewal order is as follows:

certbot renewal --strength-renewal

If you need help, please visit our community support forum:
https: //community.letsencrypt. org / t / revocation-certain- certifi cates-on-march-4/114864

Please search carefully for a solution before posting a new question. The
Let’s Encrypt staff will help our community to try to respond as best as possible to the needs of the
to unresolved issues as quickly as possible.

Your concerned certificates, listed by serial number and domain name:

04a752f12b103e3a15b1b6e1f3d126 16a8ac: myexpertinfo.com www.monexpertinfo.com

I launch command

/root/letsencrypt/letsencrypt-auto renew --force-renewal
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/www.monexpertinfo.com.conf


Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for monexpertinfo.com
http-01 challenge for www.monexpertinfo.com
Waiting for verification…
Challenge failed for domain www.monexpertinfo.com
http-01 challenge for www.monexpertinfo.com
Cleaning up challenges
Attempting to renew cert (www.monexpertinfo.com) from /etc/letsencrypt/renewal/www.monexpertinfo.com.conf produced an unexpected error: Some challenges have failed… Skipping.


Processing /etc/letsencrypt/renewal/www.mywebmaster-israel.ovh.conf


Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate


new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/www.mywebmaster-israel.ovh/fullchain.pem


The following certs could not be renewed:
/etc/letsencrypt/live/www.monexpertinfo.com/fullchain.pem (failure)


The following certs were successfully renewed:
/etc/letsencrypt/live/www.mywebmaster-israel.ovh/fullchain.pem (success)

The following certs could not be renewed:
/etc/letsencrypt/live/www.monexpertinfo.com/fullchain.pem (failure)


1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

but the file is not exist ?? how to fix this file?

thanks to help

1 Like

Check your webserver config. http://www.monexpertinfo.com/ and http://monexpertinfo.com/ are not responding the same.

1 Like

oopss my serveur is not http:// but https://www.monexpertinfo.com and https://monexpertinfo.com is redirect to https://Www.monexpertinfo.com

The webserver on http://www.monexpertinfo.com/ is not configured properly.

It sent me a raw php file instead of executing it and sending an http header.

I test in chrome and new edge browser and all it is redirect to https ?
can you view the problem here

1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

why I have this message ?

@michael10fr: seriously, check that webserver. This is not what a redirect is supposed to look like:

% curl http://www.monexpertinfo.com/
<?php 
header('Location: https://www.monexpertinfo.com'); 
?>
% curl -I http://www.monexpertinfo.com/
HTTP/1.1 200 OK
Date: Wed, 04 Mar 2020 12:29:07 GMT
Server: Apache/2.4.10 (Debian)
Last-Modified: Mon, 14 Jan 2019 08:27:50 GMT
ETag: "3e-57f66d1fd8d80"
Accept-Ranges: bytes
Content-Length: 62
Content-Type: text/html


but in my htaccess I have rule??
Can you tell what I need to do ?

RewriteEngine On
RewriteCond %{HTTP_HOST} ^monexpertinfo.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.monexpertinfo.com/$1 [R,L]

RewriteCond %{SERVER_PORT} !=443
RewriteCond %{HTTP_HOST} ^(www.)?monexpertinfo.com$ [NC]
RewriteRule ^(.*)$ “https://www.monexpertinfo.com/$1” [R=301,L]

no one know why this not work ???

Hi @michael10fr

your configuration is a little bit untypical. May be a problem, may be not - https://check-your-website.server-daten.de/?q=monexpertinfo.com - http + www + /.well-known isn’t redirected, http + non-www + /.well-known is redirected.

But --apache should skip that.

What says

apachectl -S

hello sorry for all time I not view your message
here command

root@monexpertinfo:~# apachectl -S
AH00112: Warning: DocumentRoot [/var/www/html/kippaperso] does not exist
VirtualHost configuration:
*:443 www.monexpertinfo.com (/etc/apache2/sites-enabled/monexpertinfo.com-le-ssl.conf :2)
*:80 is a NameVirtualHost
default server www.monexpertinfo.com (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost www.monexpertinfo.com (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost www.kippaperso.com (/etc/apache2/sites-enabled/kippaperso.com.conf:1)
alias kippaperso.com
port 80 namevhost www.monexpertinfo.com (/etc/apache2/sites-enabled/monexpertinfo.com.conf:1)
alias monexpertinfo.com
port 80 namevhost www.mywebmaster-israel.ovh (/etc/apache2/sites-enabled/mywebmaster-israel.o vh.conf:3)
alias mywebmaster.ovh
ServerRoot: “/etc/apache2”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/var/log/apache2/error.log”
Mutex default: dir="/var/lock/apache2" mechanism=fcntl
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
PidFile: “/var/run/apache2/apache2.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
Define: ENABLE_USR_LIB_CGI_BIN
User: name=“www-data” id=33
Group: name=“www-data” id=33

I have 2 vhost for this domaine ? certbod create this
/etc/apache2/sites-enabled/monexpertinfo.com-le-ssl.conf

and the old it is
/etc/apache2/sites-enabled/monexpertinfo.com.conf

I go this check and I have this resulte

see

I found the problem this is because I have many vhost I remove all vhost expt the original vhost create by letencrypt and now it is ok

Thanks a lot for you command this help me to find the probleme
you are the best !! [JuergenAuer]

Yep, these duplicated definitions

are bad.

Recheck it with apachectl -S, every combination port + domain name should be unique.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.