Help to force new certificat not work?

hello I receive this message:
We recently discovered a bug in the Let’s Encrypt certificate authority code,
described here:

https: //community.letsencrypt. org / t / 2020-02-29-caa-recheckin g-bug / 114591

Unfortunately, this means that we have to revoke certificates that have been affected
by this bug, which includes one or more of your certificates. To avoid any
interruption, you will need to renew and replace your affected certificates by the
Wednesday, March 4, 2020. We sincerely apologize for the problem.

If you are not able to renew your certificate before March 4, when we must
revoke these certificates, visitors to your site will experience
safety warnings until you renew the certificate. Your ACME customer documentation
should explain how to renew.

If you use Certbot, the renewal order is as follows:

certbot renewal --strength-renewal

If you need help, please visit our community support forum:
https: //community.letsencrypt. org / t / revocation-certain- certifi cates-on-march-4/114864

Please search carefully for a solution before posting a new question. The
Let’s Encrypt staff will help our community to try to respond as best as possible to the needs of the
to unresolved issues as quickly as possible.

Your concerned certificates, listed by serial number and domain name:

04a752f12b103e3a15b1b6e1f3d126 16a8ac:

I launch command

/root/letsencrypt/letsencrypt-auto renew --force-renewal
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/

Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for
http-01 challenge for
Waiting for verification…
Challenge failed for domain
http-01 challenge for
Cleaning up challenges
Attempting to renew cert ( from /etc/letsencrypt/renewal/ produced an unexpected error: Some challenges have failed… Skipping.

Processing /etc/letsencrypt/renewal/

Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate

new certificate deployed with reload of apache server; fullchain is

The following certs could not be renewed:
/etc/letsencrypt/live/ (failure)

The following certs were successfully renewed:
/etc/letsencrypt/live/ (success)

The following certs could not be renewed:
/etc/letsencrypt/live/ (failure)

1 renew failure(s), 0 parse failure(s)


but the file is not exist ?? how to fix this file?

thanks to help

1 Like

Check your webserver config. and are not responding the same.

1 Like

oopss my serveur is not http:// but and is redirect to

The webserver on is not configured properly.

It sent me a raw php file instead of executing it and sending an http header.

I test in chrome and new edge browser and all it is redirect to https ?
can you view the problem here

1 renew failure(s), 0 parse failure(s)


why I have this message ?

@michael10fr: seriously, check that webserver. This is not what a redirect is supposed to look like:

% curl
% curl -I
HTTP/1.1 200 OK
Date: Wed, 04 Mar 2020 12:29:07 GMT
Server: Apache/2.4.10 (Debian)
Last-Modified: Mon, 14 Jan 2019 08:27:50 GMT
ETag: "3e-57f66d1fd8d80"
Accept-Ranges: bytes
Content-Length: 62
Content-Type: text/html

but in my htaccess I have rule??
Can you tell what I need to do ?

RewriteEngine On
RewriteCond %{HTTP_HOST} ^ [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$$1 [R,L]

RewriteCond %{SERVER_PORT} !=443
RewriteCond %{HTTP_HOST} ^(www.)?$ [NC]
RewriteRule ^(.*)$ “$1” [R=301,L]

no one know why this not work ???

Hi @michael10fr

your configuration is a little bit untypical. May be a problem, may be not - - http + www + /.well-known isn’t redirected, http + non-www + /.well-known is redirected.

But --apache should skip that.

What says

apachectl -S

hello sorry for all time I not view your message
here command

root@monexpertinfo:~# apachectl -S
AH00112: Warning: DocumentRoot [/var/www/html/kippaperso] does not exist
VirtualHost configuration:
*:443 (/etc/apache2/sites-enabled/ :2)
*:80 is a NameVirtualHost
default server (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost (/etc/apache2/sites-enabled/
port 80 namevhost (/etc/apache2/sites-enabled/
port 80 namevhost (/etc/apache2/sites-enabled/mywebmaster-israel.o vh.conf:3)
ServerRoot: “/etc/apache2”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/var/log/apache2/error.log”
Mutex default: dir="/var/lock/apache2" mechanism=fcntl
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
PidFile: “/var/run/apache2/”
User: name=“www-data” id=33
Group: name=“www-data” id=33

I have 2 vhost for this domaine ? certbod create this

and the old it is

I go this check and I have this resulte


I found the problem this is because I have many vhost I remove all vhost expt the original vhost create by letencrypt and now it is ok

Thanks a lot for you command this help me to find the probleme
you are the best !! [JuergenAuer]

Yep, these duplicated definitions

are bad.

Recheck it with apachectl -S, every combination port + domain name should be unique.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.