Hopelessly lost, SSL cert missing after years of renewals

After years of renewing my certs I now have issues. It’s been so long since I’ve had any issues with this server I’m rusty and have tried so many things I have totally confused myself. Please, will someone help walk me thru renewing my certs for devrod.com with several subs. I think I have around 10 days before expiration.

To confirm; the fullchain.pem is missing, I don’t know why or how to fix it.


My domain is: devrod.com
web server: Apache.2.1.9
OS: Ubuntu 18.04
My hosting provider; Self


I ran this command:
sudo certbot renew
Output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log


No renewals were attempted.


ran command:
sudo certbot
Output:
Error while running apache2ctl configtest.
Action ‘configtest’ failed.
The Apache error log may have more information.

AH00526: Syntax error on line 38 of /etc/apache2/sites-enabled/000-default-le-ssl.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/devrod.com/fullchain.pem’ does not exist or is empty

Devrod

sudo certbot certificates
1 Like

Results


No certs found.


Seems that somebody has deleted your certificate from your Certbot installation (or the deleted /etc/letsencrypt directory). If you didn’t do it, I don’t know it could have happened.

You will need to first get your Apache configuration functional. It currently references a certificate that does not exist - you will not be able to restart Apache until that’s fixed. Either comment out that SSL virtual host by hand, or maybe try:

sudo a2dissite 000-default-le-ssl

Once that’s done, you can try get the certificate created again:

sudo certbot --apache

OK, I’ll do the “a2dissite 000-default-le-ssl”
Will I nee to do that for the Sub-Domains also?

The goal is to get to a point where this doesn’t produce any errors:

sudo apachectl configtest

We know for sure that the one site for sure needs to be disabled, and then you can check again. Rinse and repeat until it works.

Hi @devrod

checking your domain there is a working Apache - https://check-your-website.server-daten.de/?q=devrod.com

But it’s http over port 443, Grade Q.

Domainname Http-Status redirect Sec. G
http://devrod.com/ 72.179.58.107 301 https://devrod.com/ Html is minified: 100,00 % 0.354 A
http://www.devrod.com/ 72.179.58.107 301 https://www.devrod.com/ Html is minified: 100,00 % 0.434 A
https://devrod.com/ 72.179.58.107 -4 0.627 W
SendFailure - The underlying connection was closed: An unexpected error occurred on a send.
https://www.devrod.com/ 72.179.58.107 -4 0.623 W
SendFailure - The underlying connection was closed: An unexpected error occurred on a send.
http://devrod.com:443/ 72.179.58.107 GZip used - 4399 / 13557 - 67,55 % 200 Html is minified: 140,27 % 0.330 Q

http + 443 sends a correct http answer, https + 443 sends the typical answer

SSL_ERROR_RX_RECORD_TOO_LONG

http + port 80 + /.well-known/acme-challenge/random-filename has a wrong redirect http -> https. That requires a working port 443, but your port 443 doesn’t work.

May be certbot --apache works, perhaps remove that redirect.

Run apachectl -S as root or sudo.

PS: 20 Minutes later, now there is a working new Letsencrypt certificate

https://devrod.com/

:+1:

Yes Sir, You caught me with my pants down. I believe they’re back up now.
Thanks for Run response, it helped

1 Like

Thanks, you were a great help after knocking off some rust things started to make sense. I really appreciate it.
Again Thanks!