After years of renewing my certs I now have issues. It’s been so long since I’ve had any issues with this server I’m rusty and have tried so many things I have totally confused myself. Please, will someone help walk me thru renewing my certs for devrod.com with several subs. I think I have around 10 days before expiration.
To confirm; the fullchain.pem is missing, I don’t know why or how to fix it.
My domain is: devrod.com
web server: Apache.2.1.9
OS: Ubuntu 18.04
My hosting provider; Self
I ran this command:
sudo certbot renew
Output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
No renewals were attempted.
ran command:
sudo certbot
Output:
Error while running apache2ctl configtest.
Action ‘configtest’ failed.
The Apache error log may have more information.
AH00526: Syntax error on line 38 of /etc/apache2/sites-enabled/000-default-le-ssl.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/devrod.com/fullchain.pem’ does not exist or is empty
Seems that somebody has deleted your certificate from your Certbot installation (or the deleted /etc/letsencrypt directory). If you didn’t do it, I don’t know it could have happened.
You will need to first get your Apache configuration functional. It currently references a certificate that does not exist - you will not be able to restart Apache until that’s fixed. Either comment out that SSL virtual host by hand, or maybe try:
sudo a2dissite 000-default-le-ssl
Once that’s done, you can try get the certificate created again:
http + 443 sends a correct http answer, https + 443 sends the typical answer
SSL_ERROR_RX_RECORD_TOO_LONG
http + port 80 + /.well-known/acme-challenge/random-filename has a wrong redirect http -> https. That requires a working port 443, but your port 443 doesn't work.
May be certbot --apache works, perhaps remove that redirect.
Run apachectl -S as root or sudo.
PS: 20 Minutes later, now there is a working new Letsencrypt certificate
