Hello,
I'm using certbot 1.19.0 and I want to change my domain name. For example, my current domain name is "https://example1.com" and I want to change it to "https://example2.com". I did below command:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate for example1.com and 2 more domains
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: www.example2.com
Type: dns
Detail: DNS problem: SERVFAIL looking up A for www.example2.com - the domain's nameservers may be malfunctioning
Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
Is this DNS problem related to my Linux server or the domain panel?
I remove --force-renewal option and I got same error:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/example1.com.conf)
It contains these names: example1.com, www.example1.com
You requested these names for the new certificate: example1.com, www.example1.com,
www.example2.com.
Do you want to expand and replace this existing certificate with the new
certificate?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(E)xpand/(C)ancel: e
Renewing an existing certificate for example1.com and 2 more domains
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: www.example2.com
Type: dns
Detail: DNS problem: SERVFAIL looking up A for www.example2.com - the domain's nameservers may be malfunctioning
Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
# cat wp.conf
<VirtualHost *:80>
ServerAdmin root@localhost
ServerName www.example2.com
ServerAlias www.example2.com
DocumentRoot /var/www/wordpress
ErrorLog /var/log/httpd/wordpress_error.log
CustomLog /var/log/httpd/wordpress_access.log common
RewriteEngine on
RewriteCond %{SERVER_NAME} =example2.com [OR]
RewriteCond %{SERVER_NAME} =www.example2.com [OR]
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
Redirect permanent / https://www.example2.com
TraceEnable off
ServerSignature Off
# SSL
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder on
SSLCompression off
SSLSessionTickets off
TimeOut 60
ErrorDocument 500 "Oh sorry dear."
RequestReadTimeout header=20-600,MinRate=500 body=20,MinRate=500
</VirtualHost>
<Directory "/var/www/wordpress">
# Options -Indexes +FollowSymLinks
Options -Indexes
AllowOverride All
Require all granted
</Directory>
<VirtualHost *:80>
ServerName IP
Redirect 403 /
ErrorDocument 403 "Sorry, direct IP access not allowed."
DocumentRoot /dev/null/
UseCanonicalName Off
UserDir disabled
</VirtualHost>
#Disable OPTIONS Method
<Location />
<LimitExcept GET POST>
order deny,allow
deny from all
</LimitExcept>
</Location>
I did:
# certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: example2.com
2: www.example2.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Requesting a certificate for example2.com
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/example2.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/example2.com/privkey.pem
This certificate expires on 2021-12-27.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
Deploying certificate
Successfully deployed certificate for example2.com to /etc/httpd/conf.d/wp-le-ssl.conf
Failed redirect for example2.com
Unable to set the redirect enhancement for example2.com.
NEXT STEPS:
- The certificate was saved, but could not be installed (installer: apache). After fixing the error shown below, try installing it again by running:
certbot install --cert-name example2.com
Unable to find corresponding HTTP vhost; Unable to create one as intended addresses conflict; Current configuration does not support automated redirection
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
Then:
# certbot install --cert-name example2.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Deploying certificate
Successfully deployed certificate for example2.com to /etc/httpd/conf.d/wp-le-ssl.conf
Failed redirect for example2.com
Unable to set the redirect enhancement for example2.com.
Unable to find corresponding HTTP vhost; Unable to create one as intended addresses conflict; Current configuration does not support automated redirection
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
The HTTPS site on port 443 should be in the file /etc/httpd/conf.d/wp-le-ssl.conf, so your wp.conf should not have any reference to SSL related directives. I have no idea how they got there in the first place?
Apart from having two VirtualHosts sections for the same virtual host, I dunno..
I also don't know what your actual issue currently is and it seems you don't want to share the hostnames (which is kinda mandatory on this Community), so I can't check what's wrong with your site.
I don't edited wp-le-ssl.conf file and I never added two VirtualHosts sections!
As I said, I want to change my HTTPS certificate to the new domain name.
I don't know. Looks like they aren't identical and I cannot guess what options your site requires. And why there are 2 sections? Well, perhaps your HTTP VirtualHost was also double? Maybe that's the reason why certbot also build two HTTPS VirtualHost sections..