How to set up VirtualHost files

My domain is:

clearpath.site

I ran this command:

sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update

sudo apt-get install certbot python-certbot-apache

sudo apt-get install python3-certbot-dns-linode

Then I create a file named linode.ini in my home directory and apply sudo chmod 600 linode.ini. The contents of the file are: dns_linode_key = 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ64

At this point I applied the command:

certbot certonly \
  --dns-linode \
  --dns-linode-credentials ~/.secrets/certbot/linode.ini \
  -i apache \
  -d clearpath.site \
  -d *.clearpath.site

It produced this output:

Something to the tune of… "Congratulations! your keys are here…"

My web server is (include version):

Server version: Apache/2.4.41 (Ubuntu)

The operating system my web server runs on is (include version):

Ubuntu 19.10

My hosting provider, if applicable, is:

Linode

I can login to a root shell on my machine (yes or no, or I don’t know):

Yes.

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

No.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

certbot 0.36.0

Also, my Virtual Host files looks like this:

<VirtualHost *:80>
        ServerName clearpath.site
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        Alias /static /home/david/clearpath_project/static
        <Directory /home/david/clearpath_project/static>
                Require all granted
        </Directory>

        Alias /media /home/david/clearpath_project/media
        <Directory /home/david/clearpath_project/media>
                Require all granted
        </Directory>

        <Directory /home/david/clearpath_project/config>
                <Files wsgi.py>
                        Require all granted
                </Files>
        </Directory>
        WSGIScriptAlias / /home/david/clearpath_project/config/wsgi.py
        WSGIDaemonProcess django_app python-path=/home/david/clearpath_project python-home=/home/david/clearpath_project/venv
        WSGIProcessGroup django_app
</VirtualHost>

The last time I used certbot was for a regular cert (not wildcard) and it created another default-ssl.conf file and a few lines at the bottom of the VH :80 that said REWRITE. Is this supposed to be there? I tried to insert the lines from the last time I did it and my Apache2 would not start. I am pretty sure it is supposed to create another VH file for port 443 (?).

All help is very much appreciated. I have tried this probably 30 times now. :smile:

1 Like

Hi @5starkarma

checking your domain you have created 5 certificates - https://check-your-website.server-daten.de/?q=clearpath.site#ct-logs

Issuer not before not after Domain names LE-Duplicate next LE
Let’s Encrypt Authority X3 2019-12-15 2020-03-14 *.clearpath.site, clearpath.site - 2 entries duplicate nr. 5 next Letsencrypt certificate: 2019-12-18 01:05:55
Let’s Encrypt Authority X3 2019-12-15 2020-03-14 *.clearpath.site, clearpath.site - 2 entries duplicate nr. 4
Let’s Encrypt Authority X3 2019-12-15 2020-03-14 *.clearpath.site, clearpath.site - 2 entries duplicate nr. 3
Let’s Encrypt Authority X3 2019-12-15 2020-03-14 *.clearpath.site, clearpath.site - 2 entries duplicate nr. 2
Let’s Encrypt Authority X3 2019-12-11 2020-03-10 *.clearpath.site, clearpath.site - 2 entries duplicate nr. 1
Let’s Encrypt Authority X3 2019-12-03 2020-03-02 *.clearpath.site, clearpath.site - 2 entries

So that part has worked - and you have hitted the limit.

Your command is a little bit curious:

certonly says: “Create only a certificate, don’t install it”.

But -i apache says: "Install it, there is an Apache.

May be that doesn’t work.

What says

certbot certificates

You should see the certificates you have created.

Then try

certbot --reinstall -d clearpath.site -d *.clearpath.site

Certbot should find the existing certificates and should create a (minimal) working vHost.

If that doesn’t work. Check your system, there is a sample of a minimal port 443 vHost.

2 Likes

Hi and thank you so much for your response!

When I try sudo certbot certificates:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
No certs found.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

:grimacing:

I just reverted to a backup of my server. What should I do from here? It looks like I cannot get a renewal til the 18th. That is fine. I can wait a few days. What should I do when the 18th comes? The examples section of the docs reads as if it should be like this:

certbot certonly \
  --dns-linode \
  --dns-linode-credentials ~/.secrets/certbot/linode.ini \
  -i apache \
  -d clearpath.site \
  -d *.clearpath.site

The added -i apache flag is because the certbot main docs say:

Choose how you'd like to run Certbot
Either get and install your certificates...
Run one of the commands in the "Examples" section of the instructions for your DNS provider, along with the flag -i apache.

Should I remove the certonly?

1 Like

Yes.

certonly and -i can’t be used both. Or if you use both, the result may unknown.

3 Likes

I’m a bit confused on how 5 certs were issued but none can be found by certbot…
What is shown at:
ls -l /etc/letsencrypt/live/

2 Likes

That produces ls: cannot access '/etc/letsencrypt/live/': No such file or directory.

I am pretty new to deployment and since it is purely command line I feel very blind in certain scenarios. Therefore if it seems to give a big error I revert to a backup of my server from the previous day so that I am not causing bugs I cannot find (starting fresh with reissuing certs).

Also, I just reverted to the backup before writing this post but certbot was still installed when I tried to install it so I thought everything would still be there (guess not).

1 Like

I think your certbot install… is incomplete.
try:
find / -name letsencrypt

1 Like
/usr/bin/letsencrypt
/var/lib/letsencrypt
/var/log/letsencrypt
/etc/letsencrypt

That’s the result using a backup.

3 Likes

please show:
ls -l /etc/letsencrypt/

david@clearpath:~$ sudo ls -l /etc/letsencrypt/
total 24
drwxr-xr-x 3 root root 4096 Dec 15 20:22 accounts
-rw-r--r-- 1 root root  121 May 26  2018 cli.ini
drwxr-xr-x 2 root root 4096 Dec 15 20:22 csr
drwx------ 2 root root 4096 Dec 15 20:22 keys
drwxr-xr-x 2 root root 4096 Dec 15 19:10 renewal
drwxr-xr-x 5 root root 4096 Dec 15 20:22 renewal-hooks

That is good to know. Is this a security thing?

Probably overlooked some required settings in the backup/restore.

There is no LIVE nor ARCHIVE folders there.
You may need to reinstall it.

sudo apt-get remove certbot
sudo apt-get install certbot

Will do. Thank you for all your help. I will reinstall today and reissue/reinstall certs on the 18th.

Do you guys work here? If I donate to letsencrypt does it support you in any way?

1 Like

Neither if us “work” for LE.
By supporting LE you do support us; in that we are volunteering to that cause and you are helping it.

[this is a COMMUNITY forum not a VENDOR forum]

2 Likes

Well you guys are okay in my book :slight_smile: :+1:

2 Likes

We “try” - lol

I don’t feel like I’ve done enough to deserve one… but if you feel like Buying me a :beer: I won’t stop you!
Although I would much rather prefer that you donate that :beer: money to LE
Either way:
-Cheers from Miami :beers:

1 Like

Have a beer on me. I’m going to also donate to LE. Thanks again.

2 Likes

Cheers :slight_smile:
Any issues… You know where to find help.

That depends on your “backup”.

My idea: It’s not a backup, it’s an older snapshot. So all newer files -> are removed.

So you don’t have one of the certificates -> you have to wait.

2 Likes