How to SSL installation for new subdomain

My domain is:

I ran this command:no

It produced this output: no

My web server is (include version): Apache/2.2.15 (Unix)

The operating system my web server runs on is (include version): CentOS release 6.8 (Final)

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): YES

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

A new subdomain is no different than an entirely new domain, just follow whatever instructions are appropriate for your software.

And be careful because some softwares include their own acme client and don’t play nice with others.

i have recieved this error to renew domain

None of the common names in the certificate match the name that was entered (qa-api.juvlon.com). You may receive an error when accessing this site in a web browser. Learn more about name mismatch errors.

you should renew that certificate.

login on whatever machine is behind the 52.44.195.201 ip address, and tell your acme client to renew it.

i had login with thi machine and run below command but given this error

./letsencrypt-auto --force-renewal -nvv certonly --standalone -d qa-api.juvlon.com -d qa-api.juvlon.com

Of course it won’t run, you have a webserver running already on that machine. Use this command:

./letsencrypt-auto renew --verbose --apache

i have received below error


  • The following errors were reported by the server:

    Domain: lnkjuv4.com
    Type: dns
    Detail: DNS problem: NXDOMAIN looking up A for lnkjuv4.com - check
    that a DNS record exists for this domain

Is that domain yours?

Are you still using it on that server?

show me the full output, not just the errors (use the </> button)

[root@qa-atm letsencrypt]# ./letsencrypt-auto renew --verbose --apache
Upgrading certbot-auto 0.33.1 to 1.3.0…
Replacing certbot-auto…
Root logging level set at 10
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/lnkjuv4.com.conf


Requested authenticator apache and installer apache
Var authenticator=apache (set by user).
Var installer=apache (set by user).
Should renew, less than 30 days before certificate expiry 2019-07-16 06:45:47 UTC.
Cert is due for renewal, auto-renewing…
Requested authenticator apache and installer apache
Apache version is 2.2.15
Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f75bb1b7810>
Prep: True
Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f75bb1b7810>
Prep: True
Selected authenticator <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f75bb1b7810> and installer <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f75bb1b7810>
Plugins selected: Authenticator apache, Installer apache
Picked account: <Account(RegistrationResource(body=Registration(status=None, terms_of_service_agreed=None, agreement=None, only_return_existing=None, contact=(), key=None, external_account_binding=None), uri=u’https://acme-v02.api.letsencrypt.org/acme/acct/50191541’, new_authzr_uri=None, terms_of_service=None), ff43518b0977b2587c383d06c3f368e6, Meta(creation_host=u’ip-172-16-8-15.ec2.internal’, creation_dt=datetime.datetime(2019, 1, 25, 6, 42, 23, tzinfo=)))>
Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
https://acme-v02.api.letsencrypt.org:443 “GET /directory HTTP/1.1” 200 658
Received response:
HTTP 200
Server: nginx
Date: Fri, 03 Apr 2020 13:22:44 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
“HNpeI4ZUXqQ”: “Adding random entries to the directory”,
“keyChange”: “https://acme-v02.api.letsencrypt.org/acme/key-change”,
“meta”: {
“caaIdentities”: [
letsencrypt.org
],
“termsOfService”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”,
“website”: “https://letsencrypt.org
},
“newAccount”: “https://acme-v02.api.letsencrypt.org/acme/new-acct”,
“newNonce”: “https://acme-v02.api.letsencrypt.org/acme/new-nonce”,
“newOrder”: “https://acme-v02.api.letsencrypt.org/acme/new-order”,
“revokeCert”: “https://acme-v02.api.letsencrypt.org/acme/revoke-cert
}
Renewing an existing certificate
Generating key (2048 bits): /etc/letsencrypt/keys/0004_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0004_csr-certbot.pem
Requesting fresh nonce
Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
https://acme-v02.api.letsencrypt.org:443 “HEAD /acme/new-nonce HTTP/1.1” 200 0
Received response:
HTTP 200
Server: nginx
Date: Fri, 03 Apr 2020 13:22:45 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0102VEa3WuCaa_IjJ1Fi__sDG4ddARSBSU4WjAZi0_UHfL8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

Storing nonce: 0102VEa3WuCaa_IjJ1Fi__sDG4ddARSBSU4WjAZi0_UHfL8
JWS payload:
{
“identifiers”: [
{
“type”: “dns”,
“value”: “lnkjuv4.com
}
]
}
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
“protected”: “eyJub25jZSI6ICIwMTAyVkVhM1d1Q2FhX0lqSjFGaV9fc0RHNGRkQVJTQlNVNFdqQVppMF9VSGZMOCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzUwMTkxNTQxIiwgImFsZyI6ICJSUzI1NiJ9”,
“payload”: “ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwgCiAgICAgICJ2YWx1ZSI6ICJsbmtqdXY0LmNvbSIKICAgIH0KICBdCn0”,
“signature”: “NF9HBQ1wgIV1rH1bIFYRbyrz1KN_nE_8KkggHIE-mPM-oUWyl0Ys1sQQAStQCuLGtc1iJRxUYcMGn-t8ydsQBzGPMhXNjFk6Ekjdb0Kj24a_KeIZoDyDAZOmox6TJrqeoJG_RBn5BobpioILpFkC-TbL6IVyaKOrlYQwpazNXqLz0k1v9HQ7j345VYalOyU1UyFJlGgAH5em-NdqK_mjDu_9ev9DolyYPKAdoG_6IrsYuldFwK4wbpIf4tU82Tsb0_q9Z5NvDKF19Kg4yvARS98P9KsmfZFm2jPC-PXM40qYMCLyOHj-jJNusUBbPRYWbWEHNbK6GrPjsAfEjReVQw”
}
https://acme-v02.api.letsencrypt.org:443 “POST /acme/new-order HTTP/1.1” 201 341
Received response:
HTTP 201
Server: nginx
Date: Fri, 03 Apr 2020 13:22:45 GMT
Content-Type: application/json
Content-Length: 341
Connection: keep-alive
Boulder-Requester: 50191541
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Location: https://acme-v02.api.letsencrypt.org/acme/order/50191541/2877321230
Replay-Nonce: 0101RjtItOaBmJ6O16x7vU81VfKvuXK84BpSXuUE2jPrd_o
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
“status”: “pending”,
“expires”: “2020-04-10T13:22:45.180844956Z”,
“identifiers”: [
{
“type”: “dns”,
“value”: “lnkjuv4.com
}
],
“authorizations”: [
https://acme-v02.api.letsencrypt.org/acme/authz-v3/3736872318
],
“finalize”: “https://acme-v02.api.letsencrypt.org/acme/finalize/50191541/2877321230
}
Storing nonce: 0101RjtItOaBmJ6O16x7vU81VfKvuXK84BpSXuUE2jPrd_o
JWS payload:

Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/3736872318:
{
“protected”: “eyJub25jZSI6ICIwMTAxUmp0SXRPYUJtSjZPMTZ4N3ZVODFWZkt2dVhLODRCcFNYdVVFMmpQcmRfbyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMzczNjg3MjMxOCIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC81MDE5MTU0MSIsICJhbGciOiAiUlMyNTYifQ”,
“payload”: “”,
“signature”: “eT0QMi79qhA2c__LoWGx55dN3a1-aTpvkxyapgIMsJR1ssibvwZQArFLt2bFKghfn_RYoVC14gdKEtXtDnIr6jo5DdYkz-GN27QgicKMmM3QZCHTVQoyzGnJKvMG4f6nnKNJHOVE6-nXBRppza0KTvqLtyiH-ywEg97aCYY90UcboUrWKfp-vxFMWFR310dt7G7Nyvv0vNf9O2sP65C5A8zGe03KqidXVPYRwBcxjjaOX5ZzhlzIQpbrXMWp6E-iMZRowukHpQus8D71lG_kyIPK5cx75jhMWHU4El5cgltsdnYk2KDmg-JpnvejNKPyzUn2wIoKA7dfEPlqLfyStg”
}
https://acme-v02.api.letsencrypt.org:443 “POST /acme/authz-v3/3736872318 HTTP/1.1” 200 789
Received response:
HTTP 200
Server: nginx
Date: Fri, 03 Apr 2020 13:22:45 GMT
Content-Type: application/json
Content-Length: 789
Connection: keep-alive
Boulder-Requester: 50191541
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0101yhDs8HUWM2PcO9QoF2CujUIsZ2HSWHmjaZc9ac79pU8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
“identifier”: {
“type”: “dns”,
“value”: “lnkjuv4.com
},
“status”: “pending”,
“expires”: “2020-04-10T13:22:45Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/3736872318/XhQl9w”,
“token”: “DGYw81FjlStVtM-hpkRm6azXJLyGjnrvDsR0KxfkTrI”
},
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/3736872318/04R4FA”,
“token”: “DGYw81FjlStVtM-hpkRm6azXJLyGjnrvDsR0KxfkTrI”
},
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/3736872318/LGdBZQ”,
“token”: “DGYw81FjlStVtM-hpkRm6azXJLyGjnrvDsR0KxfkTrI”
}
]
}
Storing nonce: 0101yhDs8HUWM2PcO9QoF2CujUIsZ2HSWHmjaZc9ac79pU8
Performing the following challenges:
http-01 challenge for lnkjuv4.com
Adding a temporary challenge validation Include for name: lnkjuv4.com:443 in: /etc/httpd/conf.d/ssl.conf
Adding a temporary challenge validation Include for name: 172.16.8.118 in: /etc/httpd/conf/httpd.conf
Adding a temporary challenge validation Include for name: link1.aprsnd1.com in: /etc/httpd/conf/httpd.conf
Adding a temporary challenge validation Include for name: 52.44.195.201 in: /etc/httpd/conf/httpd.conf
Adding a temporary challenge validation Include for name: qa-api.juvlon.com in: /etc/httpd/conf/httpd.conf
Adding a temporary challenge validation Include for name: app7.e-juvlon.com in: /etc/httpd/conf/httpd.conf
writing a pre config file with text:
RewriteEngine on
RewriteRule ^/.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ /var/lib/letsencrypt/http_challenges/$1 [L]

writing a post config file with text:
<Directory /var/lib/letsencrypt/http_challenges>
Order Allow,Deny
Allow from all

<Location /.well-known/acme-challenge>
Order Allow,Deny
Allow from all

Creating backup of /etc/httpd/conf/httpd.conf
Creating backup of /etc/httpd/conf.d/ssl.conf
Waiting for verification…
JWS payload:
{
“type”: “http-01”,
“resource”: “challenge”
}
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/3736872318/XhQl9w:
{
“protected”: “eyJub25jZSI6ICIwMTAxeWhEczhIVVdNMlBjTzlRb0YyQ3VqVUlzWjJIU1dIbWphWmM5YWM3OXBVOCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMzczNjg3MjMxOC9YaFFsOXciLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNTAxOTE1NDEiLCAiYWxnIjogIlJTMjU2In0”,
“payload”: “ewogICJ0eXBlIjogImh0dHAtMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9”,
“signature”: “IywPsOWmZGZtk4Hh86VuEyA8IqCt6Cmcl2OyijVh42yJ2eSiPfPJd11DMvqJPhFTWfWSi1JIclIsROpSF6PkQpiC2H3IFhQeaSliJUggMXnL88IvrR_k7tQVrY2JmueRfRBbsjyrrtqG4MeiNSaPvM4OBDKeuFK8r4O9b6bSDbykmLX9W5M5o9Cbm-ue_F6_tKs9eET5q7oDLexAQpsMDy1K1jhphdFlru1Qj6uct6bv9tVLbTlowLbXmI0Qs2nWyq3CorCebk3NIfeytp7ZhBUTTxucRvj9KlPSzotcA8xvtnALB_5AWYbYMykXIav7gmcsrCNQ6S5nW1VOJHXBxg”
}
https://acme-v02.api.letsencrypt.org:443 “POST /acme/chall-v3/3736872318/XhQl9w HTTP/1.1” 200 185
Received response:
HTTP 200
Server: nginx
Date: Fri, 03 Apr 2020 13:22:48 GMT
Content-Type: application/json
Content-Length: 185
Connection: keep-alive
Boulder-Requester: 50191541
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”, https://acme-v02.api.letsencrypt.org/acme/authz-v3/3736872318;rel=“up”
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/3736872318/XhQl9w
Replay-Nonce: 0101OJMwEDlXyiESWlKcHGGDRa4USHlrwT00V0QvRmiGbfk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/3736872318/XhQl9w”,
“token”: “DGYw81FjlStVtM-hpkRm6azXJLyGjnrvDsR0KxfkTrI”
}
Storing nonce: 0101OJMwEDlXyiESWlKcHGGDRa4USHlrwT00V0QvRmiGbfk
JWS payload:

Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/3736872318:
{
“protected”: “eyJub25jZSI6ICIwMTAxT0pNd0VEbFh5aUVTV2xLY0hHR0RSYTRVU0hscndUMDBWMFF2Um1pR2JmayIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMzczNjg3MjMxOCIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC81MDE5MTU0MSIsICJhbGciOiAiUlMyNTYifQ”,
“payload”: “”,
“signature”: “sqeVvmbRMLyHYZyXOk51cwijCq_HXEBVu9RUxs0sHatu3V4kHuR-O5ifYyiBCW6Mz5So6Tnslwt1esD9oqBetC_Adgrlcu9XhwXr-JCfPMNbxYPz_7P4b4Ohmz4u7Ohj0IqUhpOOV9Qso-z_oG7oF9yFYB92__iwxHmBgNCYtrr_uRsXLW7MVwlyTyY9vCA09owQ0ttgBdNrKMC9sXJlCktn2pn390Hdi_-M6NAxykdPb-_HYwFqJEWIYicJ4WeHk5xBTvix54HhslCB3yqlp-_qjpQfwIk7JOW2TlIP9kflzf7hVQx4jnP-QYhjwj3ctCJZhcwpUkgx-zIxuox-aw”
}
https://acme-v02.api.letsencrypt.org:443 “POST /acme/authz-v3/3736872318 HTTP/1.1” 200 583
Received response:
HTTP 200
Server: nginx
Date: Fri, 03 Apr 2020 13:22:49 GMT
Content-Type: application/json
Content-Length: 583
Connection: keep-alive
Boulder-Requester: 50191541
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0102Kwbn5E9luMntchEh58jDfxDGoqHye_nTJzF3Qv6GKKA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
“identifier”: {
“type”: “dns”,
“value”: “lnkjuv4.com
},
“status”: “invalid”,
“expires”: “2020-04-10T13:22:45Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:ietf:params:acme:error:dns”,
“detail”: “DNS problem: NXDOMAIN looking up A for lnkjuv4.com - check that a DNS record exists for this domain”,
“status”: 400
},
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/3736872318/XhQl9w”,
“token”: “DGYw81FjlStVtM-hpkRm6azXJLyGjnrvDsR0KxfkTrI”
}
]
}
Storing nonce: 0102Kwbn5E9luMntchEh58jDfxDGoqHye_nTJzF3Qv6GKKA
Challenge failed for domain lnkjuv4.com
http-01 challenge for lnkjuv4.com
Reporting to user: The following errors were reported by the server:

Domain: lnkjuv4.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for lnkjuv4.com - check that a DNS record exists for this domain
Encountered exception:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/auth_handler.py”, line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/auth_handler.py”, line 180, in _poll_authorizations
raise errors.AuthorizationError(‘Some challenges have failed.’)
AuthorizationError: Some challenges have failed.

Calling registered functions
Cleaning up challenges
Attempting to renew cert (lnkjuv4.com) from /etc/letsencrypt/renewal/lnkjuv4.com.conf produced an unexpected error: Some challenges have failed… Skipping.
Traceback was:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/renewal.py”, line 448, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/main.py”, line 1176, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/main.py”, line 116, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/renewal.py”, line 306, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/client.py”, line 344, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/client.py”, line 391, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/auth_handler.py”, line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/auth_handler.py”, line 180, in _poll_authorizations
raise errors.AuthorizationError(‘Some challenges have failed.’)
AuthorizationError: Some challenges have failed.


Processing /etc/letsencrypt/renewal/qa-api.juvlon.com.conf


Var authenticator=apache (set by user).
Starting new HTTP connection (1): ocsp.int-x3.letsencrypt.org:80
http://ocsp.int-x3.letsencrypt.org:80 “POST / HTTP/1.1” 200 527
OCSP response for certificate /etc/letsencrypt/archive/qa-api.juvlon.com/cert1.pem is signed by the certificate’s issuer.
OCSP certificate status for /etc/letsencrypt/archive/qa-api.juvlon.com/cert1.pem is: OCSPCertStatus.GOOD
Cert not yet due for renewal
Requested authenticator apache and installer apache
Selecting plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f75b55c1710>
Plugin storage file /etc/letsencrypt/.pluginstorage.json was empty, no values loaded
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/lnkjuv4.com/fullchain.pem (failure)


The following certs are not due for renewal yet:
/etc/letsencrypt/live/qa-api.juvlon.com/fullchain.pem expires on 2020-07-02 (skipped)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/lnkjuv4.com/fullchain.pem (failure)


Exiting abnormally:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/bin/letsencrypt”, line 11, in
sys.exit(main())
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py”, line 15, in main
return internal_main.main(cli_args)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/main.py”, line 1347, in main
return config.func(config, plugins)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/main.py”, line 1255, in renew
renewal.handle_renewal_request(config)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/renewal.py”, line 473, in handle_renewal_request
len(renew_failures), len(parse_failures)))
Error: 1 renew failure(s), 0 parse failure(s)
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: lnkjuv4.com
    Type: dns
    Detail: DNS problem: NXDOMAIN looking up A for lnkjuv4.com - check
    that a DNS record exists for this domain

It looks like you’re fine.

But apache isn’t reloading for whatever reason, run systemctl reload httpd

This domain is expired, you can remove it.
(certbot certificates and then certbot delete --cert-name ...)

i had already run below command
service httpd restart
can run below now —
certbot certificates and then certbot delete --lnkjuv4.com

is require to change anything in ssl.conf

which path need to run this command
certbot certificates and then certbot delete --lnkjuv4.com

certbot delete --cert-name lnkjuv4.com

Check if this is your problem: New certificate installed - getting fails in the browser

[root@qa-atm letsencrypt]# certbot delete --lnkjuv4.com
-bash: certbot: command not found

ok. when I say certbot you need to type letsencrypt-auto. and do not replace --cert-name, type after it.

sir below is ssl.conf details is there need to change

Server Certificate:

Point SSLCertificateFile at a PEM encoded certificate. If

the certificate is encrypted, then you will be prompted for a

pass phrase. Note that a kill -HUP will prompt again. A new

certificate can be generated using the genkey(1) command.

SSLCertificateFile /etc/letsencrypt/live/lnkjuv4.com/cert.pem

Server Private Key:

If the key is not combined with the certificate, use this

directive to point at the key file. Keep in mind that if

you’ve both a RSA and a DSA private key you can configure

both in parallel (to also allow the use of DSA ciphers, etc.)

SSLCertificateKeyFile /etc/letsencrypt/live/lnkjuv4.com/privkey.pem

Server Certificate Chain:

Point SSLCertificateChainFile at a file containing the

concatenation of PEM encoded CA certificates which form the

certificate chain for the server certificate. Alternatively

the referenced file can be the same as SSLCertificateFile

when the CA certificates are directly appended to the server

certificate for convinience.

SSLCertificateChainFile /etc/letsencrypt/live/lnkjuv4.com/chain.pem

point those to your new certificate.

run ./letsencrypt-auto certificates to see the right paths.

[root@qa-atm letsencrypt]# ./letsencrypt-auto certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Found the following certs:
Certificate Name: lnkjuv4.com
Domains: lnkjuv4.com
Expiry Date: 2019-07-16 06:45:47+00:00 (INVALID: EXPIRED)
Certificate Path: /etc/letsencrypt/live/lnkjuv4.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/lnkjuv4.com/privkey.pem
Certificate Name: qa-api.juvlon.com
Domains: qa-api.juvlon.com
Expiry Date: 2020-07-02 12:08:00+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/qa-api.juvlon.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/qa-api.juvlon.com/privkey.pem


[root@qa-atm letsencrypt]#

SSLCertificateFile /etc/letsencrypt/live/qa-api.juvlon.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/qa-api.juvlon.com/privkey.pem

you need those two lines. (you can remove all the rest.)

sir
is this ok

Server Certificate:

Point SSLCertificateFile at a PEM encoded certificate. If

the certificate is encrypted, then you will be prompted for a

pass phrase. Note that a kill -HUP will prompt again. A new

certificate can be generated using the genkey(1) command.

SSLCertificateFile /etc/letsencrypt/live/qa-api.juvlon.com/fullchain.pem

Server Private Key:

If the key is not combined with the certificate, use this

directive to point at the key file. Keep in mind that if

you’ve both a RSA and a DSA private key you can configure

both in parallel (to also allow the use of DSA ciphers, etc.)

SSLCertificateKeyFile /etc/letsencrypt/live/qa-api.juvlon.com/privkey.pem