The certbot wrecked my Apache2 operations. It worked fine (https://mysite.com/etcetcetc) before the certbot run, now its redirecting to localhost and doesnt work at all. It also wrecked my webmin install which now doesn’t work at all.
POed, I am. I should never have trusted certbot to do it right.
What is the best way to get back to where I was (barring a restore of a backup, yeah, I know, I shoulda).
I am also getting an error upon attempting to restart apache2: “SSLCertificateFile: file ‘/etc/letsencrypt/live/[mydomainname].com/fullchain.pem’ does not exist or is empty”
[mydomainname] is correctly using my domain.
The .pem file does exist and is not empty, Error log:
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using [mydomainname].com. Set the ‘ServerName’ directive globally to suppress this message
[Sat Aug 26 13:10:28.115218 2017] [ssl:warn] [pid 1347] AH01906: [mydomainname].com:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Aug 26 13:10:28.115276 2017] [ssl:warn] [pid 1347] AH01909: [mydomainname].com:443:0 server certificate does NOT include an ID which matches the server name
Help would be appreciated. I’m down for now because I trusted certbot to do this correctly.
Hi @alabamatoy,
certbot has a rollback option, give it a try:
certbot rollback
You never can trust in any software and you should always have a backup… I think you already know it 
Good luck,
sahsanu
Yes, hopefully certbot rollback will fix things by restoring the Apache configuration to where it was.
If you’d like to help us figure out what went wrong, perhaps you could send us a copy of the before and after Apache configuration from /etc/apache2. I’m really sorry that Certbot messed up your Apache configuration, and I assure you that this situation is very unusual.
Schoen and Sahsanu…
(I bet you knew this was coming?) Please accept my apologies.
I dont yet understand how this happened, but when I posted these messages, it was minutes after installing and running certbot, and NOTHING worked from my HTTP server. I posted, yall responded very quickly, and in the meantime I had to leave the system alone for about 20 hours. I come back to the system now, and everything seems to be working! I have a functional cert for my Apache services, and webmin is back operational on the webmin server on the correct port.
I still have some notices in the Apache log like:
[Sun Aug 27 07:35:18.442611 2017] [ssl:warn] [pid 1347] AH01906: [mydomainname].com:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Aug 27 07:35:18.442689 2017] [ssl:warn] [pid 1347] AH01909: [mydomainname].com:443:0 server certificate does NOT include an ID which matches the server name
Do I need to worry about the ssl warning in my Apache logs? If so, what do I do to fix it? The server name in the server config matches the [mydomainname].com which was used in the Cerbot request.
Yall might want to have Certbot give a notice to impatient people like me that it may take some time for things to settle back out? Maybe its already there and I missed it.
Thanks again.
I’m also glad things are working better, but your experience is still different from the majority of users’ experiences:
Could you tell us the domain name? Could you post the log from /var/log/letsencrypt? And could you show us the contents of the configuration files in /etc/apache2?
I have a GD setup with all the files/folders you asked to see (the domain name of course is n there). Give me an offline means of commo (something non-public) and I will send you the link. My email is my forum name at gmail dot com
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.