Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: notjustdetails.com
I ran this command: See New SSL Certificate not working NameMismatch and ChainErrors for full chain
but I was having trouble setting up my virtual host. I managed to install the certbot with no errors but it still wasnât a secure site.
After I tried commenting out the ServerAlias lines and the Rewrite that mentioned www.notjustdetails.com (which I think might not be explicitly in my server) I had a problem that has caused my server not to be able to start
I felt it was weird that this last one I ran did not mention that I already had a certificate like it did the previous time that I tried again - it was as if it was new
Maybe because the previous one was tied to both URLs
Here is the certbot output:
Which names would you like to activate HTTPS for?
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter âcâ to cancel): 1
Obtaining a new certificate
Created an SSL vhost at /etc/httpd/conf/httpd-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf/httpd-le-ssl.conf
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if youâre confident your site works on HTTPS. You can undo this
change by editing your web serverâs configuration.
Select the appropriate number [1-2] then [enter] (press âcâ to cancel): 2
Enhancement redirect was already set.
Error while running apachectl graceful.
Job for httpd.service invalid.
Unable to restart apache using [âapachectlâ, âgracefulâ]
Error while running apachectl restart.
Job for httpd.service failed because the control process exited with error code. See âsystemctl status httpd.serviceâ and âjournalctl -xeâ for details.
Rolling back to previous server configurationâŚ
Error while running apachectl graceful.
Job for httpd.service invalid.
Unable to restart apache using [âapachectlâ, âgracefulâ]
Error while running apachectl restart.
Job for httpd.service failed because the control process exited with error code. See âsystemctl status httpd.serviceâ and âjournalctl -xeâ for details.
Encountered exception during recovery:
Traceback (most recent call last):
File â/usr/lib/python2.7/site-packages/certbot/_internal/error_handler.pyâ, line 125, in _call_registered
self.funcs-1
File â/usr/lib/python2.7/site-packages/certbot/_internal/client.pyâ, line 627, in _rollback_and_restart
self.installer.restart()
File â/usr/lib/python2.7/site-packages/certbot_apache/_internal/configurator.pyâ, line 2324, in restart
self._reload()
File â/usr/lib/python2.7/site-packages/certbot_apache/_internal/configurator.pyâ, line 2351, in _reload
raise errors.MisconfigurationError(error)
MisconfigurationError: Error while running apachectl restart.
Job for httpd.service failed because the control process exited with error code. See âsystemctl status httpd.serviceâ and âjournalctl -xeâ for details.
Error while running apachectl restart.
Job for httpd.service failed because the control process exited with error code. See âsystemctl status httpd.serviceâ and âjournalctl -xeâ for details.
IMPORTANT NOTES:
-
An error occurred and we failed to restore your config and restart
your server. Please post to
https://community.letsencrypt.org/c/help with details about your
configuration and this error you received. -
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/notjustdetails.com-0001/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/notjustdetails.com-0001/privkey.pemYour cert will expire on 2020-07-04. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the âcertonlyâ option. To non-interactively renew all of
your certificates, run âcertbot renewâ -
Some rewrite rules copied from /etc/httpd/conf/httpd.conf were
disabled in the vhost for your HTTPS site located at
/etc/httpd/conf/httpd-le-ssl.conf because they have the potential
to create redirection loops.
I took out those comment tags and made the config files like they were before. I tried commenting out the log lines because of something else I ran - neither worked.
here is systemctl status httpd.service
â httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sun 2020-04-05 01:44:48 UTC; 21min ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 6308 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
Process: 6255 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=0/SUCCESS)
Process: 6307 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 6307 (code=exited, status=1/FAILURE)
Apr 05 01:44:48 notjustdetails systemd[1]: Starting The Apache HTTP ServerâŚ
Apr 05 01:44:48 notjustdetails systemd[1]: httpd.service: main process exiteâŚE
Apr 05 01:44:48 notjustdetails kill[6308]: kill: cannot find process ââ
Apr 05 01:44:48 notjustdetails systemd[1]: httpd.service: control process exâŚ1
Apr 05 01:44:48 notjustdetails systemd[1]: Failed to start The Apache HTTP SâŚ
Apr 05 01:44:48 notjustdetails systemd[1]: Unit httpd.service entered failedâŚ
Apr 05 01:44:48 notjustdetails systemd[1]: httpd.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
Here is journalctl -xe
Hint: You are currently not seeing messages from other users and the system.
Users in the âsystemd-journalâ group can see all messages. Pass -q to
turn off this notice.â
â Unit session-99.scope has finished starting up
â The start-up result is done.
Apr 05 02:01:01 notjustdetails systemd[1]: Starting Session 99 of user root.
â Subject: Unit session-99.scope has begun start-up
â Defined-By: systemd
â Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
â Unit session-99.scope has begun starting up.
Apr 05 02:01:01 notjustdetails CROND[6323]: (root) CMD (run-parts /etc/cron.hourly)
Apr 05 02:01:01 notjustdetails run-parts(/etc/cron.hourly)[6326]: starting 0anacron
Apr 05 02:01:01 notjustdetails anacron[6332]: Anacron started on 2020-04-05
Apr 05 02:01:01 notjustdetails anacron[6332]: Normal exit (0 jobs run)
Apr 05 02:01:01 notjustdetails run-parts(/etc/cron.hourly)[6334]: finished 0anacron
Apr 05 02:01:01 notjustdetails systemd[1]: Removed slice User Slice of root.
â Subject: Unit user-0.slice has finished shutting down
â Defined-By: systemd
â Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel--
â Unit user-0.slice has finished shutting down.
Apr 05 02:01:01 notjustdetails systemd[1]: Stopping User Slice of root.
â Subject: Unit user-0.slice has begun shutting down
â Defined-By: systemd
â Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
â Unit user-0.slice has begun shutting down.
Apr 05 02:01:42 notjustdetails sudo[6337]: chris : TTY=pts/0 ; PWD=/etc/httpd/conf ;
Apr 05 02:02:39 notjustdetails sudo[6339]: chris : TTY=pts/0 ; PWD=/etc/httpd/conf ;
Apr 05 02:03:09 notjustdetails sudo[6341]: chris : TTY=pts/0 ; PWD=/etc/httpd/conf ;
lines 3593-3622/3622 (END)
Also - I tried to restart the httpd.service on my command line and it said
usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] âŚ
Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: unrecognized arguments: --apacheq
I would like to recover from this, so please let me know if you see a solution from these logs.
But, I do have a snapshot of my droplet. I can wipe all this out and restore if needed.
If I do need to start over and I still want a SSL certificate, do I just add the virtual host information to the httpd.conf without the server alias www address and start over? Or do I need to try to use whatâs in the Letsencrypt folder even though it never worked?
My web server is (include version): Digital Ocean droplet
The operating system my web server runs on is (include version): CentOS
My hosting provider, if applicable, is: none
I can login to a root shell on my machine (yes or no, or I donât know): Y
Iâm using a control panel to manage my site (no, or provide the name and version of the control panel): N
The version of my client is (e.g. output of certbot --version or certbot-auto --version if youâre using Certbot):