Httpd SSLCertificateFile: file '/etc/letsencrypt/live/radicale.powerbang.ovh/fullchain.pem' does not exist or is empt

Help
1

hi, i let my certifcates expire, and now, certbot is unable to recreate them, because httpd they do not exist anymore.
My domain is:
https://radicale.powerbang.ovh

certbot --apache -d radicale.powerbang.ovh -v              
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Requesting a certificate for radicale.powerbang.ovh
Performing the following challenges:
http-01 challenge for radicale.powerbang.ovh
Error while running apachectl graceful.
httpd not running, trying to start
 
 
Unable to restart apache using ['apachectl', 'graceful']
Cleaning up challenges
Error while running apachectl graceful.
httpd not running, trying to start
 
 
Unable to restart apache using ['apachectl', 'graceful']
Encountered exception during recovery: certbot.errors.MisconfigurationError: Error while running apachectl graceful.
httpd not running, trying to start
Error while running apachectl graceful.
httpd not running, trying to start
 
 
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details

certbot log : https://x0.at/xZmn.txt

My web server is (include version):
apache 2.4.63-3
The operating system my web server runs on is (include version):
archlinux
My hosting provider, if applicable, is:
myself, at home
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 4.0.0

2

Try using --standalone instead of apache, if there's no other webserver running on that machine.

You can eventually certbot reconfigure --cert-name $NAME --apache after.

2 Likes
3

ok, so in fact there is many domains to update, but with the fail, i tried to update only this one.

1: jenkins-aarch64.powerbang.ovh
2: jenkins-armv7.powerbang.ovh
3: jenkins-x86-64.powerbang.ovh
4: radicale.powerbang.ovh
5: syncthing-nfs.powerbang.ovh
6: transmission.powerbang.ovh
7: znc.powerbang.ovh

certbot certonly --standalone -d radicale.powerbang.ovh -v
https://x0.at/NWqa.txt

certbot --apache
https://x0.at/PWUJ.txt

journalctl -eu httpd

avr 20 00:01:05 rpi3 systemd[1]: Started Apache Web Server.
avr 20 00:01:09 rpi3 httpd[443]: AH00526: Syntax error on line 21 of /etc/httpd/conf/extra/radicale.powerbang.ovh.conf:
avr 20 00:01:09 rpi3 httpd[443]: SSLCertificateFile: file '/etc/letsencrypt/live/radicale.powerbang.ovh/fullchain.pem' does not exist or is empty
avr 20 00:01:08 rpi3 systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
avr 20 00:01:08 rpi3 systemd[1]: httpd.service: Failed with result 'exit-code'.
mai 15 10:52:22 rpi3 systemd[1]: Started Apache Web Server.
mai 15 10:52:22 rpi3 systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
mai 15 10:52:22 rpi3 systemd[1]: httpd.service: Failed with result 'exit-code'.
mai 17 22:45:16 rpi3 systemd[1]: Started Apache Web Server.
mai 17 22:45:16 rpi3 systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
mai 17 22:45:16 rpi3 systemd[1]: httpd.service: Failed with result 'exit-code'.

cat /etc/httpd/conf/extra/radicale.powerbang.ovh.conf

<VirtualHost *:80>
    ServerName  radicale.powerbang.ovh
    Redirect / https://radicale.powerbang.ovh/
RewriteEngine on
RewriteCond %{SERVER_NAME} =radicale.powerbang.ovh
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
 
<VirtualHost *:443>
   ServerName radicale.powerbang.ovh
   SSLEngine On
   SSLProxyEngine On
#   SSLProxyVerify optional_no_ca
   ProxyPreserveHost On
   ProxyPass / http://192.168.0.10:5232/
   ProxyPassReverse / http://192.168.0.10:5232/
 
   ErrorLog /var/log/httpd/radicale.powerbang.ovh.error.log
   CustomLog /var/log/httpd/radicale.powerbang.ovh.access.log combined
   Include /etc/letsencrypt/options-ssl-apache.conf
   #SSLCertificateFile /etc/letsencrypt/live/radicale.powerbang.ovh/fullchain.pem
#SSLCertificateKeyFile /etc/letsencrypt/live/radicale.powerbang.ovh/privkey.pem
</VirtualHost>

journalctl -eu httpd

mai 17 22:52:01 rpi3 systemd[1]: Started Apache Web Server.
mai 17 22:52:02 rpi3 systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
mai 17 22:52:02 rpi3 systemd[1]: httpd.service: Failed with result 'exit-code'

and if i uncomment the 2 sslcertificates lines, journalctl -eu httpd answer this:

mai 17 22:50:49 rpi3 systemd[1]: Started Apache Web Server.
mai 17 22:50:49 rpi3 httpd[375484]: AH00526: Syntax error on line 21 of /etc/httpd/conf/extra/radicale.powerbang.ovh.conf:
mai 17 22:50:49 rpi3 httpd[375484]: SSLCertificateFile: file '/etc/letsencrypt/live/radicale.powerbang.ovh/fullchain.pem' does not exist or is empty
mai 17 22:50:49 rpi3 systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
mai 17 22:50:49 rpi3 systemd[1]: httpd.service: Failed with result 'exit-code'.
4

Apache won't start without all the certificates it expects, and the latest certificate is not where the config says.

Your log says

Certificate is saved at: /etc/letsencrypt/live/radicale.powerbang.ovh-0001/fullchain.pem

But apache expects:

mai 17 22:50:49 rpi3 httpd[375484]: SSLCertificateFile: file '/etc/letsencrypt/live/radicale.powerbang.ovh/fullchain.pem' does not exist or is empty

I assumed the certificate wasn't there because it was a fresh certbot install, but the -0001 tells me something else might be going on.

3 Likes