I ran this command: sudo python3 -m venv /opt/certbot/
It produced this output: The virtual environment was not created successfully because ensurepip is not available. On Debian/Ubuntu systems, you need to install the python3-venv package using the following command. apt-get install python3-venv You may need to use sudo with that command. After installing the python3-venv package, recreate your virtual environment. Failing command: ['/opt/certbot/bin/python3', '-Im', 'ensurepip', '--upgrade', '--default-pip']
My web server is (include version): Server version: Apache/2.4.29 (Ubuntu) Server built: 2023-03-08T17:34:33
The operating system my web server runs on is (include version): Ubuntu 18.04 64bit minimal
My hosting provider, if applicable, is: Hostinger
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.27.0
Description:
Ok bear with me as I'm completely new to all these elements as I'm mostly a front-end developer. This domain is used for a app in a website, and its LetsEncrypt certificate expired. I have tried many ways to get issued another one but I always run into issues, which mostly end with the fact I can't run a virtual environment of Python to install Certbot. I tried deleting all certificates and instances of Certbot, which causes an issue where Apache can't be started. I recovered a backup and tried uninstalling and reinstalling Apache which fixes the issue where it can't start, but on both sides, I can't reinstall Certbot due to the Python virtual environment.
Certbot recommends using snapd for installation. Since snapd is not supported on Hostinger Linux-based VPS, you can use Python by installing it first on your server.
Sorry, I don't know pip / venv well enough to help with that. Maybe someone else here will offer help. Or, maybe ask Hostinger why their instructions failed. Or even at the EFF's github for Certbot (link here). Not trying to push you away just offering other avenues for install assistance.
I'd only suggest using a different ACME Client like acme.sh. It's a popular bash script so no snap or pip/venv. Might be easier for you to manage going forward. Just beware it's default CA is ZeroSSL so follow instructions to set default CA to Let's Encrypt.
Yes, multiple times, with and without "sudo", it just says python is already installed and updated to the latest version, but the moment I try to create the virtual environment it just says I have to install it, it's an endless loop.
I've been trying acme.sh, but when I do the acme.sh --issue -d sleepfirstfinancing.com -w /var/www/html command, I just get this:
[Thu Jan 25 17:27:10 UTC 2024] Using CA: https://acme.zerossl.com/v2/DV90
[Thu Jan 25 17:27:10 UTC 2024] Single domain='sleepfirstfinancing.com'
[Thu Jan 25 17:27:10 UTC 2024] Getting domain auth token for each domain
[Thu Jan 25 17:27:50 UTC 2024] Getting webroot for domain='sleepfirstfinancing.com'
[Thu Jan 25 17:27:50 UTC 2024] Error, can not get domain token "type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/cMe2v-APlkdYiUSOzODV3w","status":"invalid","error":{
[Thu Jan 25 17:27:50 UTC 2024] Please add '--debug' or '--log' to check more details.
[Thu Jan 25 17:27:50 UTC 2024] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
I've been trying to troubleshoot this issue, but I can assure you the domain is pointing to the VPS in the A records, which have the corresponding IPv4 address.
Note that ZeroSSL is a different Certificate Authority than Let's Encrypt and troubleshooting their issues is out of scope for the Let's Encrypt Community.
You can change the CA used. While you are testing, it is advisable to use the Let's Encrypt staging environment to avoid unintentionally encountering rate limits.
apparently there's an account.conf file inside the ~/.acme.sh/ directory where the contact email should be stored, but when I got to that directory, there's no account.conf file.
Yes, but is that done separately with acme.sh ? Looking at their docs it looked like that was for EAB. Perhaps I misread it. I haven't used acme.sh in ages so don't remember.
In any case, sounds like something was going wrong with whatever they did. I still think their github is better place for that problem.
EDIT: I was wrong. You do need to register once even for Let's Encrypt to setup the ACME account. I eventually found the docs about that here
curl https://get.acme.sh | sh -s email=my@example.com
and
./acme.sh --install -m my@example.com
I didn't change the email. So I redid everything, I generated the cert, key and fullchain files. I then edited the default-ssl.conf file to replace the existing files with the new ones. I ran the sudo a2ensite default-ssl.conf which says Site default-ssl already enabled
And right now I don't know what to do. The page is still showing the SSL error, when I use https://www.ssllabs.com it says the certificate is expired. I think the only thing that I couldn't do was restart apache after doing all of this, I tried many commands that restart it but I get no visual confirmation if it even happened, which it should do because it did so when I restarted inside the big command to generate the keys, cert and fullchain.