I did a silly mistake by deleting my /etc/letsencrypt/ directory. What should I do now?


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
kkeen.co
I ran this command:
sudo certbot --authenticator webroot --installer apache
It produced this output:
Error while running apache2ctl configtest.
Action ‘configtest’ failed.
The Apache error log may have more information.

apache2: Syntax error on line 225 of /etc/apache2/apache2.conf: Syntax error on line 33 of /etc/apache2/sites-enabled/000-default-le-ssl.conf: Could not open configuration file /etc/letsencrypt/options-ssl-apache.conf: No such file or directory
My web server is (include version):
Apache2
The operating system my web server runs on is (include version):
Raspbian stretch
My hosting provider, if applicable, is:
namecheap.com
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

I am still able to access to my website with a ssl cert but I have lost my directory due to my stupidity as I thought deleting the directory would allow me to reinstall and reconfigure. Is there any chance if I can create a new certificate and add more domain names as I forgot to add www. on my previous one?

Thanks for the help!!


#2

Can you try reinstall the certbot?

Thank you


#3

Hi Steven,

I followed this link https://certbot.eff.org/#debianstretch-apache ,
and used the first command (sudo apt-get install python-certbot-apache -t stretch-backports)

This is the output and nothing has change :confused:
Reading package lists… Done
Building dependency tree
Reading state information… Done
python-certbot-apache is already the newest version (0.21.1-1~bpo9+1).
0 upgraded, 0 newly installed, 0 to remove and 31 not upgraded.


#4

Deleting /etc/letsencrypt does not harm certbot itself. Just try to reissue your certificates like you did before. If that fails, please show the corresponding error messages.


#5

Hi bytecamp,

I tried reissuing like how I did the first time with this command, sudo certbot --authenticator webroot --installer apache

But the output I got is
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running apache2ctl configtest.
Action ‘configtest’ failed.
The Apache error log may have more information.

apache2: Syntax error on line 225 of /etc/apache2/apache2.conf: Syntax error on line 33 of /etc/apache2/sites-enabled/000-default-le-ssl.conf: Could not open configuration file /etc/letsencrypt/options-ssl-apache.conf: No such file or directory

The apache plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError(“Error while running apache2ctl configtest.\nAction ‘configtest’ failed.\nThe Apache error log may have more information.\n\napache2: Syntax error on line 225 of /etc/apache2/apache2.conf: Syntax error on line 33 of /etc/apache2/sites-enabled/000-default-le-ssl.conf: Could not open configuration file /etc/letsencrypt/options-ssl-apache.conf: No such file or directory\n”,)


#6

Maybe getting rid of 000-default-le-ssl.conf will help:

cd /etc/apache2/sites-enabled/
mv 000-default-le-ssl.conf 000-default-le-ssl.conf-disabled

Afterwards, try apache2ctl configtest


#7

Hi bytecamp,

This is the output I got, I think it works!!
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message
Syntax OK

Thank you so much for the help, should I generate a new cert now? with sudo certbot --authenticator webroot --installer apache?


#8

This looks good, now just try to issue your certificates.


#9

This is the output I got, is it normal that it says my /etc/apache2/sites-enabled/000-default.conf were disabled.
I tried looking up my cert in crt.sh by typing my domain. (www.kkeen.co) I couldn’t find any.

IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/www.kkeen.co/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/www.kkeen.co/privkey.pem
    Your cert will expire on 2018-05-27. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot again
    with the “certonly” option. To non-interactively renew all of
    your certificates, run “certbot renew”
  • Some rewrite rules copied from
    /etc/apache2/sites-enabled/000-default.conf were disabled in the
    vhost for your HTTPS site located at
    /etc/apache2/sites-available/000-default-le-ssl.conf because they
    have the potential to create redirection loops.

#10

crt.sh doesn’t update instantly, though it’s usually pretty quick. They’re there now.

It says some rewrite rules were disabled. You might want to check the file to see what they are, and whether you think they are important.


#11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.