I gave up on extending the domain, but letsencrypt-certbot still remember it causing errors

Help
1

I gave up on extending two domains 3math.es and math2play4priz.es, which expired in mid November 2021.
I've also removed them from Apache .conf files, but letsencrypt-certbot still remember it causing errors.

My domain is: doktorb.it(with www, img http/https subdomains), dyplomantka.pl(with www http/https subdomains), dyplomant.pl(with www http/https subdomains) - still active main domains of my service
3math.es(with www http/https subdomains), math2play4priz.es(with www http/https subdomains) - expired domains

Używasz WordPressa 5.9 z motywem Hueman Child.doktorb.it(with www, img http/https subdomains)
PHP/MySQL own code dyplomantka.pl(with www http/https subdomains), dyplomant.pl(with www http/https subdomains)

I ran this command: via SSH: certbot renew

It produced this output:

root@Bit:/etc/apache2/sites-available# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/doktorb.it.conf

Cert not yet due for renewal

Processing /etc/letsencrypt/renewal/dyplomant.pl-0001.conf

Cert not yet due for renewal

Processing /etc/letsencrypt/renewal/dyplomant.pl.conf

Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer None
Renewing an existing certificate for dyplomant.pl and math2play4priz.es
Failed to renew certificate dyplomant.pl with error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see Rate Limits - Let's Encrypt

Processing /etc/letsencrypt/renewal/dyplomantka.pl.conf

Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer None
Renewing an existing certificate for 3math.es and 10 more domains
Failed to renew certificate dyplomantka.pl with error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see Rate Limits - Let's Encrypt

Processing /etc/letsencrypt/renewal/img.doktorb.it.conf

Cert not yet due for renewal

The following certificates are not due for renewal yet:
/etc/letsencrypt/live/doktorb.it/fullchain3.pem expires on 2022-05-08 (skipped)
/etc/letsencrypt/live/dyplomant.pl-0001/fullchain.pem expires on 2022-05-08 (skipped)
/etc/letsencrypt/live/img.doktorb.it/fullchain3.pem expires on 2022-05-04 (skipped)
All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/dyplomant.pl/fullchain3.pem (failure)
/etc/letsencrypt/live/dyplomantka.pl/fullchain3.pem (failure)

2 renew failure(s), 0 parse failure(s)
root@Bit:/etc/apache2/sites-available#

My web server is (include version): Serwer WWW

  • Apache/2.4.51 (Debian)
  • Wersja klienta bazy danych: libmysql - mysqlnd 7.4.27
  • Wersja PHP: 7.4.27

The operating system my web server runs on is (include version): Linux Bit 5.10.0-10-amd64 #1 SMP Debian 5.10.84-1 (2021-12-08) x86_64

My hosting provider, if applicable, is: www.put.poznan.pl (Poznań University of Technology) runnig on IP 150.254.30.100 virtual machine. I obtained it year ago with pure Debian 9 which I have upgraded myself to Debian 10. I have also installed MySQL 8 and upgraded PHP and add phpMyAdmin.

I can login to a root shell on my machine (yes or no, or I don't know): yes via puttys SSH

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.12.0

2

Please show the output of:

certbot certificates

Also, are you on a Bitnami system? As I'm seeing "Bit" in the prompt of your SSH..

2 Likes
3

root@Bit:/home/andrzeju# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Found the following certs:
Certificate Name: doktorb.it
Serial Number: 449b28a7a009fb141a0c39ca41ec8410ba3
Key Type: RSA
Domains: doktorb.it dyplomant.pl dyplomantka.pl img.doktorb.it www.doktorb.it www.dyplomant.pl www.dyplomantka.pl
Expiry Date: 2022-05-08 08:29:09+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/doktorb.it/fullchain3.pem
Private Key Path: /etc/letsencrypt/live/doktorb.it/privkey3.pem
Certificate Name: dyplomant.pl-0001
Serial Number: 3a0af64362d348a1282b34e37e2b0bcedd0
Key Type: RSA
Domains: dyplomant.pl dyplomantka.pl www.dyplomant.pl www.dyplomantka.pl
Expiry Date: 2022-05-08 10:01:08+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/dyplomant.pl-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/dyplomant.pl-0001/privkey.pem
Certificate Name: dyplomant.pl
Serial Number: 46de7d6e9e18654c85402ee02222839ca11
Key Type: RSA
Domains: dyplomant.pl math2play4priz.es
Expiry Date: 2022-01-14 07:02:25+00:00 (INVALID: EXPIRED)
Certificate Path: /etc/letsencrypt/live/dyplomant.pl/fullchain3.pem
Private Key Path: /etc/letsencrypt/live/dyplomant.pl/privkey3.pem
Certificate Name: dyplomantka.pl
Serial Number: 42042eeebb2c2bf38adb51ba86aeb0e6f6e
Key Type: RSA
Domains: 3math.es doktorb.it dyplomant.pl dyplomantka.pl img.doktorb.it math2play4priz.es www.3math.es www.doktorb.it www.dyplomant.pl www.dyplomantka.pl www.math2play4priz.es
Expiry Date: 2021-12-16 09:27:57+00:00 (INVALID: EXPIRED)
Certificate Path: /etc/letsencrypt/live/dyplomantka.pl/fullchain3.pem
Private Key Path: /etc/letsencrypt/live/dyplomantka.pl/privkey3.pem
Certificate Name: img.doktorb.it
Serial Number: 39771b4eedf0f5f2b51f3399f5d0ba00e1f
Key Type: RSA
Domains: img.doktorb.it
Expiry Date: 2022-05-04 14:46:45+00:00 (VALID: 85 days)
Certificate Path: /etc/letsencrypt/live/img.doktorb.it/fullchain3.pem
Private Key Path: /etc/letsencrypt/live/img.doktorb.it/privkey3.pem

Bit is my own name, I don't think so it a Bitnami.

4

This certificate is one of the two certificates using the math2play4priz.es domain name. However, the other hostname in the certificate is dyplomant.pl, which is also included in the certificate named "dyplomant.pl-0001" and also in the certificate named "doktorb.it".

This certificate also includes the domain math2play4priz.es and is also the only certificate with the 3math.es domain. The other hostnames in the certificate are:

  • doktorb.it
  • www.doktorb.it
  • img.doktorb.it
  • dyplomant.pl
  • www.dyplomant.pl
  • dyplomantka.pl
  • www.dyplomantka.pl

ALL of those above hostnames are also included in the certificate named "doktorb.it".

So, to conclude, we can notice a few things:

  • The hostnames you want to keep around are found in multiple certificates: many if not all are included in two or even three certificates.
  • You want to delete the certificates with names "dyplomant.pl" and "dyplomantka.pl"
  • Make sure that before you delete those certificates, your webserver isn't using those specific certificates, but one of the other, valid ones.

Also notice:

  • the certificate named "img.doktorb.it" is a cert for JUST "img.doktorb.it". But that hostname is also included in the certificate named "doktorb.it". In fact, as far as I can tell, ALL necessary hostnames are included in the certificate named "doktorb.it". So you could also make sure your webserver is using only the certificate with the name "doktorb.it" and remove all the others.
2 Likes
5

You and your machine have the same name?

1 Like
6

AS you suggested I have changed in /etc/apache2/sites-available all references to certificates to the same:
SSLCertificateFile /etc/letsencrypt/live/doktorb.it/fullchain3.pem
SSLCertificateKeyFile /etc/letsencrypt/live/doktorb.it/privkey3.pem

which means in fact links to /etc/letsencrypt/archive/doktorb.it/fullchain6.pem and /etc/letsencrypt/archive/doktorb.it/privkey6.pem :
root@Bit:/etc/apache2/sites-enabled# ls --full /etc/letsencrypt/live/doktorb.it/
razem 0
lrwxrwxrwx 1 root root 34 2022-02-07 10:29:13.309504143 +0100 cert3.pem -> ../../archive/doktorb.it/cert6.pem
lrwxrwxrwx 1 root root 35 2022-02-07 10:29:13.309504143 +0100 chain3.pem -> ../../archive/doktorb.it/chain6.pem
lrwxrwxrwx 1 root root 39 2022-02-07 10:29:13.309504143 +0100 fullchain3.pem -> ../../archive/doktorb.it/fullchain6.pem
lrwxrwxrwx 1 root root 37 2022-02-07 10:29:13.309504143 +0100 privkey3.pem -> ../../archive/doktorb.it/privkey6.pem

which is present only in ".conf" files with ssl in theirs name so I obtained:
root@Bit:/etc/apache2/sites-enabled# cat *ssl.conf >> plik
root@Bit:/etc/apache2/sites-enabled# cat plik

<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerName doktorb.it
ServerAdmin mobit@gazeta.pl
DocumentRoot /var/www/html/blog

    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/doktorb.it/fullchain3.pem
SSLCertificateKeyFile /etc/letsencrypt/live/doktorb.it/privkey3.pem



<VirtualHost *:443>
ServerName www.doktorb.it
DocumentRoot /var/www/html/blog/
RewriteEngine on

Some rewrite rules in this file were disabled on your HTTPS site,

because they have the potential to create redirection loops.

RewriteRule ^ https://doktorb.it%{REQUEST_URI} [R=301,L,NE]

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/doktorb.it/fullchain3.pem
SSLCertificateKeyFile /etc/letsencrypt/live/doktorb.it/privkey3.pem



<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerName dyplomantka.pl
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/dyplom/

    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf


    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/doktorb.it/fullchain3.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/doktorb.it/privkey3.pem
ServerName www.dyplomantka.pl DocumentRoot /var/www/html/dyplom/ RewriteEngine on # Some rewrite rules in this file were disabled on your HTTPS site, # because they have the potential to create redirection loops.

RewriteCond %{HTTP_HOST} ^(www.)?dyplomantka.pl$

     RewriteRule ^ https://dyplomantka.pl%{REQUEST_URI} [R=301,L,NE]

#Include /etc/letsencrypt/options-ssl-apache.conf
#SSLCertificateFile /etc/letsencrypt/live/doktorb.it-0001/fullchain.pem
#SSLCertificateKeyFile /etc/letsencrypt/live/doktorb.it-0001/privkey.pem
SSLCertificateFile /etc/letsencrypt/live/doktorb.it/fullchain3.pem
SSLCertificateKeyFile /etc/letsencrypt/live/doktorb.it/privkey3.pem
Include /etc/letsencrypt/options-ssl-apache.conf



<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerName dyplomant.pl
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/dyplom/

    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf


    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/doktorb.it/fullchain3.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/doktorb.it/privkey3.pem
ServerName www.dyplomant.pl DocumentRoot /var/www/html/dyplom/ RewriteEngine on # Some rewrite rules in this file were disabled on your HTTPS site, # because they have the potential to create redirection loops.

RewriteCond %{HTTP_HOST} ^(www.)?dyplomant.pl$

     RewriteRule ^ https://dyplomant.pl%{REQUEST_URI} [R=301,L,NE]

#Include /etc/letsencrypt/options-ssl-apache.conf
#SSLCertificateFile /etc/letsencrypt/live/doktorb.it-0001/fullchain.pem
#SSLCertificateKeyFile /etc/letsencrypt/live/doktorb.it-0001/privkey.pem
SSLCertificateFile /etc/letsencrypt/live/doktorb.it/fullchain3.pem
SSLCertificateKeyFile /etc/letsencrypt/live/doktorb.it/privkey3.pem
Include /etc/letsencrypt/options-ssl-apache.conf



<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerName img.doktorb.it
ServerAdmin mobit@gazeta.pl
DocumentRoot /home/andrzeju/media

    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/doktorb.it/fullchain3.pem
SSLCertificateKeyFile /etc/letsencrypt/live/doktorb.it/privkey3.pem


root@Bit:/etc/apache2/sites-enabled#

However, there is still a problem with expired domains:
Restarting apache2 (via systemctl): apache2.service.
root@Bit:/etc/apache2/sites-available# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/doktorb.it.conf

Cert not yet due for renewal

Processing /etc/letsencrypt/renewal/dyplomant.pl-0001.conf

Cert not yet due for renewal

Processing /etc/letsencrypt/renewal/dyplomant.pl.conf

Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer None
Renewing an existing certificate for dyplomant.pl and math2play4priz.es
Performing the following challenges:
http-01 challenge for math2play4priz.es
Waiting for verification...
Challenge failed for domain math2play4priz.es
http-01 challenge for math2play4priz.es
Cleaning up challenges
Failed to renew certificate dyplomant.pl with error: Some challenges have failed.

Processing /etc/letsencrypt/renewal/dyplomantka.pl.conf

Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer None
Renewing an existing certificate for 3math.es and 10 more domains
Performing the following challenges:
http-01 challenge for 3math.es
http-01 challenge for math2play4priz.es
http-01 challenge for www.3math.es
http-01 challenge for www.math2play4priz.es
Waiting for verification...
Challenge failed for domain 3math.es
Challenge failed for domain math2play4priz.es
Challenge failed for domain www.3math.es
Challenge failed for domain www.math2play4priz.es
http-01 challenge for 3math.es
http-01 challenge for math2play4priz.es
http-01 challenge for www.3math.es
http-01 challenge for www.math2play4priz.es
Cleaning up challenges
Failed to renew certificate dyplomantka.pl with error: Some challenges have failed.

Processing /etc/letsencrypt/renewal/img.doktorb.it.conf

Cert not yet due for renewal

The following certificates are not due for renewal yet:
/etc/letsencrypt/live/doktorb.it/fullchain3.pem expires on 2022-05-08 (skipped)
/etc/letsencrypt/live/dyplomant.pl-0001/fullchain.pem expires on 2022-05-08 (skipped)
/etc/letsencrypt/live/img.doktorb.it/fullchain3.pem expires on 2022-05-04 (skipped)
All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/dyplomant.pl/fullchain3.pem (failure)
/etc/letsencrypt/live/dyplomantka.pl/fullchain3.pem (failure)

2 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: 3math.es
    Type: dns
    Detail: DNS problem: NXDOMAIN looking up A for 3math.es - check
    that a DNS record exists for this domain; DNS problem: NXDOMAIN
    looking up AAAA for 3math.es - check that a DNS record exists for
    this domain

    Domain: math2play4priz.es
    Type: dns
    Detail: DNS problem: NXDOMAIN looking up A for math2play4priz.es -
    check that a DNS record exists for this domain; DNS problem:
    NXDOMAIN looking up AAAA for math2play4priz.es - check that a DNS
    record exists for this domain

    Domain: www.3math.es
    Type: dns
    Detail: DNS problem: NXDOMAIN looking up A for www.3math.es - check
    that a DNS record exists for this domain; DNS problem: NXDOMAIN
    looking up AAAA for www.3math.es - check that a DNS record exists
    for this domain

    Domain: www.math2play4priz.es
    Type: dns
    Detail: DNS problem: NXDOMAIN looking up A for
    www.math2play4priz.es - check that a DNS record exists for this
    domain; DNS problem: NXDOMAIN looking up AAAA for
    www.math2play4priz.es - check that a DNS record exists for this
    domain

  • The following errors were reported by the server:

    Domain: math2play4priz.es
    Type: dns
    Detail: DNS problem: NXDOMAIN looking up A for math2play4priz.es -
    check that a DNS record exists for this domain; DNS problem:
    NXDOMAIN looking up AAAA for math2play4priz.es - check that a DNS
    record exists for this domain

Maybe I should use certbot certonly?
root@Bit:/etc/apache2/sites-enabled# certbot certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?

1: Apache Web Server plugin (apache)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)

Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 1
Plugins selected: Authenticator apache, Installer None
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c'
to cancel): doktorb.it,www.doktorb.it,img.doktorb.it,dyplomant.pl,www.dyplomant.pl,dyplomantka.pl,www.dyplomantka.pl
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/doktorb.it.conf)

What would you like to do?

1: Keep the existing certificate for now
2: Renew & replace the certificate (may be subject to CA rate limits)

Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Keeping the existing certificate

Certificate not yet due for renewal; no action taken.

root@Bit:/etc/apache2/sites-enabled#

What I should do?

7

It seems you only changed the references to the "doktorb.it" certificate in your Apache configurations, right? If so, it makes sense that Certbot still fails: it still has the incorrect certificates in its certificate store. You probably didn't delete the unnecessary certificates from Certbot.

Also:

This is very weird: those files should be called fullchain.pem and privkey.pem. They should NOT have a number. This can only have been caused by manually manipulating the files in the /etc/letsencrypt/live/ directories, which is NOT recommended.

4 Likes
8

Hi, Osiris,

I just make suggested changes:
1.I just left only: cert6.pem chain6.pem fullchain6.pem privkey6.pem in /etc/letsencrypt/archive/doktorb.it
2.I just left only: doktorb.it and README in /etc/letsencrypt/live
in this doktorb.it folder I've removed numbers in file names so I just have: cert.pem chain.pem fullchain.pem privkey.pem
3. In files from /etc/apache2/sites-available with ssl in name i.e.: doktorb.it-ssl.conf, dyplomant.pl-ssl.conf, doktorb.it-www-le-ssl.conf, dyplomant.pl-www-le-ssl.conf, dyplomantka.pl-ssl.conf, img.doktorb.it-ssl.conf, dyplomantka.pl-www-le-ssl.conf removing number from reference to .pem files i.e. with resulting two lines:
SSLCertificateFile /etc/letsencrypt/live/doktorb.it/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/doktorb.it/privkey.pem
in each of these files.

There is no error now.

Thank you

Andy

2 Likes
9

That's not at all what I implied and wasn't necessary.

Those are the correct filenames indeed. I assume you renamed them so they're still symbolic links to the files in /archive/, right?

Sounds good!

Did you also remove all the other certificates from Certbot? I.e., only the certificate with the name "doktorb.it" pops up when running sudo certbot certificates ?

2 Likes
10

root@Bit:/home/andrzeju# sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Found the following certs:
Certificate Name: doktorb.it
Serial Number: 449b28a7a009fb141a0c39ca41ec8410ba3
Key Type: RSA
Domains: doktorb.it dyplomant.pl dyplomantka.pl img.doktorb.it www.doktorb.it www.dyplomant.pl www.dyplomantka.pl
Expiry Date: 2022-05-08 08:29:09+00:00 (VALID: 88 days)
Certificate Path: /etc/letsencrypt/live/doktorb.it/fullchain.pem
Private Key Path: /etc/letsencrypt/live/doktorb.it/privkey.pem

root@Bit:/home/andrzeju#

11

Looks good! I think you're all set!

3 Likes
12

I have similar problem on another Debian/Apache2 server with some domains and subdomains:

wordpress in blog folder installed
#DocumentRoot /var/www/html/wordpress
<Directory /var/www/html/blog/>
AllowOverride All

-rw-r--r-- 1 root root 348 Feb 22 11:21 /etc/apache2/sites-available/koala.poznan.pl-le-ssl.conf
1 <VirtualHost *:80>
2 ServerName koala.poznan.pl
3 ServerAlias koala.wmi.amu.edu.pl
4 # The ServerName directive sets the request scheme, hostname and port that
5 # the server uses to identify itself. This is used when creating
6 # redirection URLs. In the context of virtual hosts, the ServerName
7 # specifies what hostname must appear in the request's Host: header to
8 # match this virtual host. For the default virtual host (this file) this
9 # value is not decisive as it is used as a last resort host regardless.
10 # However, you must set it for any further virtual host explicitly.
11 #ServerName www.example.com
12
13 ServerAdmin webmaster@localhost
14 DocumentRoot /var/www/html
15
16 # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
17 # error, crit, alert, emerg.
18 # It is also possible to configure the loglevel for particular
19 # modules, e.g.
20 #LogLevel info ssl:warn
21
22 ErrorLog ${APACHE_LOG_DIR}/error.log
23 CustomLog ${APACHE_LOG_DIR}/access.log combined
24
25 # For most configuration files from conf-available/, which are
26 # enabled or disabled at a global level, it is possible to
27 # include a line for only one particular virtual host. For example the
28 # following line enables the CGI configuration for this host only
29 # after it has been globally disabled with "a2disconf".
30 #Include conf-available/serve-cgi-bin.conf
31 RewriteEngine on
32 RewriteCond %{SERVER_NAME} =koala.poznan.pl [OR]
33 RewriteCond %{SERVER_NAME} =www.koala.poznan.pl [OR]
34 RewriteCond %{SERVER_NAME} =koala.wmi.amu.edu.pl
35 RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
36

-rw-r--r-- 1 root root 927 Feb 22 16:02 /etc/apache2/sites-available/koala.poznan.pl.conf
103
104 # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
105 <VirtualHost *:80>
106 ServerName www.koala.poznan.pl
107 ServerAlias koala.poznan.pl
108 Redirect / https://koala.poznan.pl/
109
110
111
112 ServerName www.koala.poznan.pl
113 DocumentRoot /var/www/html
114 Redirect / https://koala.poznan.pl/
115
116 <VirtualHost *:80 *:443>
117 SSLEngine On
118 ServerName example.com
119 ServerAlias www.example.com
120 DocumentRoot /srv/www/example.www
121 </VirtualHost
122 <VirtualHost *:80>
123 # The ServerName directive sets the request scheme, hostname and port that
124 # the server uses to identify itself. This is used when creating
125 # redirection URLs. In the context of virtual hosts, the ServerName
126 # specifies what hostname must appear in the request's Host: header to
127 # match this virtual host. For the default virtual host (this file) this
128 # value is not decisive as it is used as a last resort host regardless.
129 # However, you must set it for any further virtual host explicitly.
130 #ServerName www.example.com
131
132 ServerAdmin webmaster@localhost
133 DocumentRoot /var/www/html
134
135 # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
136 # error, crit, alert, emerg.
137 # It is also possible to configure the loglevel for particular
138 # modules, e.g.
139 #LogLevel info ssl:warn
140
141 ErrorLog ${APACHE_LOG_DIR}/error.log
142 CustomLog ${APACHE_LOG_DIR}/access.log combined
143
144 # For most configuration files from conf-available/, which are
145 # enabled or disabled at a global level, it is possible to
146 # include a line for only one particular virtual host. For example the
147 # following line enables the CGI configuration for this host only
148 # after it has been globally disabled with "a2disconf".
149 #Include conf-available/serve-cgi-bin.conf
150 RewriteEngine on
151 RewriteCond %{SERVER_NAME} =koala.wmi.amu.edu.pl
152 RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
153

-rw-r--r-- 1 root root 289 Feb 22 19:34 /etc/apache2/sites-available/blog.koala.poznan.pl.conf
238 <VirtualHost *:80>
239 ServerName blog.koala.poznan.pl
240 DocumentRoot /var/www/html/blog/
241 RewriteEngine on
242 RewriteCond %{HTTPS} off
243 RewriteCond %{SERVER_NAME} = blog.koala.poznan.pl
244 RewriteRule ^ https://blog.koala.poznan.pl%{REQUEST_URI} [R=301,L,NE]
245

-rw-r--r-- 1 root root 1738 Feb 22 19:29 /etc/apache2/sites-available/blog.koala.poznan.pl-ssl.conf
247
248 <VirtualHost *:443>
249 # The ServerName directive sets the request scheme, hostname and port that
250 # the server uses to identify itself. This is used when creating
251 # redirection URLs. In the context of virtual hosts, the ServerName
252 # specifies what hostname must appear in the request's Host: header to
253 # match this virtual host. For the default virtual host (this file) this
254 # value is not decisive as it is used as a last resort host regardless.
255 # However, you must set it for any further virtual host explicitly.
256 #ServerName www.example.com
257 ServerName blog.koala.poznan.pl
258 ServerAdmin mobit@gazeta.pl
259 DocumentRoot /var/www/html/blog/
260
261 # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
262 # error, crit, alert, emerg.
263 # It is also possible to configure the loglevel for particular
264 # modules, e.g.
265 #LogLevel info ssl:warn
266
267 ErrorLog ${APACHE_LOG_DIR}/error.log
268 CustomLog ${APACHE_LOG_DIR}/access.log combined
269
270 # For most configuration files from conf-available/, which are
271 # enabled or disabled at a global level, it is possible to
272 # include a line for only one particular virtual host. For example the
273 # following line enables the CGI configuration for this host only
274 # after it has been globally disabled with "a2disconf".
275 #Include conf-available/serve-cgi-bin.conf
276
277
278
279 Include /etc/letsencrypt/options-ssl-apache.conf
280 SSLCertificateFile /etc/letsencrypt/live/blog.koala.poznan.pl-0001/fullchain.pem
281 SSLCertificateKeyFile /etc/letsencrypt/live/blog.koala.poznan.pl-0001/privkey.pem
282
283

-rw-r--r-- 1 root root 287 Feb 22 18:08 /etc/apache2/sites-available/calkiem.naukowa.it.conf
285 <VirtualHost *:80>
286 ServerName calkiem.naukowa.it
287 DocumentRoot /var/www/html/calkiem/
288 RewriteEngine on
289 RewriteCond %{HTTPS} !=on
290 RewriteCond %{SERVER_NAME} = calkiem.naukowa.it
291 RewriteRule ^ https://calkiem.naukowa.it%{REQUEST_URI} [R=301,L,NE]
292

-rw-r--r-- 1 root root 1725 Feb 22 18:05 /etc/apache2/sites-available/calkiem.naukowa.it-ssl.conf
294
295 <VirtualHost :443>
296 # The ServerName directive sets the request scheme, hostname and port that
297 # the server uses to identify itself. This is used when creating
298 # redirection URLs. In the context of virtual hosts, the ServerName
299 # specifies what hostname must appear in the request's Host: header to
300 # match this virtual host. For the default virtual host (this file) this
301 # value is not decisive as it is used as a last resort host regardless.
302 # However, you must set it for any further virtual host explicitly.
303 #ServerName www.example.com
304 ServerName calkiem.naukowa.it
305 ServerAdmin mobit@gazeta.pl
306 DocumentRoot /var/www/html/calkiem/
307
308 # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
309 # error, crit, alert, emerg.
310 # It is also possible to configure the loglevel for particular
311 # modules, e.g.
312 #LogLevel info ssl:warn
313
314 ErrorLog ${APACHE_LOG_DIR}/error.log
315 CustomLog ${APACHE_LOG_DIR}/access.log combined
316
317 # For most configuration files from conf-available/, which are
318 # enabled or disabled at a global level, it is possible to
319 # include a line for only one particular virtual host. For example the
320 # following line enables the CGI configuration for this host only
321 # after it has been globally disabled with "a2disconf".
322 #Include conf-available/serve-cgi-bin.conf
323
324
325
326 Include /etc/letsencrypt/options-ssl-apache.conf
327 SSLCertificateFile /etc/letsencrypt/live/calkiem.naukowa.it/fullchain.pem
328 SSLCertificateKeyFile /etc/letsencrypt/live/calkiem.naukowa.it/privkey.pem
329
330
331
332
333
334 ServerAdmin webmaster@localhost
335
336 DocumentRoot /var/www/html
337
338 # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
339 # error, crit, alert, emerg.
340 # It is also possible to configure the loglevel for particular
341 # modules, e.g.
342 #LogLevel info ssl:warn
343
344 ErrorLog ${APACHE_LOG_DIR}/error.log
345 CustomLog ${APACHE_LOG_DIR}/access.log combined
346
347 # For most configuration files from conf-available/, which are
348 # enabled or disabled at a global level, it is possible to
349 # include a line for only one particular virtual host. For example the
350 # following line enables the CGI configuration for this host only
351 # after it has been globally disabled with "a2disconf".
352 #Include conf-available/serve-cgi-bin.conf
353
354 # SSL Engine Switch:
355 # Enable/Disable SSL for this virtual host.
356 SSLEngine on
357
358 # A self-signed (snakeoil) certificate can be created by installing
359 # the ssl-cert package. See
360 # /usr/share/doc/apache2/README.Debian.gz for more info.
361 # If both key and certificate are stored in the same file, only the
362 # SSLCertificateFile directive is needed.
363 SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
364 SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
365
366 # Server Certificate Chain:
367 # Point SSLCertificateChainFile at a file containing the
368 # concatenation of PEM encoded CA certificates which form the
369 # certificate chain for the server certificate. Alternatively
370 # the referenced file can be the same as SSLCertificateFile
371 # when the CA certificates are directly appended to the server
372 # certificate for convinience.
373 #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
374
375 # Certificate Authority (CA):
376 # Set the CA certificate verification path where to find CA
377 # certificates for client authentication or alternatively one
378 # huge file containing all of them (file must be PEM encoded)
379 # Note: Inside SSLCACertificatePath you need hash symlinks
380 # to point to the certificate files. Use the provided
381 # Makefile to update the hash symlinks after changes.
382 #SSLCACertificatePath /etc/ssl/certs/
383 #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
384
385 # Certificate Revocation Lists (CRL):
386 # Set the CA revocation path where to find CA CRLs for client
387 # authentication or alternatively one huge file containing all
388 # of them (file must be PEM encoded)
389 # Note: Inside SSLCARevocationPath you need hash symlinks
390 # to point to the certificate files. Use the provided
391 # Makefile to update the hash symlinks after changes.
392 #SSLCARevocationPath /etc/apache2/ssl.crl/
393 #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
394
395 # Client Authentication (Type):
396 # Client certificate verification type and depth. Types are
397 # none, optional, require and optional_no_ca. Depth is a
398 # number which specifies how deeply to verify the certificate
399 # issuer chain before deciding the certificate is not valid.
400 #SSLVerifyClient require
401 #SSLVerifyDepth 10
402
403 # SSL Engine Options:
404 # Set various options for the SSL engine.
405 # o FakeBasicAuth:
406 # Translate the client X.509 into a Basic Authorisation. This means that
407 # the standard Auth/DBMAuth methods can be used for access control. The
408 # user name is the one line' version of the client's X.509 certificate. 409 # Note that no password is obtained from the user. Every entry in the user 410 # file needs this password: xxj31ZMTZzkVA'.
411 # o ExportCertData:
412 # This exports two additional environment variables: SSL_CLIENT_CERT and
413 # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
414 # server (always existing) and the client (only existing when client
415 # authentication is used). This can be used to import the certificates
416 # into CGI scripts.
417 # o StdEnvVars:
418 # This exports the standard SSL/TLS related `SSL_' environment variables.
419 # Per default this exportation is switched off for performance reasons,
420 # because the extraction step is an expensive operation and is usually
421 # useless for serving static content. So one usually enables the
422 # exportation for CGI and SSI requests only.
423 # o OptRenegotiate:
424 # This enables optimized SSL connection renegotiation handling when SSL
425 # directives are used in per-directory context.
426 #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
427 <FilesMatch ".(cgi|shtml|phtml|php)$">
428 SSLOptions +StdEnvVars
429
430 <Directory /usr/lib/cgi-bin>
431 SSLOptions +StdEnvVars
432
433
434 # SSL Protocol Adjustments:
435 # The safe and default but still SSL/TLS standard compliant shutdown
436 # approach is that mod_ssl sends the close notify alert but doesn't wait for
437 # the close notify alert from client. When you need a different shutdown
438 # approach you can use one of the following variables:
439 # o ssl-unclean-shutdown:
440 # This forces an unclean shutdown when the connection is closed, i.e. no
441 # SSL close notify alert is send or allowed to received. This violates
442 # the SSL/TLS standard but is needed for some brain-dead browsers. Use
443 # this when you receive I/O errors because of the standard approach where
444 # mod_ssl sends the close notify alert.
445 # o ssl-accurate-shutdown:
446 # This forces an accurate shutdown when the connection is closed, i.e. a
447 # SSL close notify alert is send and mod_ssl waits for the close notify
448 # alert of the client. This is 100% SSL/TLS standard compliant, but in
449 # practice often causes hanging connections with brain-dead browsers. Use
450 # this only for browsers where you know that their SSL implementation
451 # works correctly.
452 # Notice: Most problems of broken clients are also related to the HTTP
453 # keep-alive facility, so you usually additionally want to disable
454 # keep-alive for those clients, too. Use variable "nokeepalive" for this.
455 # Similarly, one has to force some clients to use HTTP/1.0 to workaround
456 # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
457 # "force-response-1.0" for this.
458 # BrowserMatch "MSIE [2-6]"
459 # nokeepalive ssl-unclean-shutdown
460 # downgrade-1.0 force-response-1.0
461
462
463

-rw-r--r-- 1 root root 287 Feb 22 18:22 /etc/apache2/sites-available/img.koala.poznan.pl.conf
465 # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
466 <VirtualHost *:80>
467 ServerName img.koala.poznan.pl
468 DocumentRoot /home/andrzej/media/
469 RewriteEngine on
470 RewriteCond %{HTTPS} !=on
471 RewriteCond %{SERVER_NAME} =img.koala.poznan.pl
472 RewriteRule ^ https://img.koala.poznan.pl%{REQUEST_URI} [R=301,L,NE]
473
474
475
476 <VirtualHost *:443>
477 # The ServerName directive sets the request scheme, hostname and port that
478 # the server uses to identify itself. This is used when creating
479 # redirection URLs. In the context of virtual hosts, the ServerName
480 # specifies what hostname must appear in the request's Host: header to
481 # match this virtual host. For the default virtual host (this file) this
482 # value is not decisive as it is used as a last resort host regardless.
483 # However, you must set it for any further virtual host explicitly.
484 #ServerName www.example.com
485 ServerName img.koala.poznan.pl
486 ServerAdmin mobit@gazeta.pl
487 DocumentRoot /home/andrzeju/media/
488
489 # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
490 # error, crit, alert, emerg.
491 # It is also possible to configure the loglevel for particular
492 # modules, e.g.
493 #LogLevel info ssl:warn
494
495 ErrorLog ${APACHE_LOG_DIR}/error.log
496 CustomLog ${APACHE_LOG_DIR}/access.log combined
497
498 # For most configuration files from conf-available/, which are
499 # enabled or disabled at a global level, it is possible to
500 # include a line for only one particular virtual host. For example the
501 # following line enables the CGI configuration for this host only
502 # after it has been globally disabled with "a2disconf".
503 #Include conf-available/serve-cgi-bin.conf
504
505
506
507 Include /etc/letsencrypt/options-ssl-apache.conf
508 SSLCertificateFile /etc/letsencrypt/live/img.koala.poznan.pl/fullchain.pem
509 SSLCertificateKeyFile /etc/letsencrypt/live/img.koala.poznan.pl/privkey.pem
510
511

-rw-r--r-- 1 root root 1727 Feb 22 19:28 /etc/apache2/sites-available/img.koala.poznan.pl-ssl.conf
513 <VirtualHost :80>
514 ServerName koala.poznan.pl
515 ServerAdmin mobit@gazeta.pl
516 DocumentRoot /var/www/html
517 ErrorLog ${APACHE_LOG_DIR}/error.log
518 CustomLog ${APACHE_LOG_DIR}/access.logcombined koala.poznan.pl-le-ssl.conf
519 RewriteEngine on
520 RewriteCond %{HTTPS} off
521 RewriteCond %{SERVER_NAME} =koala.poznan.pl
522 RewriteCond %{HTTP_HOST} !^www [NC]
523 RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
524
525 <VirtualHost *:80 :443>
526 ServerName www.koala.poznan.pl
527 RewriteEngine on
528 RewriteCond %{HTTP_HOST} ^www [NC]
529 RewriteRule ^ https://koala.poznan.pl%{REQUEST_URI} [R=301,L]
530 Include /etc/letsencrypt/options-ssl-apache.conf
531 SSLCertificateFile /etc/letsencrypt/live/koala.poznan.pl/fullchain.pem
532 SSLCertificateKeyFile /etc/letsencrypt/live/koala.poznan.pl/privkey.pem
533
534
535 # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
536
537 <VirtualHost *:443>
538 ServerName koala.poznan.pl
539 RewriteEngine on
540 RewriteCond %{HTTP_HOST} !^www. [NC]
541 Include /etc/letsencrypt/options-ssl-apache.conf
542 SSLCertificateFile /etc/letsencrypt/live/koala.poznan.pl/fullchain.pem
543 SSLCertificateKeyFile /etc/letsencrypt/live/koala.poznan.pl/privkey.pem
544
545
546
547 ServerName koala.poznan.pl
548 ServerAlias www.koala.poznan.pl
549 ServerSignature Off
550
551 RewriteEngine On
552 RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
553
554 ErrorLog /var/log/apache2/redirect.error.log
555 LogLevel warn
556
557 #DocumentRoot /var/www/html/wordpress
558 <Directory /var/www/html/blog/>
559 AllowOverride All
560

andrzej@koala:/var/www/html$ sudo ls -full /etc/apache2/sites-enabled
total 8
lrwxrwxrwx 1 root root 33 Feb 22 00:00 wordpress.conf -> ../sites-available/wordpress.conf
lrwxrwxrwx 1 root root 39 Feb 22 00:00 koala.poznan.pl.conf -> ../sites-available/koala.poznan.pl.conf
lrwxrwxrwx 1 root root 43 Feb 22 19:48 img.koala.poznan.pl.conf -> ../sites-available/img.koala.poznan.pl.conf
drwxr-xr-x 2 root root 4096 Feb 22 19:53 .
lrwxrwxrwx 1 root root 47 Feb 22 19:48 img.koala.poznan.pl-ssl.conf -> ../sites-available/img.koala.poznan.pl-ssl.conf
lrwxrwxrwx 1 root root 56 Feb 22 00:00 koala.poznan.pl-le-ssl.conf -> /etc/apache2/sites-available/koala.poznan.pl-le-ssl.conf
drwxr-xr-x 8 root root 4096 Feb 22 19:55 ..
andrzej@koala:/var/www/html$ sudo a2ensite calkiem.naukowa.it.conf
Enabling site calkiem.naukowa.it.
To activate the new configuration, you need to run:
systemctl reload apache2
andrzej@koala:/var/www/html$ sudo a2ensite calkiem.naukowa.it-ssl.conf
Enabling site calkiem.naukowa.it-ssl.
To activate the new configuration, you need to run:
systemctl reload apache2
andrzej@koala:/var/www/html$ sudo a2ensite blog.koala.poznan.pl-ssl.conf
Enabling site blog.koala.poznan.pl-ssl.
To activate the new configuration, you need to run:
systemctl reload apache2
andrzej@koala:/var/www/html$ sudo a2ensite blog.koala.poznan.pl.conf
Enabling site blog.koala.poznan.pl.
To activate the new configuration, you need to run:
systemctl reload apache2
andrzej@koala:/var/www/html$ sudo ls -full /etc/apache2/sites-enabled
total 8
lrwxrwxrwx 1 root root 33 Feb 22 00:00 wordpress.conf -> ../sites-available/wordpress.conf
lrwxrwxrwx 1 root root 39 Feb 22 00:00 koala.poznan.pl.conf -> ../sites-available/koala.poznan.pl.conf
lrwxrwxrwx 1 root root 44 Feb 22 20:54 blog.koala.poznan.pl.conf -> ../sites-available/blog.koala.poznan.pl.conf
lrwxrwxrwx 1 root root 43 Feb 22 19:48 img.koala.poznan.pl.conf -> ../sites-available/img.koala.poznan.pl.conf
lrwxrwxrwx 1 root root 48 Feb 22 20:54 blog.koala.poznan.pl-ssl.conf -> ../sites-available/blog.koala.poznan.pl-ssl.conf
lrwxrwxrwx 1 root root 46 Feb 22 20:54 calkiem.naukowa.it-ssl.conf -> ../sites-available/calkiem.naukowa.it-ssl.conf
drwxr-xr-x 2 root root 4096 Feb 22 20:55 .
lrwxrwxrwx 1 root root 47 Feb 22 19:48 img.koala.poznan.pl-ssl.conf -> ../sites-available/img.koala.poznan.pl-ssl.conf
lrwxrwxrwx 1 root root 42 Feb 22 20:53 calkiem.naukowa.it.conf -> ../sites-available/calkiem.naukowa.it.conf
lrwxrwxrwx 1 root root 56 Feb 22 00:00 koala.poznan.pl-le-ssl.conf -> /etc/apache2/sites-available/koala.poznan.pl-le-ssl.conf
drwxr-xr-x 8 root root 4096 Feb 22 19:55 ..
andrzej@koala:/var/www/html$ sudo /etc/init.d/apache2 restart
Restarting apache2 (via systemctl): apache2.serviceJob for apache2.service failed because the control process exited with error code.
See "systemctl status apache2.service" and "journalctl -xe" for details.
failed!
andrzej@koala:/var/www/html$
andrzej@koala:/var/www/html$ sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Found the following certs:
Certificate Name: blog.koala.poznan.pl-0001
Serial Number: 4348fa016c577032d43e1f13d7ba1da71da
Key Type: RSA
Domains: blog.koala.poznan.pl
Expiry Date: 2022-05-23 14:48:03+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/blog.koala.poznan.pl-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/blog.koala.poznan.pl-0001/privkey.pem
Certificate Name: calkiem.naukowa.it
Serial Number: 4b48e3c2ebc1316f0fe76bc5721ca1550ad
Key Type: RSA
Domains: calkiem.naukowa.it
Expiry Date: 2022-05-23 14:38:58+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/calkiem.naukowa.it/fullchain.pem
Private Key Path: /etc/letsencrypt/live/calkiem.naukowa.it/privkey.pem
Certificate Name: img.koala.poznan.pl
Serial Number: 381032732bd9f53172d3e4d78a982b2ae26
Key Type: RSA
Domains: img.koala.poznan.pl
Expiry Date: 2022-05-23 17:26:45+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/img.koala.poznan.pl/fullchain.pem
Private Key Path: /etc/letsencrypt/live/img.koala.poznan.pl/privkey.pem
Certificate Name: koala.poznan.pl
Serial Number: 30a31df9afd3bd7e113fd520c13959394b0
Key Type: RSA
Domains: koala.poznan.pl www.koala.poznan.pl
Expiry Date: 2022-03-31 20:40:49+00:00 (VALID: 36 days)
Certificate Path: /etc/letsencrypt/live/koala.poznan.pl/fullchain.pem
Private Key Path: /etc/letsencrypt/live/koala.poznan.pl/privkey.pem

andrzej@koala:/var/www/html$

13

@Unjay

Please do not post the same problem multiple times. Almost always best to start new topic like you did here:

3 Likes
14

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.