I ran this command: ./certbot-auto and got this error: No vhost exists with servername or alias


#1

Please fill out the fields below so we can help you better.

My domain is: http://www.iforumelite.com

I ran this command: ./certbot-auto and got this error:

No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter ‘c’ to cancel):

I entered:

www.iforumelite.com

It produced this output:

No vhost exists with servername or alias of: www.iforumelite.com (or it’s in a file with multiple vhosts, which Certbot can’t parse yet). No vhost was selected. Please specify ServerName or ServerAlias in the Apache config, or split vhosts into separate files.
Falling back to default vhost *:443…
Cleaning up challenges
File:

  • Could not be found to be deleted /etc/httpd/conf.d/le_tls_sni_01_cert_challenge.conf - LE probably shut down unexpectedly
    An unexpected error occurred:
    IOError: [Errno 2] No such file or directory: '/etc/httpd/conf.d/le_tls_sni_01_cert_challenge.conf’
    Please see the logfiles in /var/log/letsencrypt for more details.

My operating system is (include version): Unix

My web server is (include version): Centos 6+

My hosting provider, if applicable, is: Hosmonster dedicated VPS

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): I have CPANEL , WHM, or just plain root access. All access to manage my domain


#2

You need to have the vhost defined in your apache config for it to pick up the details. Having said that, if you are using WHM / cPanel I’d suggest using the Let’s Encrypt feature built into cPanel.

see https://documentation.cpanel.net/display/CKB/The+Let's+Encrypt+Plugin


#3

Okay… thanks I installed that. Now I am unaware to which step I should go back to.

In the settings I configured as:

Choose an AutoSSL provider:

Changed from

cPanel (powered by Comodo)

To:

Let’s Encrypt™ – Current Setting

I Agreed to the terms and created a new registration

And then on the top I clicked on:

Run AutoSSL For All Users

Should I just go back to the terminal and try to run the > ./certbot-auto command again?


#4

No, YOu should just run it all from autossl within WHM.


#5

Hi Andy!

Thank you so much for your prompt reply and all your help to me and others! :slight_smile:

It does appear that it is working nicely well from the WHM but not entirely.

I used the option:

Install an SSL Certificate on a Domain

However, certificated are appearing with a notice that they will expire withn a little over 20 days. How’s that? Is that correct?

Also, I managed to install in a few subdomains and it worked just fine, but in the site in question mentioned on this post the certificates are not showing up.

Exaple:
I got this message:

SSL Host Successfully Installed

This SSL certificate was already installed.

The SSL website is now active and accessible via HTTPS on these domains:

iforumelite.com
iforumelite.(maindomain).com
mail.iforumelite.com
The SSL certificate also supports these domains, but these domains do not refer to the SSL website mentioned above:
www.iforumelite.com
www.iforumelite.(mymaindomain).com

I ran the install on another one:

The SSL website is now active and accessible via HTTPS on these domains:

beingled.com
beingled.(mymaindomain).com
mail.beingled.com
The SSL certificate also supports these domains, but these domains do not refer to the SSL website mentioned above:
www.beingled.com
www.beingled.(mymaindomain).com

As in, if I go here: https://www.beingled.com/ it pulls the certificate but not if I type this directly: www.beingled.com

I don’t know what happened. None are working.

Another example:

This SSL certificate was already installed.

The SSL website is now active and accessible via HTTPS on these domains:

clashforum.com.br
mail.clashforum.com.br
The SSL website is also accessible via this domain, but the certificate does not support it. Web browsers will show a warning when accessing this domain via HTTPS:
clashforumcombr.(mymaindomain).com
The SSL certificate also supports this domain, but this domain does not refer to the SSL website mentioned above:

This one even shows the https:// but it shows as partially none secure: https://www.clashforum.com.br/activity.php

Thanks in advance for any light or if you can point me into any direction.


#6

Hello @hugoroger,

I don’t use cPanel so I can’t help with that part but…

You are not using Let’s Encrypt certificates, you are using certificates issued by cPanel and they expire on Feb 15 23:59:59 2017 GMT.

I don’t know what you installed but I’m pretty sure that the certificates are not issued by Let’s Encrypt, as I said they are issued by cPanel CA. Maybe you have not reloaded your webserver so you are still using the old certs issued by cPanel… anyway, I’ve checked the certs you have issued for your domains on https://crt.sh and I can’t see any issued by Let’s Encrypt… maybe you have issued them recently and they are not yet uploaded/processed by crt.sh

Your site https://www.iforumelite.com is showing a cert issued by cPanel, the “problem” here is that you have a redirect/rewrite rule redirecting https to http, pay attention to below output from your server, you will see a Location header redirecting https://www.iforumelite.com to http://www.iforumelite.com/forum.php?s=7c01b777432f8d66d2f927f5d848aa88

curl -Ik https://www.iforumelite.com
HTTP/1.1 303 See Other
Date: Sun, 22 Jan 2017 03:03:07 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: bb_lastvisit=1485054187; expires=Mon, 22-Jan-2018 03:03:07 GMT; Max-Age=31536000; path=/; secure
Set-Cookie: bb_lastactivity=0; expires=Mon, 22-Jan-2018 03:03:07 GMT; Max-Age=31536000; path=/; secure
Set-Cookie: PHPSESSID=mu0439tjvvbn761r7fab3tr3q3; path=/
Location: http://www.iforumelite.com/forum.php?s=7c01b777432f8d66d2f927f5d848aa88
Content-Type: text/html; charset=UTF-8

Note: The redirect/rewrite rule could be in your apache conf, on .htaccess files used by your site or even the forum that you are using could be redirecting it.

Here you can see who is the issuer and the dates of the certificate being served for https://www.iforumelite.com

$ echo | openssl s_client -connect www.iforumelite.com:443 -servername www.iforumelite.com | openssl x509 -noout -issuer -dates -subject
depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
verify return:1
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
verify return:1
depth=1 C = US, ST = TX, L = Houston, O = "cPanel, Inc.", CN = "cPanel, Inc. Certification Authority"
verify return:1
depth=0 CN = iforumelite.com
verify return:1
issuer= /C=US/ST=TX/L=Houston/O=cPanel, Inc./CN=cPanel, Inc. Certification Authority
notBefore=Nov 17 00:00:00 2016 GMT
notAfter=Feb 15 23:59:59 2017 GMT
subject= /CN=iforumelite.com
DONE

If you want that http points to https you should create a redirect from http to https on your own, I don’t know if cPanel provides a graphical or easy way to create a redirect or you should write it directly to your apache VirtualHost conf.

This one shows the same behaviour than iforumelite, you have a redirect pointing from https to http (at least on your main url)

$ curl -Ik https://www.clashforum.com.br
HTTP/1.1 303 See Other
Date: Sun, 22 Jan 2017 03:18:44 GMT
Server: Apache
Set-Cookie: bb_lastvisit=1485055124; expires=Mon, 22-Jan-2018 03:18:44 GMT; Max-Age=31536000; path=/; secure
Set-Cookie: bb_lastactivity=0; expires=Mon, 22-Jan-2018 03:18:44 GMT; Max-Age=31536000; path=/; secure
Location: http://www.clashforum.com.br/forumdisplay.php/1-Forum-Principal?s=576fa994c378962ab56079746da55e47
Content-Type: text/html; charset=UTF-8

Regarding https://www.clashforum.com.br/activity.php you have mixed content, that means that you have some objects using http in a page that it is being showed as https. Open the site https://www.whynopadlock.com/ and in the form (Secure url) paste your url https://www.clashforum.com.br/activity.php and check and you will see what are the objects that are using http instead of https, lots of them are images.

I think you should recheck your AutoSSL conf/doc carefully and also review the conf of your sites.

Good luck,
sahsanu


#7

I did. I will check the rewrites later but I thoroughly checked my configuration and I followed all the steps from the tutorials. I know see what you mean. All certificates are being show as served by Cpanel.

I clearly have: > Let’s Encrypt™ checkd as my Current Setting.

Choose an AutoSSL provider:

Disabled
Let’s Encrypt™ – Current Setting
cPanel (powered by Comodo)

Here is a log confirmation:

Log for the AutoSSL run for all users: Sunday, January 22, 2017 3:43:36 AM GMT-0200 (Let’s Encrypt™)

3:43:36 AM This system has AutoSSL set to use “Let’s Encrypt™”.

I already rebooted the server but nothing changed.
Under the tab manage users I have my root user set with this option:

Enable AutoSSL
Override the feature list setting and force AutoSSL to be enabled.

On the Options tab I have this selected:

Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates.
This option will allow AutoSSL to replace certificates that the AutoSSL system did not issue. When you enable this option, AutoSSL will install certificates that replace users’ CA-issued certificates if they are invalid or about to expire.

Unless you fully understand this option, do not select it, because the system could unexpectedly replace an expiring or invalid EV or OV certificate with a DV certificate.

When I check my Installed SSL Hosts all the issuers are cPanel, Inc.

If I click on:

Install an SSL Certificate on a Domain

and then click on “Browse Certificates”

The option I see user Brwose apache is:

All my certificates to select under Cpanel:

iforumelite.com
iforumelite.workingformoneyonline.com
mail.iforumelite.com
www.iforumelite.com
www.iforumelite.workingformoneyonline.com
Issuer: cPanel, Inc.
Expiration: 2/15/17

Here is a picture showing what I see:

I really don’t know what went wrong but I follow what was listed here initially

ButI only did these two:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

Then follow what serverco recommended and installed the WHM pluing and nothing else has been done so far.


#8

@hugoroger, as I said I don’t use cPanel so I can’t help with AutoSSL conf, maybe one of our forum colleagues can give you a clue about what is happening with your domains.


#9

If you go into WHM - Manage AutoSSL. then on the “manage users” tab - select the user and make sure it’s set to either “enable autossl” or “feature list setting” then “check user”. If it doesn’t work properly, go to the “log” tab, and copy / paste the log for us.


#10

Yeah… didn’t work.

Here is the log:

Log for the AutoSSL run for “workinh8”: Sunday, January 22, 2017 6:59:10 PM GMT-0200 (Let’s Encrypt™)

6:59:10 PM This system has AutoSSL set to use “Let’s Encrypt™”.
6:59:10 PM Checking websites for “workinh8” …
6:59:12 PM The website “clashforumcombr.workingformoneyonline.com”, owned by “workinh8”, has a valid SSL certificate, but additional SSL coverage may be possible for the domains “clashforumcombr.workingformoneyonline.com” and “www.clashforumcombr.workingformoneyonline.com”. The system will attempt to replace this certificate with one that includes these additional domains.
6:59:12 PM The website “goldenwritings.workingformoneyonline.com”, owned by “workinh8”, has a valid SSL certificate, but additional SSL coverage may be possible for the domains “goldenwritings.com”, “mail.goldenwritings.com”, and “www.goldenwritings.com”. The system will attempt to replace this certificate with one that includes these additional domains.
6:59:12 PM The website “speedsk8in.workingformoneyonline.com”, owned by “workinh8”, has a valid SSL certificate, but additional SSL coverage may be possible for the domains “mail.speedsk8in.com”, “speedsk8in.com”, and “www.speedsk8in.com”. The system will attempt to replace this certificate with one that includes these additional domains.
6:59:12 PM The website “unilancer-com-br.workingformoneyonline.com”, owned by “workinh8”, has a valid SSL certificate, but additional SSL coverage may be possible for the domains “unilancer-com-br.workingformoneyonline.com” and “www.unilancer-com-br.workingformoneyonline.com”. The system will attempt to replace this certificate with one that includes these additional domains.
6:59:13 PM WARN The domain “clashforumcombr.workingformoneyonline.com” failed domain control validation: “clashforumcombr.workingformoneyonline.com” does not resolve to any IPv4 addresses on the internet. at bin/autossl_check.pl line 546.
6:59:13 PM WARN The domain “www.clashforumcombr.workingformoneyonline.com” failed domain control validation: “www.clashforumcombr.workingformoneyonline.com” does not resolve to any IPv4 addresses on the internet. at bin/autossl_check.pl line 546.
6:59:13 PM WARN All of “clashforumcombr.workingformoneyonline.com”’s unsecured domains failed domain control validation. AutoSSL skip this website. at bin/autossl_check.pl line 460.
6:59:13 PM WARN The domain “goldenwritings.com” failed domain control validation: The content “142” of the DCV file, as accessed at “http://goldenwritings.com/6346.BIN_AUTOSSL_CHECK_PL__.Vh51CLFP.cpaneldcv”, did not match the expected value. The domain “goldenwritings.com” resolved to an IP address “185.53.179.6” that does not exist on this server. at bin/autossl_check.pl line 546.
6:59:14 PM WARN The domain “mail.goldenwritings.com” failed domain control validation: The content “139” of the DCV file, as accessed at “http://mail.goldenwritings.com/6346.BIN_AUTOSSL_CHECK_PL__.iKLTPqSA.cpaneldcv”, did not match the expected value. The domain “mail.goldenwritings.com” resolved to an IP address “185.53.179.6” that does not exist on this server. at bin/autossl_check.pl line 546.
6:59:15 PM WARN The domain “www.goldenwritings.com” failed domain control validation: The content “139” of the DCV file, as accessed at “http://www.goldenwritings.com/6346.BIN_AUTOSSL_CHECK_PL__.LBfZ9zdn.cpaneldcv”, did not match the expected value. The domain “www.goldenwritings.com” resolved to an IP address “185.53.179.6” that does not exist on this server. at bin/autossl_check.pl line 546.
6:59:15 PM WARN All of “goldenwritings.workingformoneyonline.com”’s unsecured domains failed domain control validation. AutoSSL skip this website. at bin/autossl_check.pl line 460.
6:59:16 PM WARN The domain “mail.speedsk8in.com” failed domain control validation: The content “347” of the DCV file, as accessed at “http://mail.speedsk8in.com/6346.BIN_AUTOSSL_CHECK_PL__.2EUJBycI.cpaneldcv”, did not match the expected value. The domain “mail.speedsk8in.com” resolved to an IP address “208.73.211.70” that does not exist on this server. at bin/autossl_check.pl line 546.
6:59:17 PM WARN The domain “speedsk8in.com” failed domain control validation: The content “347” of the DCV file, as accessed at “http://speedsk8in.com/6346.BIN_AUTOSSL_CHECK_PL__.YQ_VsX1a.cpaneldcv”, did not match the expected value. The domain “speedsk8in.com” resolved to an IP address “208.73.211.70” that does not exist on this server. at bin/autossl_check.pl line 546.
6:59:18 PM WARN The domain “www.speedsk8in.com” failed domain control validation: The content “347” of the DCV file, as accessed at “http://www.speedsk8in.com/6346.BIN_AUTOSSL_CHECK_PL__.7qwpCYOv.cpaneldcv”, did not match the expected value. The domain “www.speedsk8in.com” resolved to an IP address “208.73.211.70” that does not exist on this server. at bin/autossl_check.pl line 546.
6:59:18 PM WARN All of “speedsk8in.workingformoneyonline.com”’s unsecured domains failed domain control validation. AutoSSL skip this website. at bin/autossl_check.pl line 460.
6:59:18 PM WARN The domain “unilancer-com-br.workingformoneyonline.com” failed domain control validation: “unilancer-com-br.workingformoneyonline.com” does not resolve to any IPv4 addresses on the internet. at bin/autossl_check.pl line 546.
6:59:18 PM WARN The domain “www.unilancer-com-br.workingformoneyonline.com” failed domain control validation: “www.unilancer-com-br.workingformoneyonline.com” does not resolve to any IPv4 addresses on the internet. at bin/autossl_check.pl line 546.
6:59:18 PM WARN All of “unilancer-com-br.workingformoneyonline.com”’s unsecured domains failed domain control validation. AutoSSL skip this website. at bin/autossl_check.pl line 460.
6:59:18 PM The system has completed the AutoSSL check for “workinh8”.
6:59:18 PM The system has finished checking 1 user.

Some of the above domains are already dead and I just have their folders on my server. Such as “speedsk8in and goldenwritings"


#11

That’s why it fails though - it’s trying to obtain certificates for “goldenwritings.com” because in the config it says it’s on your server - as it isn’t though, the certificate verification fails.

I’d suggest removing the domain from your config ( if they are really dead)


#12

Hi serverco,

Thank you again for your support.

I removed all those dead domains and ran it again. The log is much shorter, however still no Let’s Encrypt certificates were generated. They are nowhere to be found on the cpanel. All I see is the cPanel certificates to choose from. Here is the log I got now:

Log for the AutoSSL run for “workinh8”: Sunday, January 22, 2017 11:19:31 PM GMT-0200 (Let’s Encrypt™)

11:19:31 PM This system has AutoSSL set to use “Let’s Encrypt™”.
11:19:31 PM Checking websites for “workinh8” …
11:19:33 PM The website “clashforumcombr.workingformoneyonline.com”, owned by “workinh8”, has a valid SSL certificate, but additional SSL coverage may be possible for the domains “clashforumcombr.workingformoneyonline.com” and “www.clashforumcombr.workingformoneyonline.com”. The system will attempt to replace this certificate with one that includes these additional domains.
11:19:33 PM The website “unilancer-com-br.workingformoneyonline.com”, owned by “workinh8”, has a valid SSL certificate, but additional SSL coverage may be possible for the domains “unilancer-com-br.workingformoneyonline.com” and “www.unilancer-com-br.workingformoneyonline.com”. The system will attempt to replace this certificate with one that includes these additional domains.
11:19:34 PM WARN The domain “clashforumcombr.workingformoneyonline.com” failed domain control validation: “clashforumcombr.workingformoneyonline.com” does not resolve to any IPv4 addresses on the internet. at bin/autossl_check.pl line 546.
11:19:34 PM WARN The domain “www.clashforumcombr.workingformoneyonline.com” failed domain control validation: “www.clashforumcombr.workingformoneyonline.com” does not resolve to any IPv4 addresses on the internet. at bin/autossl_check.pl line 546.
11:19:34 PM WARN All of “clashforumcombr.workingformoneyonline.com”’s unsecured domains failed domain control validation. AutoSSL skip this website. at bin/autossl_check.pl line 460.
11:19:34 PM WARN The domain “unilancer-com-br.workingformoneyonline.com” failed domain control validation: “unilancer-com-br.workingformoneyonline.com” does not resolve to any IPv4 addresses on the internet. at bin/autossl_check.pl line 546.
11:19:34 PM WARN The domain “www.unilancer-com-br.workingformoneyonline.com” failed domain control validation: “www.unilancer-com-br.workingformoneyonline.com” does not resolve to any IPv4 addresses on the internet. at bin/autossl_check.pl line 546.
11:19:34 PM WARN All of “unilancer-com-br.workingformoneyonline.com”’s unsecured domains failed domain control validation. AutoSSL skip this website. at bin/autossl_check.pl line 460.
11:19:34 PM The system has completed the AutoSSL check for “workinh8”.
11:19:34 PM The system has finished checking 1 user.

If I browser the certificates I have when clicking on assing certificates or when I click on manage service SSL certificates, all the options I have are a bunch of:

cent6base-cpanel.pxe.unifiedlayer.com
Self-Signed
1/3/17
cent6base-cpanel.pxe.unifiedlayer.com 3

And a bunch of:

server.workingformoneyonline.com
www.server.workingformoneyonline.com
cPanel, Inc.
10/31/17
server.workingformoneyonline.com and www.server.workingformoneyonline.com


#13

You still appear to have “domains” on your account which don’t exist;

clashforumcombr.workingformoneyonline.com” does not resolve to any IPv4 addresses
www.clashforumcombr.workingformoneyonline.com” does not resolve to any IPv4 addresses
unilancer-com-br.workingformoneyonline.com” does not resolve to any IPv4 addresses
www.unilancer-com-br.workingformoneyonline.com” does not resolve to any IPv4 addresses

Let’s Encrypt will not issue certificates for domains that it can’t verify. As before, you need to remove domains that don’t exist from your account in order to obtain a certifcate by any “auto” method.


#14

Yeah, that’s strange. Those are all subdomains that are valid. Well they
are displayed incorrectly because those were the auto generated folders
that appeared once they were assigned to the cPanel. For instance…
www.clashforum.com.br is a valid subdomains for my main domain listed in
the log. Same for www.unilancer.com.br I don’t know what Let’s Encrypt is
trying to read, if i knew maybe I could rename the folders?


#15

www.clashforum.com.br may be a valid subdomain, but www.clashforumcombr.workingformoneyonline.com isn’t - which is what it’s complaining about. You can have them as folders within your account - but not as subdomains that don’t really exist.


#16

Hi serverco,

thanks for all the support, help, patience and guidance.

I talked to my support and informed of the issues. They simply did a DNS push which I don’t understand how this was not previously done on its own. But anyways, the certificates manage to install and I got the logs clean:

Log for the AutoSSL run for “workinh8”: Monday, January 23, 2017 3:27:53 PM GMT-0200 (Let’s Encrypt™)

3:27:53 PM This system has AutoSSL set to use “Let’s Encrypt™”.
3:27:53 PM Checking websites for “workinh8” …
3:27:55 PM The website “clashforumcombr.workingformoneyonline.com”, owned by “workinh8”, has a valid SSL certificate, but additional SSL coverage may be possible for the domains “clashforumcombr.workingformoneyonline.com” and “www.clashforumcombr.workingformoneyonline.com”. The system will attempt to replace this certificate with one that includes these additional domains.
3:27:55 PM The website “unilancer-com-br.workingformoneyonline.com”, owned by “workinh8”, has a valid SSL certificate, but additional SSL coverage may be possible for the domains “unilancer-com-br.workingformoneyonline.com” and “www.unilancer-com-br.workingformoneyonline.com”. The system will attempt to replace this certificate with one that includes these additional domains.
4:23:30 PM SUCCESS The system has installed a new certificate onto “workinh8”’s website “unilancer-com-br.workingformoneyonline.com”.
3:27:56 PM The system will attempt to renew SSL certificates for the following websites:
3:27:56 PM clashforumcombr.workingformoneyonline.com (clashforumcombr.workingformoneyonline.com clashforum.com.br www.clashforum.com.br mail.clashforum.com.br www.clashforumcombr.workingformoneyonline.com)
3:28:02 PM SUCCESS The system has installed a new certificate onto “workinh8”’s website “clashforumcombr.workingformoneyonline.com”.
3:28:02 PM The system has completed the AutoSSL check for “workinh8”.
3:28:02 PM The system has finished checking 1 user.

Now when I visit either domain http://www.clashforum.com.br/ or redirects to http://www.clashforum.com.br/forumdisplay.php/1-Forum-Principal but there is no certificate there. None of the pages in the domain have it.

but when I visit https://clashforum.com.br/ it shows as partially secure and the page is broken. The only redirect rules were installed by defualt with vbulletin but shouldn’t all pages under the same domain be secured and the pages not broken?

I am also trying to manually install the certificate on the domains which the system assigned these CPANEL certificates. When I go to:

> Install an SSL Certificate on a Domain

And type: iforumelite.com then I click on Autofill by domain. These CPANEL certificates are the only thing that show up:

Domains:
iforumelite.com
iforumelite.workingformoneyonline.com
mail.iforumelite.com
www.iforumelite.com
www.iforumelite.workingformoneyonline.com
Issuer: cPanel, Inc.
Key Size: 2,048 bits (a74a2a45 …)
Expiration: Feb 16, 2017 12:00:00 AM

Do I need to manually get the certificate and keys to update these from a site like: https://www.sslforfree.com/ ?


#17

The certificates are installed correctly by AutoSSL.

links to http do not use the certificate - only https ( hence http://www.clashforum.com.br/ would not have a certificate).

When you include links via “http” not “https” then you will get an “insecure” message. I’d suggest using https://www.whynopadlock.com/ to identify what links / images etc you need to update.


#18

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.