and how to update )?
In the public CT logs we see you have gotten many fresh certs in the past few days.
But, your certificate list still shows the old Expired cert.
How did you get those other certs? Did you get them on a different machine than this?
What command did you use to get these recent certs?
3 Likes
[root@ligalc ~]# sudo httpd -t -D DUMP_VHOSTS
VirtualHost configuration:
*:443 is a NameVirtualHost
default server host-109-171-25-22.bbcustomer.zsttk.net (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost host-109-171-25-22.bbcustomer.zsttk.net (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost ligalc.ru (/etc/httpd/conf.d/vhosts-le-ssl.conf:2)
alias www.ligalc.ru
*:80 ligalc.ru (/etc/httpd/conf.d/vhosts.conf:1)
[root@ligalc ~]#
...
Now, as I understand it, you need to delete the <VirtualHost *:443> section somewhere.
?
In
/etc/httpd/conf.d/ssl.conf:56
/etc/httpd/conf.d/ssl.conf:56(?)
/etc/httpd/conf.d/vhosts-le-ssl.conf:2
sudo certbot renew
In 56 line
/etc/httpd/conf.d/ssl.conf:56
/etc/httpd/conf.d/ssl.conf:56(?)
To delete it line ?
only 1 machine
The website is using the "www":
But the cert doesn't include the "www":
If this directory doesn't exist / doesn't match the correct DocumentRoot:
Then:
2 Likes
If there is an empty vhost section, then it can/should be deleted.
2 Likes
Hmm. I don't know why your certbot certificates would show an expired cert even when we see many new certs at https://crt.sh
What does this command show?
sudo certbot renew --dry-run
2 Likes
In DocumentRoot /var/www/html site content
<Directory /var/www/vhosts/ligalc.ru/www> in vhosts-le-ssl.conf
changed to
<Directory /var/www/ligalc.ru>
Is everything as it should be?
...
In 56 line
/etc/httpd/conf.d/ssl.conf cannot be deleted.. httpd reloads with error
I overlooked that bit.
I'd think something has changed the permissions on the files [or their sym-links] OR the sym-links have been replaced.
What shows?:
ls -lR /etc/letsencrypt/live/
3 Likes
[root@ligalc ~]# sudo certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/ligalc.ru.conf
Simulating renewal of an existing certificate for ligalc.ru
Congratulations, all simulated renewals succeeded:
/etc/letsencrypt/live/ligalc.ru/fullchain.pem (success)
[root@ligalc ~]#
What is in line 56?
2 Likes
Yes, I remembered)) I tried to reinstall the certificate, deleted the program, but the file configurations remained? After the reinstallation, I then made a certificate, but as it turned out, I couldn’t update...
How can I do everything without folder 1?
line
56 <VirtualHost _default_:443>
You'd have to also delete the end of that opening:
</VirtualHost>
Delete both.
And this is a problem:
Those sym-links are pointing to the wrong location.
2 Likes
[root@ligalc ~]# sudo certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/ligalc.ru.conf
Renewal configuration file /etc/letsencrypt/renewal/ligalc.ru.conf is broken.
The error was: target /etc/letsencrypt/archive/ligalc.ru-0001/cert1.pem of symlink /etc/letsencrypt/live/ligalc.ru/cert.pem does not exist
Skipping.
No simulated renewals were attempted.
Additionally, the following renewal configurations were invalid:
/etc/letsencrypt/renewal/ligalc.ru.conf (parsefail)
0 renew failure(s), 1 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
[root@ligalc ~]#
/etc/letsencrypt/archive - all deleted
/etc/letsencrypt/live - all deleted
/etc/letsencrypt/renewal - all deleted ...
[root@ligalc ~]# certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.
1: ligalc.ru
2: www.ligalc.ru
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Requesting a certificate for ligalc.ru
An unexpected error occurred:
Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: ligalc.ru, retry after 2024-04-05T20:05:55Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
[root@ligalc ~]#
In general, all we have to do is wait...
retry after 2024-04-05T20:05:55Z - its 5 april or 4 may ?