Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: www.ash.coop
I ran this command: ./letsencrypt-auto --verbose
It produced this output:
My web server is (include version): Apache/2.4.41 (cPanel)
The operating system my web server runs on is (include version): CENTOS 7.7 cpanel 84.0.15
your Cpanel want to control server one way, and letsencrypt-auto did webserver config other way.
Cpanel doesn’t expect your server config changed by anything else, so I’d say backup your site (don’t forget database!) and reinstall you node from beginning
an alternative might be to ditch the cpanel plugin and disable autoSSL and try and get letsencrypt-auto to work …
this is the error …
File: /etc/httpd/conf.d/le_http_01_challenge_pre.conf - Could not be found to be deleted
- Certbot probably shut down unexpectedly
File: /etc/httpd/conf.d/le_http_01_challenge_post.conf - Could not be found to be deleted
- Certbot probably shut down unexpectedly
An unexpected error occurred:
IOError: [Errno 2] No such file or directory: '/etc/httpd/conf.d/le_http_01_challenge_pre.conf'
You can’t use letsencrypt-auto like that. Certbot doesn’t understand how cPanel manages Apache, and they are incompatible. In a perfect world, Certbot should refuse to run if somebody tries to use its Apache plugin under cPanel.
In cPanel, certificates have to be managed through the user interface or cPanel API.
That is the only way they will survive automatic rehahes of the configuration (i.e. /scripts/rebuildhttpconf).
Hi and thanks and phew. This was the reason for my original post - the cpanel plugin is throwing up some dns errors and I was wondering whether letsencrypt-auto was in some way effecting it although I can’t see any reason why it should.
I’ve been managing paid for certificates through cpanel for a couple years now but I am quite new to letsencrypt. as I understand it the cpanel plugin effectively does away with Certbot is that correct ?
When you install cPanel these days, you shouldn't have to do a single thing. Your domains should be automatically protected by certificates shortly after you set them up.
This is because cPanel have partnered with Comodo/Sectigo to provide free, automatically renewing certificates for all domains hosted on every cPanel server.
And indeed, if you visit https://www.ash.coop/ - you will see that you already have such a certificate installed.
If you are having problems with renewals of certificates via AutoSSL, then ask cPanel support about it. That's what they're there for, and they'll be more than happy to look into it for you.
brilliant, thanks for the clarification.
the renewal issue is with my mail server but I’ve added a DNS record that should fix that. I’m already in contact with cPanel about it, I came here to iron out some of my ignorance about letsencrypt.
thanks again for your help.