Let's Encrypt can't find correct vhost (CentOS 7 on Digital Ocean)

prcutler · April 21, 2016, 12:17pm

Hi,

I’ve been using Let’s Encrypt on my main domain for the last couple months and it’s been working great (thanks so much to Let’s Encrypt for doing this!)

Yesterday, after everything has been working great on my main domain (paulcutler.org), I decided to generate certs for all of the other domains on my server.

I’m using CentOS7 on Digital Ocean and followed the how-to Digital Ocean has: https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-centos-7

I added 3 additional domains and they’re all working great. But I realized that my main domain at paulcutler.org I didn’t set up the cert to work with the www prefix as well.

So I ran:

`/letsencrypt-auto --apache -d paulcutler.org -d www.paulcutler.org

The console shows me that it sees the certificate:

`│ You have an existing certificate that contains exactly the same │
│ domains you requested and isn’t close to expiry. │
│ (ref: /etc/letsencrypt/renewal/paulcutler.org.conf) │
│ │
│ What would you like to do? │
│ ┌──────────────────────────────────────────────────────────────────┐ │
│ │ 1 Attempt to reinstall this existing certificate │ │
│ │ 2 Renew & replace the cert (limit ~5 per 7 days)``

But on the next screen it doesn’t see my vhost configuration file:

We were unable to find a vhost with a ServerName or Address of │
│ paulcutler.org. │
│ Which virtual host would you like to choose? │
│ (note: conf files with multiple vhosts are not yet supported) │
│ ┌──────────────────────────────────────────────────────────────────┐ │
│ │1 ssl.conf | | HTTPS │ │
│ │2 stoneopen.com-le-ssl.conf | Multiple Names | HTTPS │ │
│ │3 mlbpool2.com.conf | Multiple Names | │ │
│ │4 mlbpool2-le-ssl.conf | Multiple Names | HTTPS │ │
│ │5 nflpool.xyz-le-ssl.conf | Multiple Names | HTTPS │ │
│ │6 stoneopen.com.conf | Multiple Names | │ │
│ │7 nflpool.xyz.conf | Multiple Names |

I think the problem might be related to the fact that when I first installed the SSL certificate I did it as a “certonly” install. I do see paulcutler.org.conf in my sites-available and a symlink in my sites-enabled as it should be.

I’m worried that when it comes time to renew it’s not going to renew correctly due to the error above. What would be the next steps andright way to fix this?

Thanks in advance for any help.

Paul

Neilpang · April 21, 2016, 1:53pm

You can try my client: https://github.com/Neilpang/acme.sh

acme.sh  --issue    --apache    -d paulcutler.org  -d www.paulcutler.org

serverco · April 21, 2016, 2:13pm

in the file for paulcutler.org in your sites-enabled only have the one domain in it ? or does it have multiple domains in that file ( the official client currently only supports one domain per vhost file when using that --apache flag). That doesn’t stop you updating the certificate, it just means you can’t do it using the automatic --apache flag.

prcutler · April 21, 2016, 3:34pm

Thank you - this was it. My .conf file had a VirtualHosts entry for both port 80 and port 443. Splitting this apart fixed everything.

Thanks for all the quick responses!

system · May 21, 2016, 3:34pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.