Lets Encrypt create a new conf file *-le-SSL.conf , even though I have a conf file already available

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:happimed.com

I ran this command: sudo certbot --apache -d happimed.com -d www.happimed.com

It produced this output:

root@ubuntu-s-4vcpu-8gb-01:/etc/apache2/sites-available# sudo certbot --apache -d happimed.com -d www.happimed.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/happimed.com.conf)

What would you like to do?


1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)


Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Keeping the existing certificate
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/happimed.conf
Created an SSL vhost at /etc/apache2/sites-available/happimed-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/happimed-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.


1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.


Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Failed redirect for happimed.com
Unable to set enhancement redirect for happimed.com
Unable to find corresponding HTTP vhost; Unable to create one as intended addresses conflict; Current configuration does not support automated redirection

IMPORTANT NOTES:

  • We were unable to set up enhancement redirect for your server,
    however, we successfully installed your certificate.
  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/happimed.com/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/happimed.com/privkey.pem
    Your cert will expire on 2021-02-14. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot again
    with the "certonly" option. To non-interactively renew all of
    your certificates, run "certbot renew"

My web server is (include version): Apache latest

The operating system my web server runs on is (include version): Ubuntu 18.04

My hosting provider, if applicable, is: Digital Ocean

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.31.0

1 Like

That's no good! Could you please show us the output of:

sudo apachectl -t -D DUMP_VHOSTS
1 Like

sudo apachectl -t -D DUMP_VHOSTS

VirtualHost configuration:
*:443

port 443 namevhost happimed.com (/etc/apache2/sites-enabled/happimed-le-ssl.conf:21)
alias www.happimed.com
port 443 namevhost happimed.com (/etc/apache2/sites-enabled/happimed.conf:2)
alias happimed.com

*:80

port 80 namevhost happimed.com (/etc/apache2/sites-enabled/happimed.conf:26)
alias www.happimed.com

PS: I have many other virtual host..........but this is the one causing the issue......

1 Like

Perhaps the issue is that the HTTPS virtualhost in happimed.conf does not include www.happimed.com as a ServerAlias.

So Certbot tries to create a new one, which results in a partial duplication/conflict.

If you add the ServerAlias, remove happimed-le-ssl.conf and try again, does the issue still persist?

5 Likes

Your observation is spot on.........I was missing the "www" in the Server Alias.
Thanks for your help. Appreciate it very much. It resolved my issue.

4 Likes