Hey guys, the Mac OS Server just runs for the profilemanager to administrate apple clients. Now i want to renew my lets encrypt cert for the first time, but it doesn`t work. So maybe you can help me? That would be really nice.
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version): Apache/2.4.41
The operating system my web server runs on is (include version): 10.15 - Catalina
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 1.8.0
The error message with sudo certbot renew:
Attempting to renew cert (server.kaifu-gymnasium.de) from /etc/letsencrypt/renewal/server.kaifu-gymnasium.de.conf produced an unexpected error: Missing command line flag or config entry for this setting:
Input the webroot for server.kaifu-gymnasium.de:. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/server.kaifu-gymnasium.de/fullchain.pem (failure)
It seems your renewal configuration has been damaged. Normally, this should not have happened. Did you modify it by any chance? And could you paste the output here?
No, my fault, it is obvious to me, but I can understand it's not for someone who doesn't have much experience with certbot.
So it seems your renewal configuration file is missing the actual webroot setting for the webroot plugin. It also doesn't specify the apache plugin as an installer. Do you remember (or have it stored somewhere) the original command you've used to get the cert? (Maybe history | grep certbot might still have it remembered.)
Ah, well, the --standalone option should not be used unless it’s really necessary for the situation IMO. It seems you want to “move over” to the apache plugin, which I can understand.
However, if you used that command, why does the renewal configuration file say you’ve used the webroot authenticator previously? Still doesn’t really add up…
But if you want to change to the apache plugin, why not let that plugin authenticate the hostname too? Why use the webroot anyway? I read the How To… It’s horrible… Just horrible…
I would try sudo certbot renew --apache without any other arguments and see what happens.
Cert is due for renewal, auto-renewing…
Could not find ssl_module; not disabling session tickets.
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for server.kaifu-gymnasium.de
Cleaning up challenges
Attempting to renew cert (server.kaifu-gymnasium.de) from /etc/letsencrypt/renewal/server.kaifu-gymnasium.de.conf produced an unexpected error: Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80… Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/server.kaifu-gymnasium.de/fullchain.pem (failure)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/server.kaifu-gymnasium.de/fullchain.pem (failure)
OK, so now I'm puzzled.. You say you're using Apache. But that guide about MacOS MDM Server doesn't mention Apache at all? Not sure if the apache plugin would work... It most certainly won't work if there isn't any Apache in play of course.
Well, I was majorly confused as you told us in your first post your webserver was Apache? Without a "normal" webserver like Apache this is very out of my league. I have no MacOS experience what so ever, so I'm not the right person to help you with that.. I thought you were actually using Apache.
I would recommend following the guide again, because it seems you haven't done what the guide told you. Your renewal configuration file is missing critical information, which is included in the guide you mentioned. The webroot_path and [[webroot_map]] parts are missing.