While we had a certificate for three months, now that it is expired, I get the following error when I manualy run “certbot renew”
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/DOMAIN.COM.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for DOMAIN.COM
Cleaning up challenges
Attempting to renew cert (DOMAIN.COM) from /etc/letsencrypt/renewal/DOMAIN.COM.conf produced an unexpected error: Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/DOMAIN.COM/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/DOMAIN.COM/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
Since there was a working certificate, why should I get this error now? Currently, we have the following entry in /etc/httpd/conf.d/ssl.conf
<VirtualHost _default_:443>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/DOMAIN.COM/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/DOMAIN.COM/privkey.pem
SSLCACertificateFile /etc/letsencrypt/live/DOMAIN.COM/fullchain.pem
<Directory "/var/www/html/">
Options FollowSymLinks
AllowOverride All
Order allow,deny
allow from all
Require all granted
</Directory>
DocumentRoot /var/www/html/
....