Manuel certificate renew failed

Help
1

My domain is: derwäscheladen.at --> (xn--derwscheladen-efb.at)

I ran this command: certbot renew

It produced this output:

cerbot output.PNG
cerbot output.PNG967×1092 271 KB

My web server is (include version): Apache/2.4.57 (Debian)

The operating system my web server runs on is (include version): Linux Debian 12

My hosting provider, if applicable, is: me

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.1.0

2

Your webserver, when requesting http://xn--derwscheladen-efb.at/ redirects to https://www.derwäscheladen.at/.

While the HTTP to HTTPS redirect usually isn't an issue, the punycode to IDN translation is, as IDN is not directly supported in DNS, but needs to be translated to punycode.

Also note that your certificate doesn't include the "apex" domain name, but only the www subdomain. You might want to include both.

2 Likes
3

Thank you, could you please help me how to do this? I'm relatively new to the web hosting topic.

1 Like
4 
www.xn--derwscheladen-efb.at

Above is the punycode value for your www domain. Just use that value in your Apache Rewrite, Redirect, or .htaccess instead of www.derwäscheladen.at

5 Likes
5

Thank you, unfortunately, the error still persists. Is this fine now, or:

Unbenannt
Unbenannt716×140 24 KB

6

You missed a dash (-). It should be two instead of one.

It should also include the slash (/) at the end.

2 Likes
7

Oh, my fault, sorry.
The error message is shorter now, but still present:

cerbot output2
cerbot output2950×479 83.4 KB

8

There's no such thing as THE error message; this one is a different one.

It seems you have two certificates sort of "known" to Certbot: one which just renewed just fine and one that's broken.

Please show the output of certbot certificates.

3 Likes
9

Yes, that's true, sorry.
Okay, that's interesting.

cerbot output3
cerbot output3951×342 69.3 KB

1 Like
10

Please show this file:
image

3 Likes
11

its empty😂

12

Well that would be a problem.

3 Likes
13

But why do I have 2 certificates, and do I really need both of them?

14

Based on the output of certbot certificates, you only have one [working] certificate.

Probably not.
But we can't even see the second one.

From what can be seen, the first includes -0001 which is usually a sign of things not going to plan.

3 Likes
15

Creating the certificate was done by someone else, and I just watched. But from what I know, there was initially a problem, and we had to try it again. I believe it had something to do with the "Punycode" or the "ä". Is it possible that these are the two certificates, and the non-functional one is the one that couldn't be created?

16

If a cert was created, then it can be used.
If a cert can't be used, then it wasn't created.

3 Likes
17

Okay, thank you. How should I proceed now? Does the website remain certified due to the functioning certificate, and should I just leave the non-functioning certificate as is, or what should I do?

1 Like
18

Please explain and detail:

2 Likes
19

Your cert for that domain was renewed but your Apache is not yet using it. You probably need to reload Apache. This should work: apache2ctl graceful

You should use cron to reload Apache daily or we can adjust your certbot renewal to do it every time the cert is renewed. Let us know what you prefer.

As for your "broken" renewal file that you say is empty you could just delete that renewal conf file. You can't use the normal certbot delete command because it is broken so just delete it manually.

/etc/letsencrypt/renewal/www.xn--derwscheladen-efb.at.conf
3 Likes
20

I meant that where the config file is empty.

I have done it.

I think I'll do it every time certbot renew. Would this command fit:

certbot renew --quiet && apache2ctl graceful