Missing a step?

griffin · January 24, 2021, 6:12pm

What's in this file?

/etc/apache2/sites-available/jmcs.conf

Also...

Don't mind us bantering. We're both regulars around here.

rg305 · January 24, 2021, 6:13pm

Ok so you have been able to get a cert!
But you must have used certonly though
Please show:
cat /etc/letsencrypt/renewal/jackiesmcs.com.conf

rg305 · January 24, 2021, 6:14pm

Yes!
The name of the sever is truly irrelevant.
It can (and should be) something like: "Server19-Rack42"
It should NEVER be used by the web service.

rg305 · January 24, 2021, 6:15pm

And STILL learning! - LOL

griffin · January 24, 2021, 6:15pm

I was thinking of the vHost ServerName. Guess that message just means the global ServerName.

griffin · January 24, 2021, 6:16pm

Always, my friend.

Leavii · January 24, 2021, 6:17pm

@griffin
/etc/apache2/sites-available/jmcs.conf contains:

<VirtualHost *:80>
    ServerName jackiesmcs.com
    ServerAlias jackiesmcs.com
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/jmcs
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    <Directory /var/www/jmcs/>
            AllowOverride All
    </Directory>

RewriteEngine on
RewriteCond %{SERVER_NAME} =jackiesmcs.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

@rg305
cat /etc/letsencrypt/renewal/jackiesmcs.com/conf outputs:

# renew_before_expiry = 30 days
version = 1.11.0
archive_dir = /etc/letsencrypt/archive/jackiesmcs.com
cert = /etc/letsencrypt/live/jackiesmcs.com/cert.pem
privkey = /etc/letsencrypt/live/jackiesmcs.com/privkey.pem
chain = /etc/letsencrypt/live/jackiesmcs.com/chain.pem
fullchain = /etc/letsencrypt/live/jackiesmcs.com/fullchain.pem

# Options used in the renewal process
[renewalparams]
account = bd0cd1f0ec15f52f8521fd236a263e6d
authenticator = apache
installer = apache
manual_public_ip_logging_ok = None
server = https://acme-v02.api.letsencrypt.org/directory

rg305 · January 24, 2021, 6:17pm

hmm...
Well then something has gone awry!

griffin · January 24, 2021, 6:18pm

Make that www.jackiesmcs.com

Get rid of this:

rg305 · January 24, 2021, 6:19pm

My name is: JOE
My alias is: JOE

Not much of an alias!

Leavii · January 24, 2021, 6:19pm

@griffin

Corrected to www.jackiesmcs.com and restarted apache2.service.

Thanks for all the help by the way

griffin · January 24, 2021, 6:19pm

Make sure when you're reloading to use:

apachectl -k graceful

rg305 · January 24, 2021, 6:20pm

We need to force an install - so that a matching TLS enabled site is created.
Or we could do it by hand - but why?

Leavii · January 24, 2021, 6:20pm

Was using systemctl restart apache2.service

rg305 · January 24, 2021, 6:21pm

That should work as well.
[many ways to skin cats!]

Leavii · January 24, 2021, 6:21pm

I had www. in their at some point, but removed it. Not 100% sure why just never went back

Leavii · January 24, 2021, 6:23pm

Removed this as well and restarted service.

rg305 · January 24, 2021, 6:23pm

How about we delete the current (one named) cert.
And start over
Go for the two named cert and a real installation

? ? ?

griffin · January 24, 2021, 6:24pm

Considering that you don't have an A or CNAME record in your DNS for www.jackiesmcs.com, it's rather a moot point.

Leavii · January 24, 2021, 6:24pm

I do have an A record in DNS at domains.google.com

Topic		Replies	Views
Unable to add certificate Help	4	486	August 8, 2021
Clueless Newbie Help	5	1294	November 17, 2017
Error With Website Certificate Help	7	1318	April 15, 2022
Attempt two, use certbot to install certificates Help	3	761	March 12, 2020
Cannot obtain a certificate Help	2	965	December 14, 2021

Missing a step?

Related topics