Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: sudo certbot certonly --apache -w /var/www/html -d -d

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn’t close to expiry.
(ref: /etc/letsencrypt/renewal/

What would you like to do?

1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)

Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel):
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for
http-01 challenge for
Waiting for verification…
Cleaning up challenges


  • Congratulations! Your certificate and chain have been saved at:
    Your key file has been saved at:
    Your cert will expire on 2018-12-28. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot
    again. To non-interactively renew all of your certificates, run
    “certbot renew”

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt:
    Donating to EFF:

My web server is (include version): Apache/2.4.34 (Fedora)

The operating system my web server runs on is (include version): Fedora release 28

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


Hi @DefiantPanda

if you use certonly, you have to install the certificate manual. This isn’t done, there is a “localhost.localdomain” - certificate.

You have 4 certificates created. So the next try -> limit 5 certificates.;include_subdomains:false;

Please share your apache configuration.


Sorry what part of the apache do you want? Just the conf file?


ServerRoot “/etc/httpd”
Listen 80
Include conf.modules.d/*.conf

AllowOverride none
Require all denied

DocumentRoot “/var/www/html”
<Directory “/var/www”>
AllowOverride none
Require all granted

<Directory “/var/www/html”>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted

DirectoryIndex index.html

<Files “.ht*”>
Require all denied

ErrorLog “logs/error_log”

LogLevel: Control the number of messages logged to the error_log.

Possible values include: debug, info, notice, warn, error, crit,

alert, emerg.

LogLevel warn

# # The following directives define some format nicknames for use with # a CustomLog directive (see below). # LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
  # You need to enable mod_logio.c to use %I and %O
  LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio

CustomLog "logs/access_log" combined

AddDefaultCharset UTF-8

TypesConfig /etc/mime.types

AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz

AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
MIMEMagicFile conf/magic

EnableSendfile on

IncludeOptional conf.d/*.conf


There is an additional ssl-configuration file, there are the definitions.

But: You can create 5 certificates per week with the same domain name set, so you should try one time without “certonly”. Perhaps the installation works - and you don’t need to change your configuration manual.

sudo certbot --apache -w /var/www/html -d -d


Unfortunately that didn’t work


Are there errors?

Your copy has only the port 80 - part, not the 443-part.


LoadModule ssl_module modules/

Listen 443
<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile "/path/to/"
    SSLCertificateKeyFile "/path/to/"

in one config file from conf.d/*.conf. Port 443 is running, so there must be a place with “SSLCertificateFile” etc.


The httpd.conf file loads the ssl.conf file

Listen 443 https

SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog

SSLSessionCacheTimeout  300

SSLRandomSeed startup file:/dev/urandom  256  
SSLRandomSeed connect builtin

SSLCryptoDevice builtin

<VirtualHost _default_:443>

# General setup for the virtual host, inherited from global configuration
#DocumentRoot "/var/www/html"

ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn

SSLEngine on

SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3

SSLHonorCipherOrder on


SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

<FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars 
<Directory "/var/www/cgi-bin">
    SSLOptions +StdEnvVars

BrowserMatch "MSIE [2-5]" \
     nokeepalive ssl-unclean-shutdown \
     downgrade-1.0 force-response-1.0

CustomLog logs/ssl_request_log \
      "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"




Could you please try this command?
apachectl -S (this would print all configuration files in use by Apache) (you might need to replace apachectl to apache2ctl if there’s a not found message)

Thank you


Running that command got no response



It should not load with no output…
I could see that your web server is Apache /2.4.34 which should have some meaningful output when executing apachectl -S

The website serves the correct certificate, could you also please try to locate the virtual host / configuration file for that site?

Thank you


In httpd.conf it says

# Supplemental Configuration
# Load config files in the "/etc/httpd/conf.d" directory, if any.
IncludeOptional conf.d/*.conf

In vhost.conf it has

<VirtualHost *:80>
    DocumentRoot /var/www/html
 RewriteEngine on
 RewriteCond %{SERVER_NAME} [OR]
 RewriteCond %{SERVER_NAME}
 RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]


There you see the usage of your “localhost” - certificate.


certbot certificates

to find the informations of one of your certificates, replace SSLCertificateFile and SSLCertificateKeyFile, reload your server.

Individual or Wildcard SSL which one is better

Thankyou, that worked.


How do you flag a moderator?



Thank you (or you are welcome)


Moderation note: Per @DefiantPanda’s request, I’ve edited everyone’s posts to change their domain name to


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.