New Certficiate not point to the file

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:nblp.moph.go.th

I ran this command:certbot certificates

It produced this output:

--------------------------
root@nblp:/etc/letsencrypt/renewal# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewal configuration file /etc/letsencrypt/renewal/nblp.moph.go.th.conf produced an unexpected error: renewal config file {} is missing a required file reference. Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: nblp.moph.go.th-0001
    Domains: nblp.moph.go.th
    Expiry Date: 2023-09-24 02:33:22+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/nblp.moph.go.th-0001/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/nblp.moph.go.th-0001/privkey.pem

The following renewal configurations were invalid:
  /etc/letsencrypt/renewal/nblp.moph.go.th.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
root@nblp:/etc/letsencrypt/renewal#
------------------------------------------------------------

My web server is (include version):Apache2 in Ubuntu20.04

The operating system my web server runs on is (include version): Ubuntu20.04

My hosting provider, if applicable, is:-

I can login to a root shell on my machine (yes or no, or I don't know):Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):0.40.0
Any Help Any comment pls.

3

image
image982×701 37.5 KB

image
image499×597 10.9 KB

the new one is valid as pic to show

image
image827×305 9.51 KB

4

Hi @chit164,

Did you manually modify this file? Can you post its contents here?

You have two certificates managed by Certbot (probably with overlapping or identical domain name coverage), but Certbot is confused about how to renew one of them because of a problem with one or more files in /etc/letsencrypt (that might have been modified manually at some point).

Your web server configuration (probably under /etc/apache2) is probably pointing to the one in /etc/letsencrypt/live/nblp.moph.go.th/fullchain.pem instead of /etc/letsencrypt/live/nblp.moph.go.th-0001/fullchain.pem. This would be fine if the /etc/letsencrypt/live/nblp.moph.go.th/fullchain.pem certificate were being automatically renewed, but it isn't. The other certificate is being renewed automatically, but Apache doesn't know about it and hasn't been configured to use it.

You can try sudo grep -r /etc/letsencrypt /etc/apache2 to see where the relevant configuration references are located in your Apache configuration.

6 Likes
5

Thanks a lot, @schoen for looking to me. I'll tell you that I So appreciate that so much.
For the things that went wrong at the time It caused, I renew the Certificate, and It was not proper to display as it should be. It still shows expired. So I manually delete it/edit some config by myself. But now It looks pretty well but I test it at New tab (ssllabs.com) it still expired. Now /etc/letsencrypt/renewal/nblp.moph.go.th.conf is gone. The remain is as below

image
image1315×250 7.3 KB

1 Like
6

That looks good. You might need to do something like sudo service apache2 reload to get Apache to notice the new certificate (for example if you used certbot certonly when you originally got the certificate, so that it's not using the full Certbot Apache integration).

4 Likes
7

Roger that!!!
Thanks Guy.

1 Like
8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.