New domain and more woes

was using a free domain now chucked

now using hardcoregames.ca

so I run the certbot to set certificates and I get an error

Failed redirect for hardcoregames.ca
Unable to set enhancement redirect for hardcoregames.ca
Unable to find corresponding HTTP vhost; Unable to create one as intended addresses conflict; Current configuration does not support automated redirection

Now I did add this to the apache2 sites available, so I wonder if I missed something

I am using a WP directive to hard code the new domain and ran search and replace when I ran across some escaped characters in URLs

So it looks like a real dog's breakfast

>>> http://hardcoregames.ca

> --------------------------------------------
> 301 Moved Permanently
> --------------------------------------------

Status: 301 Moved Permanently
Code: 301
Date: Thu, 11 Feb 2021 22:52:01 GMT
Server: Apache/2.4.41 (Ubuntu)
X-Redirect-By: WordPress
Location: http://www.hardcoregames.ca/
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

>>> https://hardcoregames.ca

> --------------------------------------------
> 301 Moved Permanently
> --------------------------------------------

Status: 301 Moved Permanently
Code: 301
Date: Thu, 11 Feb 2021 22:52:47 GMT
Server: Apache/2.4.41 (Ubuntu)
X-Redirect-By: WordPress
Location: https://www.hardcoregames.ca/
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

What say these?

sudo certbot certificates
sudo ls -laR /etc/letsencrypt
sudo apachectl -S
sudo ls -la /etc/apache2/sites-available
sudo ls -la /etc/apache2/sites-enabled

Found the following certs:
  Certificate Name: hardcoregames.ca
    Serial Number: 4a39490a8d1f821259a9697a1a8cdac6bf6
    Key Type: RSA
    Domains: hardcoregames.ca www.hardcoregames.ca
    Expiry Date: 2021-05-12 15:16:00+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/hardcoregames.ca/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/hardcoregames.ca/privkey.pem
  Certificate Name: hardcoregames.ga
    Serial Number: 44dd092343fa266b1f3c92e2dfea9671583
    Key Type: RSA
    Domains: hardcoregames.ga www.hardcoregames.ga
    Expiry Date: 2021-04-30 02:47:57+00:00 (VALID: 77 days)
    Certificate Path: /etc/letsencrypt/live/hardcoregames.ga/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/hardcoregames.ga/privkey.pem
  Certificate Name: www.hardcoregames.ga
    Serial Number: 47246aa45c6b3ffde55a8232f27db0be26f
    Key Type: RSA
    Domains: www.hardcoregames.ga
    Expiry Date: 2021-04-29 22:55:53+00:00 (VALID: 76 days)
    Certificate Path: /etc/letsencrypt/live/www.hardcoregames.ga/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/www.hardcoregames.ga/privkey.pem

Fair enough.

The rest of the outputs?

/etc/letsencrypt:
total 52
drwxr-xr-x   9 root root  4096 Feb 12 02:17 .
drwxr-xr-x 104 root root 12288 Feb 10 06:03 ..
drwx------   4 root root  4096 Jan 29 23:16 accounts
drwx------   5 root root  4096 Feb 11 16:16 archive
drwxr-xr-x   2 root root  4096 Feb 11 16:15 csr
drwx------   2 root root  4096 Feb 11 16:15 keys
drwx------   5 root root  4096 Feb 11 16:16 live
-rw-r--r--   1 root root   952 Jan 29 23:15 options-ssl-apache.conf
drwxr-xr-x   2 root root  4096 Feb 11 16:16 renewal
drwxr-xr-x   5 root root  4096 Jan 29 23:13 renewal-hooks
-rw-r--r--   1 root root    64 Jan 29 23:15 .updated-options-ssl-apache-conf-digest.txt

/etc/letsencrypt/accounts:
total 16
drwx------ 4 root root 4096 Jan 29 23:16 .
drwxr-xr-x 9 root root 4096 Feb 12 02:17 ..
drwx------ 3 root root 4096 Jan 29 23:16 acme-staging-v02.api.letsencrypt.org
drwx------ 3 root root 4096 Jan 29 23:13 acme-v02.api.letsencrypt.org

/etc/letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org:
total 12
drwx------ 3 root root 4096 Jan 29 23:16 .
drwx------ 4 root root 4096 Jan 29 23:16 ..
drwx------ 3 root root 4096 Jan 29 23:16 directory

/etc/letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org/directory:
total 12
drwx------ 3 root root 4096 Jan 29 23:16 .
drwx------ 3 root root 4096 Jan 29 23:16 ..
drwx------ 2 root root 4096 Jan 29 23:16 7946b6ae316ac7e6809b6d7fcfae697a

/etc/letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org/directory/7946b6ae316ac7e6809b6d7fcfae697a:
total 20
drwx------ 2 root root 4096 Jan 29 23:16 .
drwx------ 3 root root 4096 Jan 29 23:16 ..
-rw-r--r-- 1 root root   71 Jan 29 23:16 meta.json
-r-------- 1 root root 1632 Jan 29 23:16 private_key.json
-rw-r--r-- 1 root root   86 Jan 29 23:16 regr.json

/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org:
total 12
drwx------ 3 root root 4096 Jan 29 23:13 .
drwx------ 4 root root 4096 Jan 29 23:16 ..
drwx------ 3 root root 4096 Jan 29 23:14 directory

/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory:
total 12
drwx------ 3 root root 4096 Jan 29 23:14 .
drwx------ 3 root root 4096 Jan 29 23:13 ..
drwx------ 2 root root 4096 Jan 29 23:14 c8a130b3ac2af7307d782dd9d0c22199

/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/c8a130b3ac2af7307d782dd9d0c22199:
total 20
drwx------ 2 root root 4096 Jan 29 23:14 .
drwx------ 3 root root 4096 Jan 29 23:14 ..
-rw-r--r-- 1 root root   71 Jan 29 23:14 meta.json
-r-------- 1 root root 1632 Jan 29 23:14 private_key.json
-rw-r--r-- 1 root root   79 Jan 29 23:14 regr.json

/etc/letsencrypt/archive:
total 20
drwx------ 5 root root 4096 Feb 11 16:16 .
drwxr-xr-x 9 root root 4096 Feb 12 02:17 ..
drwxr-xr-x 2 root root 4096 Feb 11 16:16 hardcoregames.ca
drwxr-xr-x 2 root root 4096 Jan 30 03:47 hardcoregames.ga
drwxr-xr-x 2 root root 4096 Jan 29 23:55 www.hardcoregames.ga

/etc/letsencrypt/archive/hardcoregames.ca:
total 24
drwxr-xr-x 2 root root 4096 Feb 11 16:16 .
drwx------ 5 root root 4096 Feb 11 16:16 ..
-rw-r--r-- 1 root root 1879 Feb 11 16:16 cert1.pem
-rw-r--r-- 1 root root 1586 Feb 11 16:16 chain1.pem
-rw-r--r-- 1 root root 3465 Feb 11 16:16 fullchain1.pem
-rw------- 1 root root 1704 Feb 11 16:16 privkey1.pem

/etc/letsencrypt/archive/hardcoregames.ga:
total 56
drwxr-xr-x 2 root root 4096 Jan 30 03:47 .
drwx------ 5 root root 4096 Feb 11 16:16 ..
-rw-r--r-- 1 root root 1842 Jan 29 23:56 cert1.pem
-rw-r--r-- 1 root root 1846 Jan 29 23:57 cert2.pem
-rw-r--r-- 1 root root 1874 Jan 30 03:47 cert3.pem
-rw-r--r-- 1 root root 1586 Jan 29 23:56 chain1.pem
-rw-r--r-- 1 root root 1586 Jan 29 23:57 chain2.pem
-rw-r--r-- 1 root root 1586 Jan 30 03:47 chain3.pem
-rw-r--r-- 1 root root 3428 Jan 29 23:56 fullchain1.pem
-rw-r--r-- 1 root root 3432 Jan 29 23:57 fullchain2.pem
-rw-r--r-- 1 root root 3460 Jan 30 03:47 fullchain3.pem
-rw------- 1 root root 1704 Jan 29 23:56 privkey1.pem
-rw------- 1 root root 1704 Jan 29 23:57 privkey2.pem
-rw------- 1 root root 1704 Jan 30 03:47 privkey3.pem

/etc/letsencrypt/archive/www.hardcoregames.ga:
total 24
drwxr-xr-x 2 root root 4096 Jan 29 23:55 .
drwx------ 5 root root 4096 Feb 11 16:16 ..
-rw-r--r-- 1 root root 1858 Jan 29 23:55 cert1.pem
-rw-r--r-- 1 root root 1586 Jan 29 23:55 chain1.pem
-rw-r--r-- 1 root root 3444 Jan 29 23:55 fullchain1.pem
-rw------- 1 root root 1708 Jan 29 23:55 privkey1.pem

/etc/letsencrypt/csr:
total 44
drwxr-xr-x 2 root root 4096 Feb 11 16:15 .
drwxr-xr-x 9 root root 4096 Feb 12 02:17 ..
-rw-r--r-- 1 root root  928 Jan 29 23:15 0000_csr-certbot.pem
-rw-r--r-- 1 root root  928 Jan 29 23:43 0001_csr-certbot.pem
-rw-r--r-- 1 root root  928 Jan 29 23:55 0002_csr-certbot.pem
-rw-r--r-- 1 root root  932 Jan 29 23:55 0003_csr-certbot.pem
-rw-r--r-- 1 root root  928 Jan 29 23:56 0004_csr-certbot.pem
-rw-r--r-- 1 root root  928 Jan 29 23:57 0005_csr-certbot.pem
-rw-r--r-- 1 root root  956 Jan 30 03:47 0006_csr-certbot.pem
-rw-r--r-- 1 root root  956 Feb 11 16:15 0007_csr-certbot.pem
-rw-r--r-- 1 root root  956 Feb 11 16:15 0008_csr-certbot.pem

/etc/letsencrypt/keys:
total 44
drwx------ 2 root root 4096 Feb 11 16:15 .
drwxr-xr-x 9 root root 4096 Feb 12 02:17 ..
-rw------- 1 root root 1708 Jan 29 23:15 0000_key-certbot.pem
-rw------- 1 root root 1704 Jan 29 23:43 0001_key-certbot.pem
-rw------- 1 root root 1704 Jan 29 23:55 0002_key-certbot.pem
-rw------- 1 root root 1708 Jan 29 23:55 0003_key-certbot.pem
-rw------- 1 root root 1704 Jan 29 23:56 0004_key-certbot.pem
-rw------- 1 root root 1704 Jan 29 23:57 0005_key-certbot.pem
-rw------- 1 root root 1704 Jan 30 03:47 0006_key-certbot.pem
-rw------- 1 root root 1704 Feb 11 16:15 0007_key-certbot.pem
-rw------- 1 root root 1704 Feb 11 16:15 0008_key-certbot.pem

/etc/letsencrypt/live:
total 24
drwx------ 5 root root 4096 Feb 11 16:16 .
drwxr-xr-x 9 root root 4096 Feb 12 02:17 ..
drwxr-xr-x 2 root root 4096 Feb 11 16:16 hardcoregames.ca
drwxr-xr-x 2 root root 4096 Jan 30 03:47 hardcoregames.ga
-rw-r--r-- 1 root root  740 Jan 29 23:15 README
drwxr-xr-x 2 root root 4096 Jan 29 23:55 www.hardcoregames.ga

/etc/letsencrypt/live/hardcoregames.ca:
total 12
drwxr-xr-x 2 root root 4096 Feb 11 16:16 .
drwx------ 5 root root 4096 Feb 11 16:16 ..
lrwxrwxrwx 1 root root   40 Feb 11 16:16 cert.pem -> ../../archive/hardcoregames.ca/cert1.pem
lrwxrwxrwx 1 root root   41 Feb 11 16:16 chain.pem -> ../../archive/hardcoregames.ca/chain1.pem
lrwxrwxrwx 1 root root   45 Feb 11 16:16 fullchain.pem -> ../../archive/hardcoregames.ca/fullchain1.pem
lrwxrwxrwx 1 root root   43 Feb 11 16:16 privkey.pem -> ../../archive/hardcoregames.ca/privkey1.pem
-rw-r--r-- 1 root root  692 Feb 11 16:16 README

/etc/letsencrypt/live/hardcoregames.ga:
total 12
drwxr-xr-x 2 root root 4096 Jan 30 03:47 .
drwx------ 5 root root 4096 Feb 11 16:16 ..
lrwxrwxrwx 1 root root   40 Jan 30 03:47 cert.pem -> ../../archive/hardcoregames.ga/cert3.pem
lrwxrwxrwx 1 root root   41 Jan 30 03:47 chain.pem -> ../../archive/hardcoregames.ga/chain3.pem
lrwxrwxrwx 1 root root   45 Jan 30 03:47 fullchain.pem -> ../../archive/hardcoregames.ga/fullchain3.pem
lrwxrwxrwx 1 root root   43 Jan 30 03:47 privkey.pem -> ../../archive/hardcoregames.ga/privkey3.pem
-rw-r--r-- 1 root root  692 Jan 29 23:56 README

/etc/letsencrypt/live/www.hardcoregames.ga:
total 12
drwxr-xr-x 2 root root 4096 Jan 29 23:55 .
drwx------ 5 root root 4096 Feb 11 16:16 ..
lrwxrwxrwx 1 root root   44 Jan 29 23:55 cert.pem -> ../../archive/www.hardcoregames.ga/cert1.pem
lrwxrwxrwx 1 root root   45 Jan 29 23:55 chain.pem -> ../../archive/www.hardcoregames.ga/chain1.pem
lrwxrwxrwx 1 root root   49 Jan 29 23:55 fullchain.pem -> ../../archive/www.hardcoregames.ga/fullchain1.pem
lrwxrwxrwx 1 root root   47 Jan 29 23:55 privkey.pem -> ../../archive/www.hardcoregames.ga/privkey1.pem
-rw-r--r-- 1 root root  692 Jan 29 23:55 README

/etc/letsencrypt/renewal:
total 20
drwxr-xr-x 2 root root 4096 Feb 11 16:16 .
drwxr-xr-x 9 root root 4096 Feb 12 02:17 ..
-rw-r--r-- 1 root root  539 Feb 11 16:16 hardcoregames.ca.conf
-rw-r--r-- 1 root root  574 Jan 30 03:47 hardcoregames.ga.conf
-rw-r--r-- 1 root root  594 Jan 29 23:55 www.hardcoregames.ga.conf

/etc/letsencrypt/renewal-hooks:
total 20
drwxr-xr-x 5 root root 4096 Jan 29 23:13 .
drwxr-xr-x 9 root root 4096 Feb 12 02:17 ..
drwxr-xr-x 2 root root 4096 Jan 29 23:13 deploy
drwxr-xr-x 2 root root 4096 Jan 29 23:13 post
drwxr-xr-x 2 root root 4096 Jan 29 23:13 pre

/etc/letsencrypt/renewal-hooks/deploy:
total 8
drwxr-xr-x 2 root root 4096 Jan 29 23:13 .
drwxr-xr-x 5 root root 4096 Jan 29 23:13 ..

/etc/letsencrypt/renewal-hooks/post:
total 8
drwxr-xr-x 2 root root 4096 Jan 29 23:13 .
drwxr-xr-x 5 root root 4096 Jan 29 23:13 ..

/etc/letsencrypt/renewal-hooks/pre:
total 8
drwxr-xr-x 2 root root 4096 Jan 29 23:13 .
drwxr-xr-x 5 root root 4096 Jan 29 23:13 ..

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:443                  is a NameVirtualHost
         default server www.hardcoregames.ga (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
         port 443 namevhost www.hardcoregames.ga (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
                 alias hardcoregames.ga
                 alias hardcoregames.ca
         port 443 namevhost www.hardcoregames.ca (/etc/apache2/sites-enabled/000-default-le-ssl.conf:36)
                 alias hardcoregames.ca
*:80                   is a NameVirtualHost
         default server www.hardcoregames.ca (/etc/apache2/sites-enabled/000-default-le-ssl.conf:18)
         port 80 namevhost www.hardcoregames.ca (/etc/apache2/sites-enabled/000-default-le-ssl.conf:18)
                 alias hardcoregames.ca
         port 80 namevhost www.hardcoregames.ca (/etc/apache2/sites-enabled/000-default.conf:13)
                 alias hardcoregames.ca
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

drwxr-xr-x 2 root root 4096 Feb 11 18:18 .
drwxr-xr-x 8 root root 4096 Feb 11 18:18 ..
-rw-r--r-- 1 root root 697 Feb 11 17:25 000-default.conf
-rw-r--r-- 1 root root 1870 Feb 11 18:18 000-default-le-ssl.conf
-rw-r--r-- 1 root root 6338 Jul 16 2019 default-ssl.conf

total 8
drwxr-xr-x 2 root root 4096 Jan 30 03:47 .
drwxr-xr-x 8 root root 4096 Feb 11 18:18 ..
lrwxrwxrwx 1 root root 35 Jan 25 22:34 000-default.conf -> ../sites-available/000-default.conf
lrwxrwxrwx 1 root root 52 Jan 30 03:47 000-default-le-ssl.conf -> /etc/apache2/sites-available/000-default-le-ssl.conf

Hi @HardcoreGames

your configuration is buggy.

Duplicated combinations of port and list of domain names. Why is port 80 in the default-le-ssl file?

Merge both in one vHost, remove the other. Same error with your port 443 vHost.

And that's

???

Not related to fixing your actual issue (see @JuergenAuer s post for that..), but:

Is this certificate, with just the www subdomain, even still in use? Because you also have:

Which contains the same hostname but also the apex domain name, which is probably the prefered certificate. If you're only using the latter certificate, you could choose to remove the former if you're certain it isn't used. Why keep renewing an unused certificate indefinitely and consequently only add more load to the Let's Encrypt servers

is there a command to remove a certificate

Yes.   

$ certbot --help delete 
usage: 

  certbot delete --cert-name CERTNAME

optional arguments:
  -h, --help            show this help message and exit
  -c CONFIG_FILE, --config CONFIG_FILE
                        path to config file (default: /etc/letsencrypt/cli.ini and ~/.config/letsencrypt/cli.ini)

delete:
  Options for deleting a certificate

  --cert-name CERTNAME  Certificate name to apply. This name is used by Certbot for housekeeping and in file paths; it doesn't affect the content of the certificate itself. To see certificate names, run
                        'certbot certificates'. When creating a new certificate, specifies the new certificate's name. (default: the first provided domain or the name of an existing certificate on your system
                        for the same domains)

Well, your folders are looking great, which is a relief.

Your apache configuration on the other hand could use some TLC.

What are the outputs of these commands? Please put three backticks ``` on lines by themselves above and below each output.

sudo cat /etc/apache2/sites-available/000-default.conf
sudo cat /etc/apache2/sites-available/000-default-le-ssl.conf

#<VirtualHost *:80>
#ServerName www.hardcoregames.ga
#ServerAlias hardcoregames.ga
#ServerAdmin webmaster@localhost
#$DocumentRoot /var/www/html
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =hardcoregames.ga [OR]
#RewriteCond %{SERVER_NAME} =www.hardcoregames.ga
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
#</VirtualHost>


<VirtualHost *:80>
ServerName www.hardcoregames.ca
ServerAlias hardcoregames.ca
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
RewriteEngine on
RewriteCond %{SERVER_NAME} =hardcoregames.ca [OR]
RewriteCond %{SERVER_NAME} =www.hardcoregames.ca
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

~~~

#<VirtualHost *:80>
#ServerName www.hardcoregames.ga
#ServerAlias hardcoregames.ga
#ServerAdmin webmaster@localhost
#$DocumentRoot /var/www/html
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =hardcoregames.ga [OR]
#RewriteCond %{SERVER_NAME} =www.hardcoregames.ga
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
#</VirtualHost>


<VirtualHost *:80>
ServerName www.hardcoregames.ca
ServerAlias hardcoregames.ca
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
RewriteEngine on
RewriteCond %{SERVER_NAME} =hardcoregames.ca [OR]
RewriteCond %{SERVER_NAME} =www.hardcoregames.ca
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

~~~


<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName www.hardcoregames.ga
ServerAlias hardcoregames.ga
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
#${APACHE_LOG_DIR}/error.log CustomLog
#${APACHE_LOG_DIR}/access.log combined


Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias hardcoregames.ca
SSLCertificateFile /etc/letsencrypt/live/hardcoregames.ca/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/hardcoregames.ca/privkey.pem
</VirtualHost>
</IfModule>
<IfModule mod_ssl.c>
<VirtualHost *:80>
ServerName www.hardcoregames.ca
ServerAlias hardcoregames.ca
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
#${APACHE_LOG_DIR}/error.log CustomLog
#${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.

# RewriteCond %{SERVER_NAME} =hardcoregames.ca [OR]
# RewriteCond %{SERVER_NAME} =www.hardcoregames.ca
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

</VirtualHost>
</IfModule>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName www.hardcoregames.ca
ServerAlias hardcoregames.ca
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
#${APACHE_LOG_DIR}/error.log CustomLog
#${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.

# RewriteCond %{SERVER_NAME} =hardcoregames.ca [OR]
# RewriteCond %{SERVER_NAME} =www.hardcoregames.ca
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/hardcoregames.ca/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/hardcoregames.ca/privkey.pem
</VirtualHost>
</IfModule>

Thanks for that. I'll fix it once I return from lunch.

Put the following into /etc/apache2/sites-available/hardcoregames.ca.conf :

<VirtualHost *:80>
ServerName www.hardcoregames.ca
ServerAlias hardcoregames.ca
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
</VirtualHost>

Put the following into /etc/apache2/sites-available/hardcoregames.ga.conf :

<VirtualHost *:80>
ServerName www.hardcoregames.ga
ServerAlias hardcoregames.ga
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
</VirtualHost>

Run the following:

sudo a2dissite 000-default.conf
sudo a2dissite 000-default-le-ssl.conf
sudo a2ensite hardcoregames.ca.conf
sudo a2ensite hardcoregames.ga.conf
sudo apachectl -k graceful
sudo rm /etc/apache2/sites-available/000-default.conf
sudo rm /etc/apache2/sites-available/000-default-le-ssl.conf
sudo certbot delete --cert-name www.hardcoregames.ga
sudo certbot run --cert-name hardcoregames.ca --apache --keep
sudo certbot run --cert-name hardcoregames.ga --apache --keep

Bask in the glory!

I am not using the .ga domain anymore

I am am planning on adding more sites but I am pondering mechanizing the maintenance

i am not sure how easy certbot is with 12 sites all slugging it out on a server

so I am thinking I might mv my gaming site to /var/www/harcorgames.ca

Should be no problem if you keep their configuration files cleanly segregated. We've had people with 7,500 sites using certbot.