Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: cirrusbellassociates.com
I ran these commands and got this output:
ubuntu@ip----:~ sudo snap install core; sudo snap refresh core
snap "core" is already installed, see 'snap help refresh'
snap "core" has no updates available
ubuntu@ip----:~ sudo apt-get remove certbot
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package 'certbot' is not installed, so not removed
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
ubuntu@ip----:~ sudo snap install --classic certbot
certbot 1.14.0 from Certbot Project (certbot-eff✓) installed
ubuntu@ip----:~ sudo ln -s /snap/bin/certbot /usr/bin/certbot
ubuntu@ip----:~$ sudo certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): cirrus.secure@gmail.com
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server. Do you agree?
(Y)es/(N)o: Y
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
(Y)es/(N)o: N
Account registered.
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter 'c' to cancel): cirrusbellassociates.com www.cirrusbellassociates.com sandbox.cirrusbellassociates.com blog.cirrusbellassociates.com
Requesting a certificate for cirrusbellassociates.com and 3 more domains
Performing the following challenges:
http-01 challenge for blog.cirrusbellassociates.com
http-01 challenge for cirrusbellassociates.com
http-01 challenge for sandbox.cirrusbellassociates.com
http-01 challenge for www.cirrusbellassociates.com
Enabled Apache rewrite module
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/000-default-le-ssl.conf
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Deploying Certificate to VirtualHost /etc/apache2/sites-available/000-default-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/000-default-le-ssl.conf
We were unable to find a vhost with a ServerName or Address of www.cirrusbellassociates.com.
Which virtual host would you like to choose?
1: 000-default.conf | | | Enabled
2: 000-default-le-ssl.conf | cirrusbellassociates. | HTTPS | Enabled
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Deploying Certificate to VirtualHost /etc/apache2/sites-available/000-default-le-ssl.conf
We were unable to find a vhost with a ServerName or Address of sandbox.cirrusbellassociates.com.
Which virtual host would you like to choose?
1: 000-default.conf | | | Enabled
2: 000-default-le-ssl.conf | Multiple Names | HTTPS | Enabled
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Deploying Certificate to VirtualHost /etc/apache2/sites-available/000-default-le-ssl.conf
We were unable to find a vhost with a ServerName or Address of blog.cirrusbellassociates.com.
Which virtual host would you like to choose?
1: 000-default.conf | | | Enabled
2: 000-default-le-ssl.conf | Multiple Names | HTTPS | Enabled
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Deploying Certificate to VirtualHost /etc/apache2/sites-available/000-default-le-ssl.conf
Enabled Apache rewrite module
Redirecting vhost in /etc/apache2/sites-enabled/000-default.conf to ssl vhost in /etc/apache2/sites-available/000-default-le-ssl.conf
Congratulations! You have successfully enabled https://cirrusbellassociates.com,
https://www.cirrusbellassociates.com, https://sandbox.cirrusbellassociates.com,
and https://blog.cirrusbellassociates.com
IMPORTANT NOTES:
-
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/cirrusbellassociates.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/cirrusbellassociates.com/privkey.pem
Your certificate will expire on 2021-07-19. To obtain a new or
tweaked version of this certificate in the future, simply run
certbot again with the "certonly" option. To non-interactively
renew all of your certificates, run "certbot renew" -
If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
ubuntu@ip----:~$ Account registered.
Enabled Apache ssl module
Deploying Certificate to VirtualHost /etc/apache2/sites-available/000-default-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/000-default-le-ssl.conf
ubuntu@ip----:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.2 LTS
Release: 20.04
Codename: focal
ubuntu@ip----:~$ apachectl -V
Server version: Apache/2.4.41 (Ubuntu)
Server built: 2020-08-12T19:46:17
Server's Module Magic Number: 20120211:88
Server loaded: APR 1.6.5, APR-UTIL 1.6.1
Compiled using: APR 1.6.5, APR-UTIL 1.6.1
Architecture: 64-bit
Server MPM: event
threaded: yes (fixed thread count)
forked: yes (variable process count)
Server compiled with....
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=256
-D HTTPD_ROOT="/etc/apache2"
-D SUEXEC_BIN="/usr/lib/apache2/suexec"
-D DEFAULT_PIDLOG="/var/run/apache2.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="mime.types"
-D SERVER_CONFIG_FILE="apache2.conf"
ubuntu@ip----:~$ sudo systemctl status apache2
apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2021-04-20 19:36:38 UTC; 18h ago
Docs: Apache HTTP Server Version 2.4 Documentation - Apache HTTP Server Version 2.4
Process: 1797 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
Process: 5838 ExecReload=/usr/sbin/apachectl graceful (code=exited, status=0/SUCCESS)
Main PID: 1811 (apache2)
Tasks: 56 (limit: 556)
Memory: 10.6M
CGroup: /system.slice/apache2.service
├─ 1811 /usr/sbin/apache2 -k start
├─14569 /usr/sbin/apache2 -k start
├─14570 /usr/sbin/apache2 -k start
└─14571 /usr/sbin/apache2 -k start
Apr 20 19:36:37 ip-172-26-13-6 systemd[1]: Stopped The Apache HTTP Server.
Apr 20 19:36:37 ip-172-26-13-6 systemd[1]: Starting The Apache HTTP Server...
Apr 20 19:36:38 ip-172-26-13-6 systemd[1]: Started The Apache HTTP Server.
Apr 21 00:00:24 ip-172-26-13-6 systemd[1]: Reloading The Apache HTTP Server.
Apr 21 00:00:24 ip-172-26-13-6 systemd[1]: Reloaded The Apache HTTP Server.
ubuntu@ip----:~$ sudo certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/cirrusbellassociates.com.conf
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Simulating renewal of an existing certificate for cirrusbellassociates.com and 3 more domains
Performing the following challenges:
http-01 challenge for blog.cirrusbellassociates.com
http-01 challenge for cirrusbellassociates.com
http-01 challenge for sandbox.cirrusbellassociates.com
http-01 challenge for www.cirrusbellassociates.com
Waiting for verification...
Cleaning up challenges
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/cirrusbellassociates.com/fullchain.pem
Congratulations, all simulated renewals succeeded:
/etc/letsencrypt/live/cirrusbellassociates.com/fullchain.pem (success)
ubuntu@ip----:~$ nmap -sT -r -n -p443,80 cirrusbellassociates.com
Starting Nmap 7.80 ( https://nmap.org ) at 2021-04-21 13:41 UTC
Nmap scan report for cirrusbellassociates.com (52.205.5.11)
Host is up (0.00056s latency).
PORT STATE SERVICE
80/tcp open http
443/tcp filtered https
Nmap done: 1 IP address (1 host up) scanned in 1.29 seconds
ubuntu@ip----:~$
It produced this output: also see attached screenshot of let's debug result
My web server is (include version): see above
The operating system my web server runs on is (include version): see above
My hosting provider, if applicable, is: AWS lightspeed
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.14.0, also
