Ok. Good. Now try certbot --apache again (not renew). It should ask if you want to install current cert and that should work. I don't use that "install" often so if it does not work just choose to get fresh cert (you only got 1 in past week so no worry about rate limit).
Show any questions and answers from this process.
I will be away for a short while but others can help if that does not work
That worked. It created a port 443 virtual host and now our site shows secured. Don't know why certbot didn't do it the first time because I virtually went through all the same steps here with you.
Thanks for helping and being patient.
So one final question, how can we set Apache to always redirect to the secure site?
Nevermind, I figured it out. Basically a permanent redirect on the port 80 virtual host.
Sorry, I missed something in my "repair" instructions that you should correct.
Add a line with ServerAlias www.starionhost.net to both of the VirtualHost (port 80 and 443). Just place it under the ServerName you already have in each one.
Then, rerun certbot like this
certbot --apache -d starionhost.net -d www.starionhost.net
It will ask if you want to expand, choose that.
Right now you have a cert for just the starionhost.net name. The http redirects work fine to that name but anyone trying https://www.starionhost.net will fail with "invalid cert" because the cert does not have that name in it.
Already caught that and fixed it. 
Might want to check again
Compare that result to using the apex name (w/out www)
It shows good both ways....?
Weird. It did not for me. But, yes, it does now.
Nevermind
Whew! I've had enough issues this week, nothing but little fires like this to put out.
Our authentication server to our mail server (MySQL) crashed. I've spent all week rebuilding 10 years worth of server stuff in three days. I also took the opportunity to move it off of our actual server box, closed out our space in our data center, and put it all up on Vultr as an instance.
Should have done that years ago!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.