Problem while adding a subdomain to a certificate

My domain is:
acupuncture-nantes.fr

I ran this command:
certbot --apache

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?


1: acupuncture-ancenis.fr
2: www.acupuncture-ancenis.fr
3: acupuncture-nantes.fr
4: mail.acupuncture-nantes.fr
5: www.acupuncture-nantes.fr
6: calligraphie-chinoise-paris.fr
7: www.calligraphie-chinoise-paris.fr
8: mtc-nantes.fr
9: admin.mtc-nantes.fr
10: consult.mtc-nantes.fr
11: poterie-aisne.fr
12: www.poterie-aisne.fr
13: r0dy.net
14: a.r0dy.net
15: admin.r0dy.net
16: mtc.r0dy.net
17: tlvtle.r0dy.net
18: www.r0dy.net
19: terre-encre.net
20: www.terre-encre.net


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 4
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mail.acupuncture-nantes.fr
Waiting for verification...
Challenge failed for domain mail.acupuncture-nantes.fr
http-01 challenge for mail.acupuncture-nantes.fr
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

My web server is (include version):
Apache/2.4.41

The operating system my web server runs on is (include version):
Ubuntu 20.04

My hosting provider, if applicable, is:
OVH

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 0.40.0


all other domains and subdomains listed above, i didnt get any problem to create/add certificates.

Here is /etc/apache2/sites-enabled/acupuncture-nantes.fr.conf :

    <VirtualHost *:80>
    ServerAdmin thomas@acupuncture-nantes.fr
    ServerName acupuncture-nantes.fr
    ServerAlias www.acupuncture-nantes.fr mtc-nantes.fr mail.acupuncture-nantes.fr
    DocumentRoot /var/www/acupuncture-nantes.fr
    <Directory /var/www/acupuncture-nantes.fr/>
            AllowOverride All
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

RewriteEngine on
RewriteCond %{HTTP_HOST} =acupuncture-nantes.fr [OR]
RewriteCond %{HTTP_HOST} =www.acupuncture-nantes.fr [OR]
RewriteCond %{HTTP_HOST} =mail.acupuncture-nantes.fr [OR]
RewriteCond %{HTTP_HOST} =mtc-nantes.fr
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

and here is /etc/apache2/sites-enabled/acupuncture-nantes.fr-le-ssl.conf :

<IfModule mod_ssl.c>
<VirtualHost *:443>

    ServerAdmin thomas@acupuncture-nantes.fr
    ServerName acupuncture-nantes.fr
    Alias /mail /usr/share/roundcube
    ServerAlias www.acupuncture-nantes.fr mtc-nantes.fr mail.acupuncture-nantes.fr
    DocumentRoot /var/www/acupuncture-nantes.fr
    <Directory /var/www/acupuncture-nantes.fr/>
            AllowOverride All
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/acupuncture-nantes.fr/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/acupuncture-nantes.fr/privkey.pem
</VirtualHost>
</IfModule>

and here is my dns zone :

@ 10800 IN A 193.70.86.96
admin 10800 IN CNAME @
consult 10800 IN CNAME @
mail 10800 IN CNAME @
www 10800 IN CNAME @
@ 10800 IN MX 10 mail.acupuncture-nantes.fr.

My goal here is to enable ssl for mail transfers (dovecot installed and running), i just added mail.acupuncture-nantes.fr in the web server aliases because i thought it would solve the problem, at first, and allow me to add the certificate.

Any help would be very welcome :slight_smile:

1 Like

Hi @r0dy

your vHost definition has 4 domain names.

But you want to create a certificate with one domain name.

Conclusion: There is no matching vHost, Certbot has problems to find the correct vHost.

  • Create one certificate with 4 domain names used in your vHost (or)
  • create a new vHost and remove the mail subdomain from that vHost.

Check your config with apachectl -S.

1 Like

Hi @JuergenAuer , thank you very much for your reply.
I think I understand your explanation, but i'm having troubles to apply the solution.
I deleted the certificate acupuncture-nantes.fr and all the -le-ssl.conf files of the vhosts
Then i did :
certbot --apache -d acupuncture-nantes.fr --> ok
and then
certbot --apache --> I got the same error.
Then i deleted the certificate again and tried :
certbot --apache -d acupuncture-nantes.fr -d mtc-nantes.fr -d www.acupuncture-nantes.fr -d mail.acupuncture-nantes.fr
--> same error.

Then i removed the mail alias from the conf file and tried :
certbot --apache -d mail.acupuncture-nantes.fr
--> We were unable to find a vhost with a ServerName or Address of mail.acupuncture-nantes.fr.

(though i don't need a mail vhost...)

What did I do wrong ?

Ok i got it working.

As I said, I removed the mail subdomain from the apache conf file.
Then I created a new vhost in its own conf file for the mail subdomain (which i redirected to my roundcube interface, so it proved useful in the end).
Then i created its single certificate mail.acupuncture-nantes.fr
Then i re-created all the other certificates for all my vhosts with certbot --apache.

Now it works.
Thanks !

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.