Problem with certificate renewal after domain cancellation

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: https://heitara.de/

  1. I ran this command: $ sudo certbot renew --dry-run
    It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/heitara.de.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for kunert.pro
http-01 challenge for www.kunert.pro
http-01 challenge for heitara.com
http-01 challenge for heitara.de
http-01 challenge for www.heitara.com
http-01 challenge for www.heitara.de
Waiting for verification...
Challenge failed for domain kunert.pro
Challenge failed for domain www.kunert.pro
http-01 challenge for kunert.pro
http-01 challenge for www.kunert.pro
Cleaning up challenges
Attempting to renew cert (heitara.de) from /etc/letsencrypt/renewal/heitara.de.conf produced an unexpected error: Some challenges have failed.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/heitara.de/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/heitara.de/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: kunert.pro
   Type:   dns
   Detail: DNS problem: NXDOMAIN looking up A for kunert.pro - check
   that a DNS record exists for this domain; DNS problem: NXDOMAIN
   looking up AAAA for kunert.pro - check that a DNS record exists for
   this domain

   Domain: www.kunert.pro
   Type:   dns
   Detail: DNS problem: NXDOMAIN looking up A for www.kunert.pro -
   check that a DNS record exists for this domain; DNS problem:
   NXDOMAIN looking up AAAA for www.kunert.pro - check that a DNS
   record exists for this domain
  1. I ran this command: $ sudo certbot delete
    It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which certificate(s) would you like to delete?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: heitara.de
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
  1. I ran this command: $ sudo ls /etc/apache2/sites-enabled/
    It produced this output:
heitara.com.conf         heitara.de.conf         kunert.pro.conf
heitara.com-le-ssl.conf  heitara.de-le-ssl.conf  kunert.pro-le-ssl.conf
  1. I ran this command: $ sudo a2dissite /etc/apache2/sites-enabled/kunert.pro.conf
    It produced this output:
ERROR: Site /etc/apache2/sites-enabled/kunert.pro does not exist!
  1. I ran this command: $ sudo a2dissite /etc/apache2/sites-enabled/kunert.pro-le-ssl.conf
    It produced this output:
ERROR: Site /etc/apache2/sites-enabled/kunert.pro-le-ssl does not exist!
  1. I ran this command: $ apache2ctl -t
    It produced this output:
AH00526: Syntax error on line 49 of /etc/apache2/sites-enabled/heitara.com-le-ssl.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/heitara.de/fullchain.pem' does not exist or is empty
Action '-t' failed.
The Apache error log may have more information.
  1. I ran this command: $ sudo certbot delete --cert-name kunert.pro
    It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
No certificate found with name kunert.pro (expected /etc/letsencrypt/renewal/kunert.pro.conf).
  1. I ran this command: $ apache2ctl configtest
    It produced this output:
 AH00526: Syntax error on line 49 of /etc/apache2/sites-enabled/heitara.com-le-ssl.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/heitara.de/fullchain.pem' does not exist or is empty
Action 'configtest' failed.
The Apache error log may have more information.
  1. I ran this command: $ sudo systemctl restart apache2
    It produced this output: (no output)

  2. I ran this command: sudo systemctl status apache2
    It produced this output:

● apache2.service - The Apache HTTP Server
     Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor prese>
     Active: active (running) since Tue 2022-02-15 10:47:46 CET; 57s ago
       Docs: https://httpd.apache.org/docs/2.4/
    Process: 258441 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/>
   Main PID: 258457 (apache2)
      Tasks: 36 (limit: 36046)
     Memory: 119.8M
     CGroup: /system.slice/apache2.service
             ├─258457 /usr/sbin/apache2 -k start
             ├─258458 /usr/sbin/apache2 -k start
             ├─258459 /usr/sbin/apache2 -k start
             ├─258460 /usr/sbin/apache2 -k start
             ├─258461 /usr/sbin/apache2 -k start
             ├─258466 /usr/sbin/apache2 -k start
             ├─258483 /usr/sbin/apache2 -k start
             └─258493 /usr/sbin/apache2 -k start

Feb 15 10:47:46 vmd54795.contaboserver.net systemd[1]: Starting The Apache HTTP>
Feb 15 10:47:46 vmd54795.contaboserver.net systemd[1]: Started The Apache HTTP >
lines 1-20/20 (END)

My web server is (include version): Apache/2.4.41 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 20.04.3 LTS

My hosting provider, if applicable, is: https://contabo.com/, (VPS)

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.40.0

########################################################

Dear valued Let'sEncrypt community,

today I received an reminder by e-mail, that the awarded certificates of my webserver will expire on on 26 Feb 22 12:43, although the automatical renewal process has been setup.

The automatic certificate renewal has been running successfully and without problems since 2019.

Two websites have been running on the server so far. 1. 'heitara.de' and 2. 'kunert.pro'. Further a 301-redirect to 'heitara.de' has been set up for the domain heitara.com.

At the end of 2021 I canceled the domain contract for the domain 'kunert.pro', but without doing any changes at the server, e.g. removing the domain 'kunert.pro' from the virtual hosts. The domain expired silently.

The last system update followed by a restart of the server was carried out on January 21, 2022. Also without problems.

As of today I received the above mentioned email and ran the above listed commands to determine the cause of the error. The reminder e-mail contains the following domains:

[...]
'heitara.com'
'heitara.de'
'kunert.pro'
'www.heitara.com'
'www.heitara.de'
'www.kunert.pro'
[...]

I suspect that it has something to do with the canceled domain 'kunert.pro', but I can't find a corresponding solution in the forum.

My goal is to renew the certificate for the domain heitara.de. The domain 'kunert.pro' is no longer required and a certificate is not longer required.

Finally I ran the commands $ sudo a2dissite kunert.pro.conf && sudo a2dissite kunert.pro-le-ssl.conf. This finally worked for the first time.

I would be very grateful for any support in this matter. If you need any further informations or outputs of the system, please let me know.

Thank you in advance and best regards
Matthias

1 Like

Meanwhile I succesfully ran this command: $ sudo certbot certonly --apache -d heitara.de -d www.heitara.de -d heitara.com -d www.heitara.com

It produced this output: (dry-run output)

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Cert not due for renewal, but simulating renewal for dry run
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for heitara.com
http-01 challenge for heitara.de
http-01 challenge for www.heitara.com
http-01 challenge for www.heitara.de
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - The dry run was successful.

The problem is, that when I now run the command $ sudo certbot renew --dry-run that certbot is trying to get new certificates for all domains as before:

http-01 challenge for heitara.com
http-01 challenge for heitara.de
http-01 challenge for kunert.pro
http-01 challenge for www.heitara.com
http-01 challenge for www.heitara.de
http-01 challenge for www.kunert.pro

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/heitara.de-0001.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for heitara.com
http-01 challenge for heitara.de
http-01 challenge for www.heitara.com
http-01 challenge for www.heitara.de
Waiting for verification...
Cleaning up challenges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/heitara.de-0001/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/heitara.de.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for kunert.pro
http-01 challenge for www.kunert.pro
http-01 challenge for heitara.com
http-01 challenge for heitara.de
http-01 challenge for www.heitara.com
http-01 challenge for www.heitara.de
Waiting for verification...
Challenge failed for domain kunert.pro
Challenge failed for domain www.kunert.pro
http-01 challenge for kunert.pro
http-01 challenge for www.kunert.pro
Cleaning up challenges
Attempting to renew cert (heitara.de) from /etc/letsencrypt/renewal/heitara.de.conf produced an unexpected error: Some challenges have failed.. Skipping.
The following certs could not be renewed:
  /etc/letsencrypt/live/heitara.de/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

The following certs were successfully renewed:
  /etc/letsencrypt/live/heitara.de-0001/fullchain.pem (success)

The following certs could not be renewed:
  /etc/letsencrypt/live/heitara.de/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: kunert.pro
   Type:   dns
   Detail: DNS problem: NXDOMAIN looking up A for kunert.pro - check
   that a DNS record exists for this domain; DNS problem: NXDOMAIN
   looking up AAAA for kunert.pro - check that a DNS record exists for
   this domain

   Domain: www.kunert.pro
   Type:   dns
   Detail: DNS problem: NXDOMAIN looking up A for www.kunert.pro -
   check that a DNS record exists for this domain; DNS problem:
   NXDOMAIN looking up AAAA for www.kunert.pro - check that a DNS
   record exists for this domain
1 Like

Welcome to the Let's Encrypt Community, Matthias :slightly_smiling_face:

We'll get you back on track. :smiley:

Please run the following command first:

sudo apachectl -k graceful

What are the outputs of the following commands:

sudo certbot certificates
sudo ls -lRa /etc/letsencrypt
sudo ls -lRa /etc/apache2/sites-available
sudo ls -lRa /etc/apache2/sites-enabled
sudo cat /etc/apache2/sites-enabled/heitara.de.conf
sudo cat /etc/apache2/sites-enabled/heitara.com.conf
sudo cat /etc/apache2/sites-enabled/heitara.de-le-ssl.conf
sudo cat /etc/apache2/sites-enabled/heitara.com-le-ssl.conf

Please put 3 backticks above and below each output, like this:

```
output
```

3 Likes

This fix would be very straightforward if it weren't for the missing certificate files, which will cause apache to choke. I want to be sure you have the optimal setup so you don't run into future issues.

3 Likes

Dear Griffin,

thank you very much for your quick reply and your willingness to help. I ran your commands as follows:

  1. I ran this command: $ sudo apachectl -k graceful
    It produced this output: (no output)

  2. I ran this command: $ sudo certbot certificates
    It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: heitara.de-0001
    Domains: heitara.de heitara.com www.heitara.com www.heitara.de
    Expiry Date: 2022-05-16 09:47:57+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/heitara.de-0001/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/heitara.de-0001/privkey.pem
  Certificate Name: heitara.de
    Domains: heitara.com heitara.de kunert.pro www.heitara.com www.heitara.de www.kunert.pro
    Expiry Date: 2022-02-26 12:43:45+00:00 (VALID: 11 days)
    Certificate Path: /etc/letsencrypt/live/heitara.de/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/heitara.de/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  1. I ran this command: $ sudo ls -lRa /etc/letsencrypt
    It produced this output:
total 48
drwxr-xr-x  9 root root 4096 Feb 15 12:34 .
drwxr-xr-x 94 root root 4096 Jan 21 11:41 ..
drwxr-xr-x  4 root root 4096 May 30  2020 accounts
drwx------  4 root root 4096 Feb 15 11:48 archive
-rw-r--r--  1 root root  121 May 26  2018 cli.ini
drwxr-xr-x  2 root root 4096 Feb 15 11:47 csr
drwx------  2 root root 4096 Feb 15 11:47 keys
drwx------  4 root root 4096 Feb 15 11:48 live
-rw-r--r--  1 root root 1619 May 30  2020 options-ssl-apache.conf
drwxr-xr-x  2 root root 4096 Feb 15 11:48 renewal
drwxr-xr-x  5 root root 4096 May 30  2020 renewal-hooks
-rw-r--r--  1 root root   64 May 30  2020 .updated-options-ssl-apache-conf-digest.txt

/etc/letsencrypt/accounts:
total 16
drwxr-xr-x 4 root root 4096 May 30  2020 .
drwxr-xr-x 9 root root 4096 Feb 15 12:34 ..
drwxr-xr-x 3 root root 4096 May 30  2020 acme-staging-v02.api.letsencrypt.org
drwxr-xr-x 3 root root 4096 May 30  2020 acme-v02.api.letsencrypt.org

/etc/letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org:
total 12
drwxr-xr-x 3 root root 4096 May 30  2020 .
drwxr-xr-x 4 root root 4096 May 30  2020 ..
drwx------ 3 root root 4096 May 30  2020 directory

/etc/letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org/directory:
total 12
drwx------ 3 root root 4096 May 30  2020 .
drwxr-xr-x 3 root root 4096 May 30  2020 ..
drwx------ 2 root root 4096 May 30  2020 38662a0c78d3b737a2aff665743da907

/etc/letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org/directory/38662a0c78d3b737a2aff665743da907:
total 20
drwx------ 2 root root 4096 May 30  2020 .
drwx------ 3 root root 4096 May 30  2020 ..
-rw-r--r-- 1 root root   86 May 30  2020 meta.json
-r-------- 1 root root 1632 May 30  2020 private_key.json
-rw-r--r-- 1 root root   86 May 30  2020 regr.json

/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org:
total 12
drwxr-xr-x 3 root root 4096 May 30  2020 .
drwxr-xr-x 4 root root 4096 May 30  2020 ..
drwx------ 3 root root 4096 May 30  2020 directory

/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory:
total 12
drwx------ 3 root root 4096 May 30  2020 .
drwxr-xr-x 3 root root 4096 May 30  2020 ..
drwx------ 2 root root 4096 May 30  2020 b4bb55f5ca4bcd9d5d14534d032b5718

/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/b4bb55f5ca4bcd9d5d14534d032b5718:
total 20
drwx------ 2 root root 4096 May 30  2020 .
drwx------ 3 root root 4096 May 30  2020 ..
-rw-r--r-- 1 root root   86 May 30  2020 meta.json
-r-------- 1 root root 1632 May 30  2020 private_key.json
-rw-r--r-- 1 root root   78 May 30  2020 regr.json

/etc/letsencrypt/archive:
total 16
drwx------ 4 root root 4096 Feb 15 11:48 .
drwxr-xr-x 9 root root 4096 Feb 15 12:34 ..
drwxr-xr-x 2 root root 4096 Nov 28 14:43 heitara.de
drwxr-xr-x 2 root root 4096 Feb 15 11:48 heitara.de-0001

/etc/letsencrypt/archive/heitara.de:
total 200
drwxr-xr-x 2 root root 4096 Nov 28 14:43 .
drwx------ 4 root root 4096 Feb 15 11:48 ..
-rw-r--r-- 1 root root 1931 Sep 29 16:12 cert10.pem
-rw-r--r-- 1 root root 1935 Nov 28 14:43 cert11.pem
-rw-r--r-- 1 root root 1956 May 30  2020 cert1.pem
-rw-r--r-- 1 root root 1956 Jul 29  2020 cert2.pem
-rw-r--r-- 1 root root 1996 Aug  3  2020 cert3.pem
-rw-r--r-- 1 root root 2000 Oct  2  2020 cert4.pem
-rw-r--r-- 1 root root 2000 Dec  1  2020 cert5.pem
-rw-r--r-- 1 root root 1931 Jan 31  2021 cert6.pem
-rw-r--r-- 1 root root 1931 Apr  1  2021 cert7.pem
-rw-r--r-- 1 root root 1931 May 31  2021 cert8.pem
-rw-r--r-- 1 root root 1931 Jul 31  2021 cert9.pem
-rw-r--r-- 1 root root 3750 Sep 29 16:12 chain10.pem
-rw-r--r-- 1 root root 3750 Nov 28 14:43 chain11.pem
-rw-r--r-- 1 root root 1647 May 30  2020 chain1.pem
-rw-r--r-- 1 root root 1647 Jul 29  2020 chain2.pem
-rw-r--r-- 1 root root 1647 Aug  3  2020 chain3.pem
-rw-r--r-- 1 root root 1647 Oct  2  2020 chain4.pem
-rw-r--r-- 1 root root 1647 Dec  1  2020 chain5.pem
-rw-r--r-- 1 root root 1586 Jan 31  2021 chain6.pem
-rw-r--r-- 1 root root 1586 Apr  1  2021 chain7.pem
-rw-r--r-- 1 root root 3750 May 31  2021 chain8.pem
-rw-r--r-- 1 root root 3750 Jul 31  2021 chain9.pem
-rw-r--r-- 1 root root 5681 Sep 29 16:12 fullchain10.pem
-rw-r--r-- 1 root root 5685 Nov 28 14:43 fullchain11.pem
-rw-r--r-- 1 root root 3603 May 30  2020 fullchain1.pem
-rw-r--r-- 1 root root 3603 Jul 29  2020 fullchain2.pem
-rw-r--r-- 1 root root 3643 Aug  3  2020 fullchain3.pem
-rw-r--r-- 1 root root 3647 Oct  2  2020 fullchain4.pem
-rw-r--r-- 1 root root 3647 Dec  1  2020 fullchain5.pem
-rw-r--r-- 1 root root 3517 Jan 31  2021 fullchain6.pem
-rw-r--r-- 1 root root 3517 Apr  1  2021 fullchain7.pem
-rw-r--r-- 1 root root 5681 May 31  2021 fullchain8.pem
-rw-r--r-- 1 root root 5681 Jul 31  2021 fullchain9.pem
-rw------- 1 root root 1708 Sep 29 16:12 privkey10.pem
-rw------- 1 root root 1704 Nov 28 14:43 privkey11.pem
-rw------- 1 root root 1704 May 30  2020 privkey1.pem
-rw------- 1 root root 1704 Jul 29  2020 privkey2.pem
-rw------- 1 root root 1704 Aug  3  2020 privkey3.pem
-rw------- 1 root root 1704 Oct  2  2020 privkey4.pem
-rw------- 1 root root 1704 Dec  1  2020 privkey5.pem
-rw------- 1 root root 1708 Jan 31  2021 privkey6.pem
-rw------- 1 root root 1704 Apr  1  2021 privkey7.pem
-rw------- 1 root root 1708 May 31  2021 privkey8.pem
-rw------- 1 root root 1704 Jul 31  2021 privkey9.pem

/etc/letsencrypt/archive/heitara.de-0001:
total 28
drwxr-xr-x 2 root root 4096 Feb 15 11:48 .
drwx------ 4 root root 4096 Feb 15 11:48 ..
-rw-r--r-- 1 root root 1895 Feb 15 11:48 cert1.pem
-rw-r--r-- 1 root root 3750 Feb 15 11:48 chain1.pem
-rw-r--r-- 1 root root 5645 Feb 15 11:48 fullchain1.pem
-rw------- 1 root root 1704 Feb 15 11:48 privkey1.pem

/etc/letsencrypt/csr:
total 204
drwxr-xr-x 2 root root 4096 Feb 15 11:47 .
drwxr-xr-x 9 root root 4096 Feb 15 12:34 ..
-rw-r--r-- 1 root root  976 May 30  2020 0000_csr-certbot.pem
-rw-r--r-- 1 root root  976 Jul 29  2020 0001_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Aug  3  2020 0002_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Oct  2  2020 0003_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Dec  1  2020 0004_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Jan 31  2021 0005_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Apr  1  2021 0006_csr-certbot.pem
-rw-r--r-- 1 root root 1017 May 31  2021 0007_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Jul 31  2021 0008_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Sep 29 16:12 0009_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Nov 28 14:43 0010_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Jan 27 13:49 0011_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Jan 28 09:16 0012_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Jan 28 19:02 0013_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Jan 29 05:00 0014_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Jan 29 13:17 0015_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Jan 30 06:00 0016_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Jan 30 12:47 0017_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Jan 31 09:28 0018_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Jan 31 21:26 0019_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Feb  1 09:57 0020_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Feb  1 15:02 0021_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Feb  2 12:03 0022_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Feb  2 19:02 0023_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Feb  3 05:17 0024_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Feb  3 14:00 0025_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Feb  4 01:11 0026_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Feb  4 21:10 0027_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Feb  5 11:07 0028_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Feb  5 13:04 0029_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Feb  6 16:56 0030_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Feb  7 11:50 0031_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Feb  7 19:16 0032_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Feb  8 04:44 0033_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Feb  8 14:54 0034_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Feb  9 11:58 0035_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Feb  9 16:07 0036_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Feb 10 02:55 0037_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Feb 10 13:59 0038_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Feb 11 06:25 0039_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Feb 11 21:17 0040_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Feb 12 08:00 0041_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Feb 12 16:01 0042_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Feb 13 00:05 0043_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Feb 13 20:12 0044_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Feb 14 09:31 0045_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Feb 14 21:36 0046_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Feb 15 00:16 0047_csr-certbot.pem
-rw-r--r-- 1 root root  980 Feb 15 11:47 0048_csr-certbot.pem

/etc/letsencrypt/keys:
total 204
drwx------ 2 root root 4096 Feb 15 11:47 .
drwxr-xr-x 9 root root 4096 Feb 15 12:34 ..
-rw------- 1 root root 1704 May 30  2020 0000_key-certbot.pem
-rw------- 1 root root 1704 Jul 29  2020 0001_key-certbot.pem
-rw------- 1 root root 1704 Aug  3  2020 0002_key-certbot.pem
-rw------- 1 root root 1704 Oct  2  2020 0003_key-certbot.pem
-rw------- 1 root root 1704 Dec  1  2020 0004_key-certbot.pem
-rw------- 1 root root 1708 Jan 31  2021 0005_key-certbot.pem
-rw------- 1 root root 1704 Apr  1  2021 0006_key-certbot.pem
-rw------- 1 root root 1708 May 31  2021 0007_key-certbot.pem
-rw------- 1 root root 1704 Jul 31  2021 0008_key-certbot.pem
-rw------- 1 root root 1708 Sep 29 16:12 0009_key-certbot.pem
-rw------- 1 root root 1704 Nov 28 14:43 0010_key-certbot.pem
-rw------- 1 root root 1704 Jan 27 13:49 0011_key-certbot.pem
-rw------- 1 root root 1704 Jan 28 09:16 0012_key-certbot.pem
-rw------- 1 root root 1704 Jan 28 19:02 0013_key-certbot.pem
-rw------- 1 root root 1704 Jan 29 05:00 0014_key-certbot.pem
-rw------- 1 root root 1708 Jan 29 13:17 0015_key-certbot.pem
-rw------- 1 root root 1708 Jan 30 06:00 0016_key-certbot.pem
-rw------- 1 root root 1704 Jan 30 12:47 0017_key-certbot.pem
-rw------- 1 root root 1708 Jan 31 09:28 0018_key-certbot.pem
-rw------- 1 root root 1704 Jan 31 21:26 0019_key-certbot.pem
-rw------- 1 root root 1704 Feb  1 09:57 0020_key-certbot.pem
-rw------- 1 root root 1704 Feb  1 15:02 0021_key-certbot.pem
-rw------- 1 root root 1704 Feb  2 12:03 0022_key-certbot.pem
-rw------- 1 root root 1708 Feb  2 19:02 0023_key-certbot.pem
-rw------- 1 root root 1708 Feb  3 05:17 0024_key-certbot.pem
-rw------- 1 root root 1704 Feb  3 14:00 0025_key-certbot.pem
-rw------- 1 root root 1704 Feb  4 01:11 0026_key-certbot.pem
-rw------- 1 root root 1704 Feb  4 21:10 0027_key-certbot.pem
-rw------- 1 root root 1704 Feb  5 11:07 0028_key-certbot.pem
-rw------- 1 root root 1704 Feb  5 13:04 0029_key-certbot.pem
-rw------- 1 root root 1708 Feb  6 16:56 0030_key-certbot.pem
-rw------- 1 root root 1704 Feb  7 11:50 0031_key-certbot.pem
-rw------- 1 root root 1704 Feb  7 19:16 0032_key-certbot.pem
-rw------- 1 root root 1708 Feb  8 04:44 0033_key-certbot.pem
-rw------- 1 root root 1704 Feb  8 14:54 0034_key-certbot.pem
-rw------- 1 root root 1704 Feb  9 11:58 0035_key-certbot.pem
-rw------- 1 root root 1704 Feb  9 16:07 0036_key-certbot.pem
-rw------- 1 root root 1704 Feb 10 02:55 0037_key-certbot.pem
-rw------- 1 root root 1704 Feb 10 13:59 0038_key-certbot.pem
-rw------- 1 root root 1704 Feb 11 06:25 0039_key-certbot.pem
-rw------- 1 root root 1704 Feb 11 21:17 0040_key-certbot.pem
-rw------- 1 root root 1704 Feb 12 08:00 0041_key-certbot.pem
-rw------- 1 root root 1704 Feb 12 16:01 0042_key-certbot.pem
-rw------- 1 root root 1704 Feb 13 00:05 0043_key-certbot.pem
-rw------- 1 root root 1704 Feb 13 20:12 0044_key-certbot.pem
-rw------- 1 root root 1704 Feb 14 09:31 0045_key-certbot.pem
-rw------- 1 root root 1704 Feb 14 21:36 0046_key-certbot.pem
-rw------- 1 root root 1704 Feb 15 00:16 0047_key-certbot.pem
-rw------- 1 root root 1704 Feb 15 11:47 0048_key-certbot.pem

/etc/letsencrypt/live:
total 20
drwx------ 4 root root 4096 Feb 15 11:48 .
drwxr-xr-x 9 root root 4096 Feb 15 12:34 ..
drwxr-xr-x 2 root root 4096 Nov 28 14:43 heitara.de
drwxr-xr-x 2 root root 4096 Feb 15 11:48 heitara.de-0001
-rw-r--r-- 1 root root  740 May 30  2020 README

/etc/letsencrypt/live/heitara.de:
total 12
drwxr-xr-x 2 root root 4096 Nov 28 14:43 .
drwx------ 4 root root 4096 Feb 15 11:48 ..
lrwxrwxrwx 1 root root   35 Nov 28 14:43 cert.pem -> ../../archive/heitara.de/cert11.pem
lrwxrwxrwx 1 root root   36 Nov 28 14:43 chain.pem -> ../../archive/heitara.de/chain11.pem
lrwxrwxrwx 1 root root   40 Nov 28 14:43 fullchain.pem -> ../../archive/heitara.de/fullchain11.pem
lrwxrwxrwx 1 root root   38 Nov 28 14:43 privkey.pem -> ../../archive/heitara.de/privkey11.pem
-rw-r--r-- 1 root root  692 May 30  2020 README

/etc/letsencrypt/live/heitara.de-0001:
total 12
drwxr-xr-x 2 root root 4096 Feb 15 11:48 .
drwx------ 4 root root 4096 Feb 15 11:48 ..
lrwxrwxrwx 1 root root   39 Feb 15 11:48 cert.pem -> ../../archive/heitara.de-0001/cert1.pem
lrwxrwxrwx 1 root root   40 Feb 15 11:48 chain.pem -> ../../archive/heitara.de-0001/chain1.pem
lrwxrwxrwx 1 root root   44 Feb 15 11:48 fullchain.pem -> ../../archive/heitara.de-0001/fullchain1.pem
lrwxrwxrwx 1 root root   42 Feb 15 11:48 privkey.pem -> ../../archive/heitara.de-0001/privkey1.pem
-rw-r--r-- 1 root root  692 Feb 15 11:48 README

/etc/letsencrypt/renewal:
total 16
drwxr-xr-x 2 root root 4096 Feb 15 11:48 .
drwxr-xr-x 9 root root 4096 Feb 15 12:34 ..
-rw-r--r-- 1 root root  534 Feb 15 11:48 heitara.de-0001.conf
-rw-r--r-- 1 root root  509 Nov 28 14:43 heitara.de.conf

/etc/letsencrypt/renewal-hooks:
total 20
drwxr-xr-x 5 root root 4096 May 30  2020 .
drwxr-xr-x 9 root root 4096 Feb 15 12:34 ..
drwxr-xr-x 2 root root 4096 May 30  2020 deploy
drwxr-xr-x 2 root root 4096 May 30  2020 post
drwxr-xr-x 2 root root 4096 May 30  2020 pre

/etc/letsencrypt/renewal-hooks/deploy:
total 8
drwxr-xr-x 2 root root 4096 May 30  2020 .
drwxr-xr-x 5 root root 4096 May 30  2020 ..

/etc/letsencrypt/renewal-hooks/post:
total 8
drwxr-xr-x 2 root root 4096 May 30  2020 .
drwxr-xr-x 5 root root 4096 May 30  2020 ..

/etc/letsencrypt/renewal-hooks/pre:
total 8
drwxr-xr-x 2 root root 4096 May 30  2020 .
drwxr-xr-x 5 root root 4096 May 30  2020 ..
  1. I ran this command: $ sudo ls -lRa /etc/apache2/sites-available
    It produced this output:
total 44
drwxr-xr-x 2 root root 4096 Feb 15 12:09 .
drwxr-xr-x 8 root root 4096 Feb 15 12:09 ..
-rw-r--r-- 1 root root 1332 Apr 13  2020 000-default.conf
-rw-r--r-- 1 root root 6338 Apr 13  2020 default-ssl.conf
-rw-r--r-- 1 root root 1806 Aug  3  2020 heitara.com.conf
-rw-r--r-- 1 root root 2107 Aug  3  2020 heitara.com-le-ssl.conf
-rw-r--r-- 1 root root 1757 May 30  2020 heitara.de.conf
-rw-r--r-- 1 root root 1753 Aug  3  2020 heitara.de-le-ssl.conf
-rw-r--r-- 1 root root 1658 May 30  2020 kunert.pro.conf
-rw-r--r-- 1 root root 1654 Aug  3  2020 kunert.pro-le-ssl.conf
  1. I ran this command: $ sudo ls -lRa /etc/apache2/sites-enabled
    It produced this output:
total 8
drwxr-xr-x 2 root root 4096 Feb 15 10:14 .
drwxr-xr-x 8 root root 4096 Feb 15 12:09 ..
lrwxrwxrwx 1 root root   35 Aug  3  2020 heitara.com.conf -> ../sites-available/heitara.com.conf
lrwxrwxrwx 1 root root   52 Aug  3  2020 heitara.com-le-ssl.conf -> /etc/apache2/sites-available/heitara.com-le-ssl.conf
lrwxrwxrwx 1 root root   34 May 30  2020 heitara.de.conf -> ../sites-available/heitara.de.conf
lrwxrwxrwx 1 root root   51 May 30  2020 heitara.de-le-ssl.conf -> /etc/apache2/sites-available/heitara.de-le-ssl.conf
  1. I ran this command: $ sudo cat /etc/apache2/sites-enabled/heitara.de.conf
    It produced this output:
<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        ServerName www.heitara.de
        ServerAlias heitara.de
        ServerAdmin webmaster@heitara.de
        DocumentRoot /var/www/vhosts/heitara.de/httpdocs/public

         <Directory /var/www/vhosts/heitara.de/httpdocs>
          Options Indexes FollowSymLinks MultiViews
          AllowOverride All
          Order allow,deny
          allow from all
         </Directory>

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/heitara.de-error.log
        CustomLog ${APACHE_LOG_DIR}/heitara.de-access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
RewriteEngine on
RewriteCond %{SERVER_NAME} =heitara.de [OR]
RewriteCond %{SERVER_NAME} =www.heitara.de
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
  1. I ran this command: $ sudo cat /etc/apache2/sites-enabled/heitara.com.conf
    It produced this output:
<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        ServerName www.heitara.com
        ServerAlias heitara.com
        ServerAdmin webmaster@heitara.com
#       DocumentRoot /var/www/vhosts/heitara.com/httpdocs
        Redirect 301 / https://heitara.de/

#        <Directory /var/www/vhosts/heitara.com/httpdocs>
#         Options Indexes FollowSymLinks MultiViews
#         AllowOverride All
#         Order allow,deny
#         allow from all
#        </Directory>

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/heitara.com-error.log
        CustomLog ${APACHE_LOG_DIR}/heitara.com-access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =heitara.com [OR]
#RewriteCond %{SERVER_NAME} =www.heitara.com
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
  1. I ran this command: $ sudo cat /etc/apache2/sites-enabled/heitara.de-le-ssl.conf
    It produced this output:
<IfModule mod_ssl.c>
<VirtualHost *:443>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        ServerName www.heitara.de
        ServerAlias heitara.de
        ServerAdmin webmaster@heitara.de
        DocumentRoot /var/www/vhosts/heitara.de/httpdocs/public

         <Directory /var/www/vhosts/heitara.de/httpdocs>
          Options Indexes FollowSymLinks MultiViews
          AllowOverride All
          Order allow,deny
          allow from all
         </Directory>

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/heitara.de-error.log
        CustomLog ${APACHE_LOG_DIR}/heitara.de-access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf


Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/heitara.de/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/heitara.de/privkey.pem
</VirtualHost>
</IfModule>
  1. I ran this command: $ sudo cat /etc/apache2/sites-enabled/heitara.com-le-ssl.conf
    It produced this output:
<IfModule mod_ssl.c>
<VirtualHost *:443>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        ServerName www.heitara.com
        ServerAlias heitara.com
        ServerAdmin webmaster@heitara.com
#       DocumentRoot /var/www/vhosts/heitara.com/httpdocs

        Redirect 301 / https://heitara.de/

         <Directory /var/www/vhosts/heitara.com/httpdocs>
          Options Indexes FollowSymLinks MultiViews
          AllowOverride All
          Order allow,deny
          allow from all
         </Directory>

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/heitara.com-error.log
        CustomLog ${APACHE_LOG_DIR}/heitara.com-access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.

# RewriteCond %{SERVER_NAME} =heitara.com [OR]
# RewriteCond %{SERVER_NAME} =www.heitara.com
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]


Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/heitara.de/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/heitara.de/privkey.pem
</VirtualHost>
</IfModule>

Thank you in advance.

Matthias

2 Likes

Thanks for that and you're quite welcome! :slightly_smiling_face:

Please edit you post and add the backticks that I mentioned. Without them, your VirtualHost contents get mangled by our community platform.

Update: Fantastic! Just a moment...

3 Likes

Do you intend to keep forwarding the com to the de or will the com eventually have its own content?

3 Likes

For now I would like the 'heitara.com'-domain to keep forwarding to the 'heitara.de' domain. The 'heitara.com' domain has no content of its own.

1 Like

Please run these commands:

sudo mkdir /etc/apache2/sites-available/old
sudo mv /etc/apache2/sites-available/*.conf /etc/apache2/sites-available/old
sudo a2dissite heitara.de-le-ssl.conf
sudo a2dissite heitara.com-le-ssl.conf

Please put these files into /etc/apache2/sites-available :

heitara.de.conf.txt (1.6 KB)

heitara.com.conf.txt (1.7 KB)

Please run these commands:

sudo mv /etc/apache2/sites-available/heitara.de.conf.txt /etc/apache2/sites-available/heitara.de.conf
sudo mv /etc/apache2/sites-available/heitara.com.conf.txt /etc/apache2/sites-available/heitara.com.conf
sudo apachectl -k graceful
sudo certbot delete --cert-name heitara.de
sudo certbot delete --cert-name heitara.de-0001
sudo rm /etc/letsencrypt/csr/*
sudo rm /etc/letsencrypt/keys/*
sudo certbot --apache -d "heitara.de,www.heitara.de"
sudo certbot --apache -d "heitara.com,www.heitara.com"
3 Likes

Looking good!

:smiley:

:partying_face:

3 Likes

Dear Griffin,

thank you very much. This really helped me a lot.

I copied the both *.txt-files by WinSCP as root into the directory /etc/apache2/sites-available

After that I executed all of the above mentioned commands in the given order.

sudo mkdir /etc/apache2/sites-available/old
sudo mv /etc/apache2/sites-available/*.conf /etc/apache2/sites-available/old
sudo a2dissite heitara.de-le-ssl.conf
sudo a2dissite heitara.com-le-ssl.conf
sudo mv /etc/apache2/sites-available/heitara.de.conf.txt /etc/apache2/sites-available/heitara.de.conf
sudo mv /etc/apache2/sites-available/heitara.com.conf.txt /etc/apache2/sites-available/heitara.com.conf
sudo apachectl -k graceful
sudo certbot delete --cert-name heitara.de
sudo certbot delete --cert-name heitara.de-0001
sudo rm /etc/letsencrypt/csr/*
sudo rm /etc/letsencrypt/keys/*
sudo certbot --apache -d "heitara.de,www.heitara.de"
sudo certbot --apache -d "heitara.com,www.heitara.com"

For the following commands I received an output:

I ran this command: $ sudo certbot delete --cert-name heitara.de
It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Deleted all files relating to certificate heitara.de.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
kunert@vmd54795:~$ sudo certbot delete --cert-name heitara.de-0001
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Deleted all files relating to certificate heitara.de-0001.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

I ran this command: $ sudo rm /etc/letsencrypt/keys/*
It produced this output:

'/etc/letsencrypt/keys/*': No such file or directory

I ran this command: $ sudo certbot --apache -d "heitara.de,www.heitara.de"
It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Created an SSL vhost at /etc/apache2/sites-available/heitara.de-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/heitara.de-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/heitara.de-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/heitara.de-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting vhost in /etc/apache2/sites-enabled/heitara.de.conf to ssl vhost in /etc/apache2/sites-available/heitara.de-le-ssl.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://heitara.de and
https://www.heitara.de

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=heitara.de
https://www.ssllabs.com/ssltest/analyze.html?d=www.heitara.de
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/heitara.de/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/heitara.de/privkey.pem
   Your cert will expire on 2022-05-16. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

I ran this command: $ sudo certbot --apache -d "heitara.com,www.heitara.com"
It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Created an SSL vhost at /etc/apache2/sites-available/heitara.com-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/heitara.com-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/heitara.com-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/heitara.com-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting vhost in /etc/apache2/sites-enabled/heitara.com.conf to ssl vhost in /etc/apache2/sites-available/heitara.com-le-ssl.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://heitara.com and
https://www.heitara.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=heitara.com
https://www.ssllabs.com/ssltest/analyze.html?d=www.heitara.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/heitara.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/heitara.com/privkey.pem
   Your cert will expire on 2022-05-16. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

When I now run this command: $ sudo certbot renew --dry-run
It produces this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/heitara.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for heitara.com
http-01 challenge for www.heitara.com
Waiting for verification...
Cleaning up challenges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/heitara.com/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/heitara.de.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for heitara.de
http-01 challenge for www.heitara.de
Waiting for verification...
Cleaning up challenges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/heitara.de/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/heitara.com/fullchain.pem (success)
  /etc/letsencrypt/live/heitara.de/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

The certificate has been succesfully renewed and the error messages have disappeared.

Is certbot auto-renewal working again now, or are there additional steps required?

Thank you in advance.

Best regards

Matthias

2 Likes

Auto-renewal is fully operational for both of your new certificates (heitara.de and heitara.com). :star:

3 Likes

Thank you very much for your kind support.

Have a nice day and stay healthy.

Matthias

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.