Problems renewing Let's Encrypt Certificate

MikeMcQ · October 4, 2022, 2:09pm

keith looks fine. What is contents of n8

/etc/apache2/sites-available/n8.conf

erik1 · October 4, 2022, 2:11pm

this was a test (once), I'll delete that site

is it ok to do a2dissite n8.conf?

MikeMcQ · October 4, 2022, 2:12pm

Yes, if it is not used that is good idea.

To the next one. What is this

/etc/apache2/sites-available/nietmetmij-le-ssl.conf

erik1 · October 4, 2022, 2:15pm

that file is empty now (it says 0 bytes, it wasn't empty a couple hours ago) I don't know what I did wrong,
but the site is not working anymore atm, probably because the apache restart I did, just before you said shoudn't restart (yet).

MikeMcQ · October 4, 2022, 2:18pm

No, the restart should not have done that. Could you have spelled it wrong?
What does this show?

ls -l /etc/apache2/sites-available/n*

erik1 · October 4, 2022, 2:23pm

no, because I'm using Midnight Commander, I really see the files in the folder (and nietmetmij-le-ssl.conf sais 0 bytes)

erik1 · October 4, 2022, 2:24pm

Your command says:

-rw-r--r-- 1 root root 1846 mrt 21 2022 /etc/apache2/sites-available/n8.conf
-rw-r--r-- 1 root root 2084 mrt 17 2022 /etc/apache2/sites-available/nietmetmij.conf
-rw-r--r-- 1 root root 0 okt 4 15:14 /etc/apache2/sites-available/nietmetmij-le-ssl.conf

MikeMcQ · October 4, 2022, 2:27pm

Do you have a backup of that file? Because it was not zero bytes about an hour ago in your post #7. Apache does not update config files it only reads them.

Also, you previously had a file named notariaatnijlen.conf. That now seems missing. Did you do that on purpose?

erik1 · October 4, 2022, 2:28pm

that notariaatfile is a copy/paste so I didn't paste it in the last post

erik1 · October 4, 2022, 2:28pm

but, in the meantime I created a nietmetmij-le-ssl.conf
(a mix od nietmetmij.conf and keith-le-ssl.conf )

erik1 · October 4, 2022, 2:29pm


<IfModule mod_ssl.c>
<VirtualHost *:443>

        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerName nietmetmij.be
        ServerAlias www.nietmetmij.be
        DocumentRoot /var/www/nietmetmij

        WSGIScriptAlias / /var/www/nietmetmij/flask/my_flask_app.wsgi

        <Directory /var/www/nietmetmij/flask/>
                Options FollowSymLinks
                AllowOverride None
                Require all granted
        </Directory>

        <Directory /var/www/nietmetmij/cgi-bin>
            Options ExecCGI
            SetHandler cgi-script
        </Directory>

        <Directory /var/www/nietmetmij>
            Options +ExecCGI
            AddHandler cgi-script .py
        </Directory>


        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf

RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.

# RewriteCond %{SERVER_NAME} =nietmetmij.be [OR]
# RewriteCond %{SERVER_NAME} =www.nietmetmij.be
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/nietmetmij.be/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/nietmetmij.be/privkey.pem


</VirtualHost>
</IfModule>

MikeMcQ · October 4, 2022, 2:33pm

OK, good you recovered the file but the cert file names are wrong. If you look back at the certbot certificates output this cert has a "-0001" in the name. So, you need to change these to:

SSLCertificateFile /etc/letsencrypt/live/nietmetmij.be-0001/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/nietmetmij.be-0001/privkey.pem

Something must have gone slightly wrong when creating certs for this domain earlier. I am not worried about that right now. Just want to get your sites running right now. We might come back to that later.

When that is done, please show contents of

/etc/apache2/sites-available/notariaatnijlen.conf

Want to see this even though it has no cert. Want to ensure no interference with others.

erik1 · October 4, 2022, 2:35pm

I'll
adissite notariaat.conf too

MikeMcQ · October 4, 2022, 2:37pm

OK for notaria, just the last one and we'll test config

Show:

/etc/apache2/sites-available/vectrex-le-ssl.conf

erik1 · October 4, 2022, 2:37pm

a2dissite notariaat.conf is done and the

-0001 was added in the nietmetmij-le-ssl.conf

erik1 · October 4, 2022, 2:38pm

again, vectrex-le-ssl.conf is an empty file !
(it seems my computer knows what was important for me and decided to delete these files, well not delete, but they are empty ..)

MikeMcQ · October 4, 2022, 2:39pm

OK, well, I guess you need to make that one too. Ouch. I'll wait

erik1 · October 4, 2022, 2:44pm


<IfModule mod_ssl.c>
<VirtualHost *:443>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerName vectrex.be
        ServerAlias www.vectrex.be
        DocumentRoot /var/www/vectrex

        <Directory /var/www/vectrex>
            DirectoryIndex index.html
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>

        <Directory /var/www/vectrex/cgi-bin>
            Options ExecCGI
            SetHandler cgi-script
        </Directory>

        <Directory /var/www/vectrex>
            Options +ExecCGI
            AddHandler cgi-script .py
        </Directory>


        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
RewriteEngine on

RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.

# RewriteCond %{SERVER_NAME} =vectrex.be [OR]
# RewriteCond %{SERVER_NAME} =www.vectrex.be
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]


Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/vectrex.be/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/vectrex.be/privkey.pem
</VirtualHost>
</IfModule>

MikeMcQ · October 4, 2022, 2:45pm

Hurray! Looks good. Now let's see if the config is OK. Still, do not restart Apache yet though. Just this test.

sudo apache2ctl -t -D DUMP_VHOSTS

erik1 · October 4, 2022, 2:47pm

root@h2955757:/etc/apache2/sites-available# sudo apache2ctl -t -D DUMP_VHOSTS
VirtualHost configuration:
*:443 is a NameVirtualHost
default server blijf-in-uw-kot.be (/etc/apache2/sites-enabled/biuk-le-ssl.conf:2)
port 443 namevhost blijf-in-uw-kot.be (/etc/apache2/sites-enabled/biuk-le-ssl.conf:2)
alias www.blijf-in-uw-kot.be
port 443 namevhost keith.be (/etc/apache2/sites-enabled/keith-ssl.conf:2)
alias www.keith.be
port 443 namevhost nietmetmij.be (/etc/apache2/sites-enabled/nietmetmij-le-ssl.conf:2)
alias www.nietmetmij.be
port 443 namevhost vectrex.be (/etc/apache2/sites-enabled/vectrex-le-ssl.conf:2)
alias www.vectrex.be
*:80 is a NameVirtualHost
default server h2955757.stratoserver.net (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost h2955757.stratoserver.net (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost blijf-in-uw-kot.be (/etc/apache2/sites-enabled/biuk.conf:1)
alias www.blijf-in-uw-kot.be
port 80 namevhost nietmetmij.be (/etc/apache2/sites-enabled/nietmetmij.conf:1)
alias www.nietmetmij.be
port 80 namevhost vectrex.be (/etc/apache2/sites-enabled/vectrex.conf:1)
alias www.vectrex.be