Please fill out the fields below so we can help you better.
My domain is:
condarelli.it
I ran this command:
certbot --apache --tls-sni-01-port 47443
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Which names would you like to activate HTTPS for?
1: home.condarelli.it
2: redmine.condarelli.it
3: redmine2.condarelli.it:47443
4: zerotier.condarelli.it
5: www.yourhost.com
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter âcâ to cancel):1,2,4
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/zerotier.condarelli.it.conf)
It contains these names: zerotier.condarelli.it
You requested these names for the new certificate: home.condarelli.it,
redmine.condarelli.it, zerotier.condarelli.it.
Do you want to expand and replace this existing certificate with the new
certificate?
(E)xpand/©ancel: E
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for home.condarelli.it
tls-sni-01 challenge for redmine.condarelli.it
tls-sni-01 challenge for zerotier.condarelli.it
Waiting for verificationâŠ
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0000_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem
Created an SSL vhost at /etc/apache2/sites-available/mediawiki-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/mediawiki-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/mediawiki-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/redmine.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/zerotier.conf
Please choose whether HTTPS access is required or optional.
1: Easy - Allow both HTTP and HTTPS access to these sites
2: Secure - Make all requests redirect to secure HTTPS access
Select the appropriate number [1-2] then [enter] (press âcâ to cancel): 2
Redirecting vhost in /etc/apache2/sites-available/mediawiki.conf to ssl vhost in /etc/apache2/sites-available/mediawiki-le-ssl.conf
Redirecting vhost in /etc/apache2/sites-available/backuppc.conf to ssl vhost in /etc/apache2/sites-available/redmine.conf
Error while running apache2ctl graceful.
httpd not running, trying to start
Action âgracefulâ failed.
The Apache error log may have more information.
AH00112: Warning: DocumentRoot [/opt/backuppc/BackupPC] does not exist
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:443
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:443
no listening sockets available, shutting down
AH00015: Unable to open logs
Rolling back to previous server configurationâŠ
Error while running apache2ctl graceful.
httpd not running, trying to start
Action âgracefulâ failed.
The Apache error log may have more information.
AH00112: Warning: DocumentRoot [/opt/backuppc/BackupPC] does not exist
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:443
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:443
no listening sockets available, shutting down
AH00015: Unable to open logs
Encountered exception during recovery
Error while running apache2ctl graceful.
httpd not running, trying to start
Action âgracefulâ failed.
The Apache error log may have more information.
AH00112: Warning: DocumentRoot [/opt/backuppc/BackupPC] does not exist
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:443
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:443
no listening sockets available, shutting down
AH00015: Unable to open logs
Traceback (most recent call last):
File â/usr/lib/python2.7/dist-packages/certbot/error_handler.pyâ, line 99, in _call_registered
self.funcs-1
File â/usr/lib/python2.7/dist-packages/certbot/client.pyâ, line 495, in _rollback_and_restart
self.installer.restart()
File â/usr/lib/python2.7/dist-packages/certbot_apache/configurator.pyâ, line 1658, in restart
self._reload()
File â/usr/lib/python2.7/dist-packages/certbot_apache/configurator.pyâ, line 1669, in _reload
raise errors.MisconfigurationError(str(err))
MisconfigurationError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action âgracefulâ failed.
The Apache error log may have more information.
AH00112: Warning: DocumentRoot [/opt/backuppc/BackupPC] does not exist
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:443
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:443
no listening sockets available, shutting down
AH00015: Unable to open logs
Error while running apache2ctl graceful.
httpd not running, trying to start
Action âgracefulâ failed.
The Apache error log may have more information.
AH00112: Warning: DocumentRoot [/opt/backuppc/BackupPC] does not exist
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:443
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:443
no listening sockets available, shutting down
AH00015: Unable to open logs
IMPORTANT NOTES:
- An error occurred and we failed to restore your config and restart
your server. Please submit a bug report to
https://github.com/letsencrypt/letsencrypt - Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/zerotier.condarelli.it/fullchain.pem. Your
cert will expire on 2017-08-02. To obtain a new or tweaked version
of this certificate in the future, simply run certbot again with
the âcertonlyâ option. To non-interactively renew all of your
certificates, run âcertbot renewâ
My operating system is (include version):
debian jessie running in chroot under Synology DSM6.0
My web server is (include version):
apache 2.4.10-10+deb8
My hosting provider, if applicable, is:
not applicable
I can login to a root shell on my machine (yes or no, or I donât know):
yes
Iâm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
NOTE: disregard errors concerning missing [/opt/backuppc/BackupPC], they are due to my misconfig (fixed).
The command executed as expected, but certificate installation apparently modified sitexxx.conf files and ports.conf adding the default 443 port, which is wrong because (due to the specifics of this server, I can detail if required) this apache2 should be listening only to ports 47080, 47180 and 77443.
The option ââtls-sni-01-port 47443â correctly redirected challenge response to the right port, but it was not enough for successive apache config modification.
I corrected the error by hand and everything is ok, but I wonder where I goofed; any hint welcome.
I also would like to understand if I need to worry about renewals.
TiA
Mauro