Renew domain keeps failing with 404 errors

rg305 · November 11, 2021, 11:52am

copy and paste.

Not:

I wrote:

daviddeleeuw · November 11, 2021, 11:55am

Looks great:

certbot certonly --dry-run --webroot -w /var/www/www-root/data/www/dukium.org -d "dukium.org,www.dukium.org"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None

You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/dukium.org.conf)

It contains these names: dukium.org

You requested these names for the new certificate: dukium.org, www.dukium.org.

Do you want to expand and replace this existing certificate with the new
certificate?

(E)xpand/(C)ancel: (E)xpand/(C)ancel: E
Renewing an existing certificate

IMPORTANT NOTES:

The dry run was successful.

rg305 · November 11, 2021, 12:09pm

Now do that again but without --dry-run

daviddeleeuw · November 11, 2021, 12:49pm

Works. But need a little help with the vhost file

<VirtualHost *:443>
ServerName dukium.org
DocumentRoot /var/www/www-root/data/www/dukium.org
ServerAdmin office@dukium.org
AddDefaultCharset UTF-8
SSLEngine on

SSLCertificateFile "/var/www/httpd-cert/www-root/dukium.org_le2.crt"

SSLCertificateKeyFile "/var/www/httpd-cert/www-root/dukium.org_le2.key"

    SSLCertificateFile "/etc/letsencrypt/live/dukium.org/fullchain.pem"
    SSLCertificateChainFile "/etc/letsencrypt/live/dukium.org/fullchain.pem"
    SSLHonorCipherOrder on
    SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
    SSLCipherSuite EECDH:+AES256:-3DES:RSA+AES:RSA+3DES:!NULL:!RC4:!RSA+3DES
    <IfModule headers_module>
            Header always set Strict-Transport-Security "max-age=31536000; preload"
    </IfModule>
    AssignUserID www-root www-root
    CustomLog /var/www/httpd-logs/dukium.org.access.log combined
    ErrorLog /var/www/httpd-logs/dukium.org.error.log
    <FilesMatch "\.ph(p[3-5]?|tml)$">
            SetHandler application/x-httpd-php
    </FilesMatch>
    <FilesMatch "\.phps$">
            SetHandler application/x-httpd-php-source
    </FilesMatch>
    <IfModule php5_module>
            php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f dukium@shoof.co.il"
            php_admin_value upload_tmp_dir "/var/www/www-root/data/mod-tmp"
            php_admin_value session.save_path "/var/www/www-root/data/mod-tmp"
            php_admin_value open_basedir "/var/www/www-root/data:."
    </IfModule>
    <IfModule php7_module>
            php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f dukium@shoof.co.il"
            php_admin_value upload_tmp_dir "/var/www/www-root/data/mod-tmp"
            php_admin_value session.save_path "/var/www/www-root/data/mod-tmp"
            php_admin_value open_basedir "/var/www/www-root/data:."
    </IfModule>
    ServerAlias www.dukium.org
    DirectoryIndex index.php index.html

Gives:
[Thu Nov 11 13:44:51.748651 2021] [ssl:emerg] [pid 2492] AH02564: Failed to configure encrypted (?) private key dukium.org:443:0, check /etc/letsencrypt/live/dukium.org/fullchain.pem
[Thu Nov 11 13:45:03.604035 2021] [ssl:error] [pid 2596] AH02579: Init: Private key not found
[Thu Nov 11 13:45:03.615733 2021] [ssl:error] [pid 2596] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Thu Nov 11 13:45:03.615777 2021] [ssl:error] [pid 2596] SSL Library Error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Thu Nov 11 13:45:03.615793 2021] [ssl:error] [pid 2596] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Thu Nov 11 13:45:03.615807 2021] [ssl:error] [pid 2596] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA)
[Thu Nov 11 13:45:03.615829 2021] [ssl:error] [pid 2596] SSL Library Error: error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Thu Nov 11 13:45:03.615841 2021] [ssl:error] [pid 2596] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Thu Nov 11 13:45:03.615854 2021] [ssl:error] [pid 2596] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
[Thu Nov 11 13:45:03.615917 2021] [ssl:emerg] [pid 2596] AH02564: Failed to configure encrypted (?) private key dukium.org:443:0, check /etc/letsencrypt/live/dukium.org/fullchain.pem

Probably something minor.
Thanks
David

daviddeleeuw · November 11, 2021, 12:53pm

Also tried privkey.pem in the SSLCertificateFile

daviddeleeuw · November 11, 2021, 1:13pm

All works !!!
Used this Certbot - how to manually install certs? - #5 by kenw232

rg305 You made my day !!! (and night: )
Thanks

David

system · December 11, 2021, 1:13pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.