For something that is so easy in principal, I keep running into weird problems I can’t explain.
Latest is the inability to renew a certificate because of a strange error pointing to the inability to overwrite /etc/httpd/conf/httpd.conf - a file certbot shouldn’t be touching anyway, since I have separate .conf files for each domain in /etc/httpd/conf.d
Complete error:
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/satellitemediaproduction.com.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for satellitemediaproduction.com
tls-sni-01 challenge for www.satellitemediaproduction.com
Cleaning up challenges
Attempting to renew cert (satellitemediaproduction.com) from /etc/letsencrypt/renewal/satellitemediaproduction.com.conf produced an unexpected error: Attempting to overwrite challenge file - /etc/httpd/conf/httpd.conf. Skipping.
When I manually attempted to run certbot today, I had to “install” it and update python packages, even though the thing has been running once/day through cron (with the same error) - this of course triggered a bunch of bootstrapping dependencies loops before it would run, but it seems settled down now other than generating that error.
I’ve searched looking for this specific error and found a few threads, but they all seem to tail off before actually finding a solution. one suggested separate certs per domain, but I already do that. Admittedly, if I did this right, satellitemediaproduction.com and www.satellitemediaproduction.com should be in the same cert…which is how I created the other certs on this machine.
This problem must be specific to this domain, since another of the domains on the same server, also with domain and www.domain in same cert, renewed properly on Feb. 2nd according to the browser’s certificate information. And a --dry-run succeeds swimmingly.
Suggestions as to what I might have done wrong?