Renewing expired cert

My cert expired Jun 6 and I had to upgrade my OS before I could update the certbot rpm. I followed instructions here about certbot >=28 and removing any reference to tls-sni-01, but still getting the same error message on renewal. Perhaps I have to do something different if it has expired?
I have been renewing the cert for years and haven’t changed anything. I don’t have a VirtualHost listening on port 80.

apachectl -t -D DUMP_VHOSTS

VirtualHost configuration:
*:443 (/etc/httpd/conf.d/ssl.conf:56)
Perhaps the apache function is broken and I need alternative? “–webroot” didn’t work either.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:certbot renew

It produceSaving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for
Cleaning up challenges
Attempting to renew cert ( from /etc/letsencrypt/renewal/ produced an unexpected error: Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80… Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/ (failure)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/ (failure)

1 renew failure(s), 0 parse failure(s)
d this output:

My web server is (include version):Apache 2.4.34

The operating system my web server runs on is (include version):fedoracore27

My hosting provider, if applicable, is:self

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.31.0

Can you add a port 80 virtual host?

It can just be something simple, like a redirect to HTTPS.

Hi @quickening

that's curious. Checking your domain there answers a http server ( ):

Domainname Http-Status redirect Sec. G 200 0.317 H 200 1.716 N
Certificate error: RemoteCertificateChainErrors 404 0.344 A
Not Found
Visible Content: Not Found The requested URL /.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de was not found on this server.

Perhaps you have only a default port 80 vHost, not a host with


Check your standard config files

|-- apache2.conf
|       `--  ports.conf
|-- mods-enabled
|       |-- *.load
|       `-- *.conf
|-- conf-enabled
|       `-- *.conf
|-- sites-enabled
|       `-- *.conf

to see, if apache2.conf has a template you can use.

I have 2 long string files under [webroot]/.well-known/acme-challenge. Both were created in 2016. I don’t have the “check-your-website-dot-server-daten-dot-de”.
I have in conf file “ServerName” . I am pretty sure that means I don’t need a VirtualHost there. I believe a remote query couldn’t tell the difference anyway.

ServerName is normally something without a port. It's a name.

Change that to


restart your Apache and check it with

apachectl -S

OK, removing the 80 on ServerName had no effect.

I added a VirtualHost stanza for
and now apachectl -S says:
VirtualHost configuration:
*:80 (/etc/httpd/conf/httpd.conf:371)
*:443 (/etc/httpd/conf.d/ssl.conf:56)
ServerRoot: “/etc/httpd”
Main DocumentRoot: “/var/www/html”
certbot renew then ran successfully and I verified the cert works.


Yep, now your vHost configuration looks as expected.

Happy to read that it had worked :+1:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.